Browsing tag
A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. “DotRunpeX is a new injector written in .NET using the Process Hollowing technique and used to infect systems with a variety […]
An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. “FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data […]
In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly […]
Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC). […]
Microsoft’s Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to […]
A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022. The ongoing campaign entails injecting malicious JavaScript code to the hacked websites, often connecting to the target web server using legitimate FTP credentials the threat actor previously obtained via an […]
The Dark Pink advanced persistent threat (APT) actor has been linked to a fresh set of attacks targeting government and military entities in Southeast Asian countries with a malware called KamiKakaBot. Dark Pink, also called Saaiwc, was extensively profiled by Group-IB earlier this year, describing its use of custom tools such as TelePowerBot and KamiKakaBot […]
Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that’s designed to fly under the radar and drop additional payloads onto a compromised host. “It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM (anti-sandbox) techniques as they could find,” Minerva Labs researcher Natalie […]
Threat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control (C2) framework for carrying out post-exploitation activities. The findings come from AhnLab Security Emergency response Center (ASEC), which discovered that security vulnerabilities in Sunlogin, a remote desktop program developed in China, are being abused to deploy a wide range of payloads. […]
A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022. According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages […]
An SMS-based phishing campaign is targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application. The Microsoft 365 Defender Research Team said that the messages contain links that redirect users to a sketchy website that triggers the download of the fake banking rewards app for ICICI Bank. “The malware’s RAT capabilities […]
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran’s Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion […]
An unidentified threat actor has been linked to an actively in-development malware toolkit called the “Eternity Project” that lets professional and amateur cybercriminals buy stealers, clippers, worms, miners, ransomware, and a distributed denial-of-service (DDoS) bot. What makes this malware-as-a-service (MaaS) stand out is that besides using a Telegram channel to communicate updates about the latest […]
ASUSTOR network-attached storage (NAS) devices have become the latest victim of Deadbolt ransomware, less than a month after similar attacks singled out QNAP NAS appliances. In response to the infections, the company has released firmware updates (ADM 4.0.4.RQO2) to “fix related security issues.” The company is also urging users to take the following actions to […]
T-Mobile is the only telecom giant to suffer at least three known data breaches in 2021. Another day, another data breach at T-Mobile – This time, the Bellevue, Washington-based telecom giant has acknowledged suffering a cyberattack in which the personal information of “a very small number of customers” was accessed by unknown attackers. What happened? […]
On the morning of Monday 3rd, Jan 2022, hackers managed to deface the official website of Jerusalem Post and compromise Maariv’s Twitter account. Two years ago, Qasem Soleimani, a top Iranian general was killed in a US drone strike in Iraq, Baghdad. Soleimani was the head of the Quds Force, which is Iran’s Revolutionary Guards’ […]
Walk-through metal detectors manufactured by well-known U.S.-based firm Garett are vulnerable to remote attacks, according to Cisco Talos. Researchers at Cisco Talos discovered as many as nine vulnerabilities in walk-through metal detectors manufactured by well-known U.S.-based firm Garett. According to researchers, if these flaws are exploited, the attacker can take the detectors offline, monitor, read, and modify […]
According to Grim Finance, it was an “advanced attack” in which hackers exploited a flaw in the vault contract. Grim Finance, a DeFi protocol, and Smart Yield Optimizer Platform has announced that the platform was hacked Saturday 18th in an “advanced attack” that allowed hackers to steal over $30 million worth of Fantom Tokens. In […]
Avast Threat Intelligence Team stated that it tried to notify the agency about the intrusion but didn’t receive any favorable response, which is why it decided to disclose its findings. Czech security firm Avast reported that a backdoor was identified in a US federal agency’s network, the United States Commission on International Religious Freedom (USCIRF). […]
The backdoors were detected during penetration testing by RedTeam Pentesting GmbH. On December 20th, it was reported that a backdoor was found in the network of a US Federal Agency. Now, RedTeam Pentesting researchers have identified multiple backdoors in a commonly used VoIP (voice over Internet protocol) appliance made by the German telecom hardware manufacturer […]
Kronos has taken down its private cloud services and advises customers to use “alternative business continuity protocols” while the company is working on mitigating the attack. Kronos Private Cloud is an HR management firm, also known as Ultimate Kronos Group, offering timekeeping services to many high-profile firms globally. Reportedly, the company is the latest victim […]