Identity services provider Okta on Friday disclosed a new security incident that allowed unidentified threat actors to leverage stolen credentials to access its support case management system. “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” David Bradbury, Okta’s chief security officer, said. “It should […]
A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations. The vulnerability in question is CVE-2023-38831 (CVSS score: 7.8), which allows attackers to execute arbitrary code when a user attempts to view a benign file […]
Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to effectively bypass common defense strategies. Cyble, a renowned cyber threat intelligence company recognized for its research and findings, recently released its Q3 […]
A Gaza-based threat actor has been linked to a series of cyber attacks aimed at Israeli private-sector energy, defense, and telecommunications organizations. Microsoft, which revealed details of the activity in its fourth annual Digital Defense Report, is tracking the campaign under the name Storm-1133. “We assess this group works to further the interests of Hamas, […]
Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of Ransom Knight (aka Cyclops) ransomware and Remcos RAT. This indicates that “the law enforcement operation may not have impacted Qakbot operators’ spam delivery infrastructure […]
Cybersecurity experts have discovered yet another malware-as-a-service (MaaS) threat called BunnyLoader that’s being advertised for sale on the cybercrime underground. “BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser credentials and system information, and much more,” Zscaler ThreatLabz researchers Niraj Shivtarkar and Satyam Singh said in an analysis published last […]
A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunic koation providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time (JIT) compiler for the Lua programming language known as LuaJIT as a vehicle to deploy a novel implant […]
Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called FreeWorld. Cybersecurity firm Securonix, which has dubbed the campaign DB#JAMMER, said it stands out for the way the toolset and infrastructure is employed. “Some of these tools include enumeration software, RAT payloads, exploitation and credential […]
A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. “These RATs are designed to allow an attacker to remotely perform real-time actions and control the victim device’s camera, location, and microphone,” Cybersecurity firm Cyfirma said in a report published last week. CypherRAT and CraxsRAT are said […]
An unidentified threat actor has deployed the Yashma ransomware variant since June 4, 2023, actively targeting English-speaking countries like:- Bulgaria China Vietnam While this new variant of Yashma ransomware has reemerged after being fixed last year since the release of a decryptor. This operation was recently identified by the cybersecurity researchers at Cisco Talos, who […]
The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that’s used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that started off as a banking trojan in […]
A new study conducted by Uptycs has uncovered a stark increase in the distribution of information stealing (a.k.a. infostealer or stealer) malware. Incidents have more than doubled in Q1 2023, indicating an alarming trend that threatens global organizations. According to the new Uptycs’ whitepaper, Stealers are Organization Killers, a variety of new info stealers have […]
As the number of people using macOS keeps going up, so does the desire of hackers to take advantage of flaws in Apple’s operating system. What Are the Rising Threats to macOS? There is a common misconception among macOS fans that Apple devices are immune to hacking and malware infection. However, users have been facing […]
Cybersecurity deals with emerging dangers and includes protecting and preventing means against hacker attacks. New technologies are booming, and our gadgets become more advanced. Both artificial intelligence and machine learning are proliferating. But, new technologies bring new problems. Cybercriminals are also trying to keep up with the time. Thus, risks to cyber-security are directly related […]
RomCom is a RAT – that enables remote access/control over devices to exfiltrate sensitive information for financial gain, now being used in geo politically-motivated attacks against Ukraine’s military institutions. According to the Blackberry threat intelligence team, the threat actor targets NATO Submit guests through RTF Exploitation. Threat actors took advantage of this event and sent […]
A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages. The malware “possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for carrying out […]
If you’re a cybersecurity professional, you’re likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP, to CWPP, to CIEM and all of the myriad others, there seems to be a new initialism born each day. In this article, we’ll look at another trending acronym – CTEM, which stands for Continuous […]
Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal. Russian cybersecurity firm Kaspersky, which has been keeping tabs on the group’s activities since mid-2020, characterized the adversary as both capable and stealthy. The targeting scope of the campaign is focused on […]
The ‘RA Group’ is a recently emerged ransomware organization that is actively attacking the following companies in the United States and South Korea:- Pharmaceutical companies Insurance companies Wealth management companies Manufacturing companies Cybersecurity researchers at Cisco Talos observed them employing the common ‘double-extortion’ technique by establishing a data leak website on the dark web to […]
A hacking group dubbed OilAlpha with suspected ties to Yemen’s Houthi movement has been linked to a cyber espionage campaign targeting development, humanitarian, media, and non-governmental organizations in the Arabian peninsula. “OilAlpha used encrypted chat messengers like WhatsApp to launch social engineering attacks against its targets,” cybersecurity company Recorded Future said in a technical report […]
How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers