Browsing tag
Researchers linked multiple Cyber-espionage campaigns across Asia to the threat actor group PKPLUG. The group uses its PlugX malware and the number of additional payloads in the campaign. The group primarily targets Southeast Asia regions such as particularly Myanmar, Taiwan, Vietnam, and Indonesia and other parts of Asia such as Tibet, Xinjiang, and Mongolia. Based […]
A new malware campaign with the Adwind RAT variant particularly targets the petroleum industry in the US. Adwind, a.k.a Unrecom, Sockrat, JSocket, and jRat is a cross-platform RAT involved in multiple campaigns and it was also distributed via malware-as-a-service in underground markets. With this campaign threat, actors used a new variant of adware RAT that […]
A financially motivated hacking group called “GOLD SOUTHFIELD” launch a newly developed REvil Ransomware (aka Sodinokibi) which used the GandCrab ransomware code and infected the Windows users around the world. Threat actors are distributing it through various medium including software installers with backdoor capabilities, exploit kits, exploiting RDP servers, and scan-and-exploit techniques. Malware developers behind […]
Hackers using Captcha to hide the presence of malware and to evade email security gateways. By using this technique attackers show that email is sent human and evades detection. Attackers use various social engineering methods to trick the users to believe the emails is from a legitimate source, here the email’s are from a compromised […]
Cybercriminals compromise the New Bedford, Massachusetts city computers with the Ryuk Ransomware and demanding $5.3 million to unlock the compromised computers. July 5, 2019, City of New Bedford’s Management Information Systems (MIS) identified the ransomware that infected several computers. Soon after detection the MIS staff disconnected the City’s computer servers and shut down systems. But the […]
A new threat group dubbed LYCEUM spotted attacking critical infrastructure organizations including oil, gas and possibly telecommunications using several hacking tools. The threat group found to be active at least from April 2018 and they target South African regions, starting from May 2019 the group launches campaigns against oil and gas organizations in the Middle […]
What is malware analysis? This is the process involved in studying and learning how a particular malware works and what it can do. Their code can differ radically from one another, so they can have many functionalities. But the main purpose of these malicious programs is to gain information from an infected device without the […]
Hackers use backdoor and remote access trojan that let attackers gain complete remote control over the compromised computer. The campaign particularly targets the financial departments of the organization in the Balkans region. The campaign is financially motivated, it includes two tools dubbed BalkanDoor and BalkanRAT and distributed through tax themed malicious emails. Active for a […]
Digital extortion continues to pose a threat everywhere. According to the Cyber Advisor newsletter, incidents of ransomware attacks are only going to skyrocket and increase manyfold. The level of threat has only escalated with military-grade hacking techniques used to target entire geographies, large scale corporations, hospitals, schools and just about anyone with an internet connection […]
A new malware dubbed SystemBC delivered by RIG and Fallout exploit kit, sets up a SOCKS5 proxy connection on victims machine to hide the Command and Control center traffic for popular banking malware such as Danabot. In recent years most of the banking trojans are served through exploit kit, among them, RIG and Fallout are […]
Security researchers observed a new campaign targeting financial institutions and governmental organizations with a customized version of a remote access tool called “Proyecto RAT”. The payload found to be written in Visual Basic 6 and it uses Disposable E-mail Address service yopmail for its C&C communication. The yopmail is known for creating temporary inboxes. Infection […]
In earlier years, everyone depends on SOC (includes firewalls, WAF, SIEM,etc.) and the prioritize in building the SOC provides security and the CIA was maintained. However, later the emerge of the attacks and the threat actors becomes more challenge and the existing SOC will not able to provide better security over the CIA. There are […]
An Infamous Cyberespionage group known as “Buhtrap” uses a Windows Zero-day exploit for its new campaign to attack businesses and perform targeted attack governmental institutions. Buhtrap hackers group actively targeting various financial institutions in 2015, since then the group improvising their toolset with new exploits and malware to attack Europe and Asia based countries. Newly observed […]
Breaking into a cybersecurity career is no different than any other career path or profession. In fact, in some ways, we’d even argue that Cybersecurity career starting choice is a sensible move because as long as you can satisfy certain requirements, you’ll be good to go!the worldwide need for cybersecurity professionals is expected to reach […]
Linux VPS servers are nowadays widely using cloud platform that has its own security futures compare to other most of its competitors. Storing data in the cloud such as Virtual Private Server (VPS) is a very important thing nowadays to secure the sensitive files and storing data in cloud refers to storing the files somewhere instead […]
A man from Utah sentenced 27 months in prison for launching massive DDoS attack against Sony and online gaming companies and its servers. Austin Thompson (23) malicious hacker resides in Utah involved denial-of-service hacking attacks against multiple victims between 2013 and 2014. Austin was Pleaded Guilty in Federal court in last year November for DoS attack and […]
USCYBERCOM published an alert that hackers were exploiting the CVE-2017-11774 Microsoft Outlook Security Vulnerability to deliver malware using an HTTPS domain. Microsoft already patched the vulnerability in 2017 and the USCYBERCOM alert refers to the ongoing campaign that exploiting CVE-2017-11774. Users are advised to ensure that they have patched the vulnerability. — USCYBERCOM Malware Alert […]
Domain Name System or DNS is one of the foundational elements of the entire internet; however, unless you specialize in networking, you probably don’t realize how important it is. DNS is essentially like a phone book of numbers that computers use for communication. Specifically, these numbers are IP addresses. This directory is stored on domain […]
OceanLotus APT Group also known as APT32, SeaLotus, and CobaltKitty uses undetected Remote Access trojans Ratsnif to leverage network attack capabilities. The trojan was active since 2016, and it has features like packet sniffing, gateway/device ARP poisoning, DNS poisoning, HTTP injection, and MAC spoofing. The Cylance Threat Research Team detected four distinct samples of Ratsnif […]
Microsoft uncovered a new campaign with a sophisticated infection chain delivering notorious FlawedAmmyy RAT as a final payload. The attack starts with an email that contains .XLS attachments and the contents of the email in the Korean language. Previous campaigns that involve FlawedAmmyy RAT are carried out by TA505 threat actors, upon successful execution of […]
Waterbug APT Hackers used hijacked infrastructure to attack governments and international organizations through various campaigns using new and publically available malware. The group also use living off the land for executing process on the systems. Symantec observed the targeted attack over the past year using unique tools and the campaigns hitting Europe, Latin America, and […]