U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware. “The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit,” the authorities […]
In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly […]
Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors since November 2022. “The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure […]
Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried out by a never-before-seen threat actor dubbed Hydrochasma. The activity, which has been ongoing since October 2022, “relies exclusively on publicly available and living-off-the-land tools,” Symantec, by Broadcom Software, said in a report shared with The Hacker News. […]
Unknown malware presents a significant cybersecurity threat and can cause serious damage to organizations and individuals alike. When left undetected, malicious code can gain access to confidential information, corrupt data, and allow attackers to gain control of systems. Find out how to avoid these circumstances and detect unknown malicious behavior efficiently. Challenges of new threats’ […]
Telecommunication service providers in the Middle East are being targeted by a previously undocumented threat actor as part of a suspected intelligence gathering mission. Cybersecurity firms SentinelOne and QGroup are tracking the activity cluster under the former’s work-in-progress moniker WIP26. “WIP26 relies heavily on public cloud infrastructure in an attempt to evade detection by making […]
A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas. Cisco Talos said it “observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389.” The […]
At least 1,200 Redis database servers worldwide have been corralled into a botnet using an “elusive and severe threat” dubbed HeadCrab since early September 2021. “This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers,” Aqua security researcher Asaf […]
A new analysis of Raspberry Robin’s attack infrastructure has revealed that it’s possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is a malware that has increasingly come under the radar […]
As we are nearing the end of 2022, looking at the most concerning threats of this turbulent year in terms of testing numbers offers a threat-based perspective on what triggers cybersecurity teams to check how vulnerable they are to specific threats. These are the threats that were most tested to validate resilience with the Cymulate […]
The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center (MSTIC) is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or developing activity clusters. Zerobot, first documented by Fortinet FortiGuard Labs earlier this month, […]
This week, an announcement was made by TPG Telecom in Australia stating that an unidentified threat actor had acquired unauthorized access to a server that hosts the email accounts of 15,000 subscribers. After Singtel-owned Optus, Medibank, and a second Singtel subsidiary were hacked, this event is one of the numerous recent high-profile hacks that have […]
The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. “While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal,” the agency’s Health Sector Cybersecurity Coordination […]
Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that’s designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to […]
According to the most recent research, three recently found security flaws in Zoom can grant an attacker access to root or SYSTEM users and the ability to execute malicious program. Local privilege escalation concerns have been identified as the two high severity vulnerabilities, CVE-2022-28768 and CVE-2022-36924, which might eventually result in seizing control of the […]
Microsoft’s Dynamics 365 Customer Voice is a software that is primarily used to collect customer feedback.It may be utilized to gather data into actionable insights, track consumer feedback, and conduct polls of client satisfaction. To communicate with victims, hackers are exploiting the Static Expressway. In a nutshell, it’s a method for evading security scanners that […]
With the use of the Splunk software, real-time data can be collected, indexed, and corroborated in a searchable repository from which graphs, reports, alarms, dashboards, and visualizations may be produced. Machine data is used by Splunk to find patterns in data, provide metrics, identify issues, and provide information for business operations. On November 2, Splunk […]
Jira Align is a software-as-a-service (SaaS) platform that enables businesses to grow their cloud installations of the wildly popular bug tracking and project management tool Atlassian Jira. A high severity (CVSS 8.8) authorization controls issue was discovered by a Bishop Fox security researcher. It enables users with the ‘people’ permission to raise their privilege, or […]
On Tuesday, Australian private insurer Medibank stated that a recent disclosed cyberattack affects more customers’ data than first believed. Days after hackers vowed to target celebrities, the announcement was made. The cyberattack, which was discovered on October 12, was thought to be a precursor to a ransomware incident, but it was stopped before ransomware could […]
By deploying a new Trojan named LOWZERO, integrated into an espionage campaign aimed against Tibetan organizations, the Chinese APT known as TA413 is exploiting a variety of flaws in Microsoft Office and Sophos Firewall. The majority of the targets were businesses connected to the exiled Tibetan administration as well as organizations connected to the Tibetan […]
Cybersecurity today matters so much because of everyone’s dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT ‘network’ – all the apps and connected devices from laptops and desktops to servers and smartphones. While traditionally, […]