September 11, 2024 at 09:41AM Researchers from the Acronis Threat Research Unit discovered an attack dubbed “WordDrone,” targeting Taiwanese drone makers. The attack involves weaponizing an old version of Microsoft Word to install a persistent backdoor, ClientEndPoint. There are similarities to a previous “TIDrone” campaign, with the attackers possibly exploiting a side-loading flaw in the … Read more
September 10, 2024 at 08:15AM A threat actor linked to China, known as Tidrone, has targeted military-related and satellite industries in Taiwan and focused on drone manufacturers. Using sophisticated malware, backdoors, and legitimate remote control tools, the group aims to disable system protections, steal information, and engage in espionage-related activities. These activities bear similarities to … Read more
September 7, 2024 at 08:44AM Multiple cybersecurity incidents involving water systems in the US, attributed to China, Russia, and Iran, prompt concerns about the vulnerabilities in the water infrastructure. Legacy operational technology (OT) systems, remote cyberattacks, and lack of cybersecurity standards pose significant risks. Attempts to enforce minimum standards have faced legal challenges, leading to … Read more
September 4, 2024 at 06:06PM Microchip Technology Inc. has reported that employee data was stolen in a cyberattack in August. The attack was attributed to the Play ransomware gang. Based on the meeting notes, it appears that Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in a cyberattack in August. … Read more
September 4, 2024 at 01:42AM A new malware campaign is using a spoofed version of Palo Alto Networks’ GlobalProtect VPN software to distribute the WikiLoader malware through an SEO campaign. The malware campaign is a shift from previous tactics and involves malicious activities such as delivering malware via fake GlobalProtect download pages and anti-analysis checks … Read more
August 28, 2024 at 03:02PM The PoorTry Windows driver has evolved into an EDR wiper, deleting crucial security files to hinder restoration efforts. Trend Micro first warned about this in May 2023, with Sophos confirming EDR wiping attacks. The tool, used by ransomware gangs like BlackCat and LockBit, employs various tactics to avoid detection and … Read more
August 28, 2024 at 02:41PM The APT33 Iranian hacking group has deployed new Tickler malware to infiltrate the networks of government, defense, satellite, oil, and gas organizations in the US and the UAE. Based on the meeting notes, it appears that the APT33 Iranian hacking group has employed new Tickler malware to create backdoors in … Read more
August 22, 2024 at 12:18PM A China-nexus threat group, Velvet Ant, exploited a recently patched security flaw in Cisco switches as a zero-day, enabling extensive system control and evasion of detection. This involved weaponizing CVE-2024-20399 to deliver bespoke malware, facilitate data exfiltration, and establish persistent access. The attackers’ sophisticated tactics and use of open-source tools … Read more
August 13, 2024 at 01:46AM A woman in Delhi fell victim to a “digital arrest” scam, where scammers posed as CBI officers and extorted money by threatening her husband’s arrest. After being coerced into paying, she realized it was a scam. Police arrested three men involved and recovered incriminating items. This type of fraud, common … Read more
August 12, 2024 at 09:34AM Tennessee resident Matthew Isaac Knoot has been charged by the US Department of Justice for aiding North Koreans in securing IT jobs at US companies, contributing to the funding of North Korean leader Kim Jong-Un’s nuclear weapons programs. North Korean agents have been infiltrating various US industries, posing as US … Read more