October 1, 2024 at 12:09PM The Black Hat conference provides fresh insights into the cybersecurity landscape, observing companies at different stages and the challenge of determining the best cloud security investment. The rapid expansion of cloud technology has introduced new security challenges, leading to a focus on securing infrastructure and implementing robust runtime security measures … Read more
September 10, 2024 at 06:41AM The NoName ransomware gang, also known as CosmicBeetle, has targeted small and medium-sized businesses for over three years, using the Spacecolon malware family and recently deploying the ScRansom ransomware. NoName has advanced to becoming a RansomHub affiliate, using various tools, exploiting vulnerabilities, and experimenting with different ransomware to increase its … Read more
August 27, 2024 at 12:33PM Chinese instant messaging app users are targeted by HZ RAT, a backdoor malware on Apple macOS replicating Windows version. Distributed via RTF documents and software installers, it connects to C2 server for instructions, likely for credential harvesting and reconnaissance. Recent sample impersonates OpenVPN, collecting user data, with most C2 servers … Read more
August 20, 2024 at 05:06AM State-level Iranian APT TA453 (aka APT42) recently executed a phishing attack by disguising as the research director of ISW and engaging with an Israeli rabbi. They delivered a new monolithic PowerShell Trojan, “AnvilEcho,” bundling their previous espionage tools into a single script. This change aims to reduce malware download size … Read more
August 16, 2024 at 11:08AM Cloudflare’s 2024 Global Security Brief webinar on August 20th at 12pm ET/9am PT will cover advanced DDoS tactics, API and network threats, AI-enhanced phishing, and Zero Trust architecture. Join to gain actionable knowledge and practical strategies for combating evolving cyber threats. Register for the webinar for the latest insights and … Read more
August 13, 2024 at 04:07PM LockBit 3.0 remains the most prominent ransomware gang in 2024, with 325 victims identified in the first half, followed by Play, 8base, Akira, BlackBasta, and Medusa. The report also highlights notable law enforcement takedowns of ransomware groups, leading to disruptions in the criminal ecosystem. It mentions the emergence of new … Read more
July 29, 2024 at 10:06AM Black Hat USA 2024 offers valuable insights for cybersecurity professionals. Despite the AI trend, vulnerability remediation remains a key focus. Sessions cover Amazon Web Services vulnerabilities, Microsoft’s use of large language models, CI/CD runner security risks, Google Cloud Platform vulnerabilities, and more. Emphasizes the need for proactive security culture and … Read more
June 20, 2024 at 07:15AM Cyber espionage linked to China has targeted telecom operators in an unnamed Asian country since at least 2021, using backdoors and attempting to steal credentials. The attacks also targeted a services company and a university in another Asian country. The campaign appears to involve tools used by various Chinese espionage … Read more
May 30, 2024 at 12:09PM Summary: A new cyber espionage threat actor called LilacSquid has been conducting targeted attacks in the US, Europe, and Asia since 2021, aiming to steal data from various sectors. The actor deploys a mix of open-source tools and custom malware, including a distinctive variant of Quasar RAT codenamed PurpleInk. This … Read more
March 25, 2024 at 08:00AM Python developers, including a maintainer of Top.gg, were targeted by information-stealing malware. Attackers cloned and inserted malicious code into Colorama, a widely-used tool, and spread it through fake mirror domains and compromised repositories. The malware invaded systems, stealing data and executing additional harmful actions, impacting multiple browsers and platforms. Key … Read more