Critical Citrix Bug Exploited as a Zero-Day, ‘Patching Is Not Enough’

October 18, 2023 at 02:52PM There is an active attack targeting a critical security vulnerability in Citrix NetScaler that was patched last week. The vulnerability allows cyber attackers to hijack authenticated sessions, potentially bypassing multifactor authentication. While the patch helps mitigate the issue, organizations are advised to terminate all active sessions to fully remediate the … Read more

TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments

October 18, 2023 at 05:33AM The Asia-Pacific region is experiencing a cyber espionage campaign called TetrisPhantom, in which government entities are the primary targets. The attackers exploit secure USB drives with hardware encryption to gather sensitive data. The campaign is sophisticated and likely the work of a nation-state group. In addition, a new APT actor … Read more

‘RomCom’ Cyber Campaign Targets Women Political Leaders

October 16, 2023 at 02:44PM The Women Political Leaders Summit 2023 conference attendees were targeted by a cyber espionage campaign through a spoofed event website loaded with a malware called ROMCOM 4.0. The campaign focused on individuals promoting gender equality in the European Union. The cybercriminal group behind the attack, Void Rabisu, has evolved from … Read more

Women Political Leaders Summit targeted in RomCom malware phishing

October 15, 2023 at 01:53PM A lightweight variant of the RomCom backdoor was used to target participants of the Women Political Leaders Summit in Brussels. The attackers created a fake website to lure attendees, and the new variant of RomCom employs a stealthier backdoor with a TLS-enforcement technique to make detection more difficult. This attack … Read more

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant

October 13, 2023 at 03:59AM Void Rabisu, a threat actor associated with financially motivated ransomware attacks, has shifted its focus to targeted campaigns on Ukraine and countries supporting Ukraine. They have developed a new variant called ROMCOM, which they used in campaigns targeting EU military personnel and political leaders working on gender equality initiatives. The … Read more

Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks

October 10, 2023 at 07:54PM Researchers at Microsoft have identified a known nation-state threat actor, referred to as Storm-0062, as responsible for the recent zero-day exploits targeting Atlassian’s Confluence Data Center and Server products. The malicious activity had been ongoing since September 14, before Atlassian publicly disclosed the issue. Microsoft has provided IP addresses related … Read more