January 30, 2024 at 04:30AM Threat hunters have discovered a new campaign delivering the ZLoader malware, reappearing with significant changes after being dismantled in April 2022. The latest variant includes RSA encryption, updated domain generation algorithm, and is now compiled for 64-bit Windows. Its return poses a potential threat for new ransomware attacks, prompting increased … Read more
January 22, 2024 at 05:12PM A critical VMware vulnerability, CVE-2023-34048, was exploited by a Chinese APT, UNC3886, since late 2021 as a zero-day. The group utilized this to gain remote code-execution capabilities and compromise ESXi hosts. Organizations must ensure patching was effective, as many may still be vulnerable due to various challenges in deploying patches. … Read more
January 19, 2024 at 12:44PM Iran-linked Mint Sandstorm group targets professionals in Middle Eastern affairs with sophisticated social engineering tactics, delivering malware and compromising systems. The group, tied to the Iranian military, uses lures related to Israel-Hamas war for cyber-espionage and is known for its persistent efforts. It impersonates journalists and researchers, employs custom backdoors, … Read more
January 16, 2024 at 10:23AM The FBI and CISA have issued a joint Cybersecurity Advisory (CSA) outlining indicators of compromise (IOCs) and tactics related to Androxgh0st malware. The advisory includes specific recommendations for mitigating cybersecurity incidents caused by Androxgh0st infections. The malware targets websites using Laravel and Apache HTTP Server, and allows threat actors to … Read more
January 16, 2024 at 03:45AM The now-defunct Inferno Drainer created over 16,000 malicious domains, scamming over $87 million from 137,000 victims by spoofing Web3 protocols. Affiliates could use the malware for phishing, draining 30% of stolen assets in some cases. The cybercrime spoofed over 100 cryptocurrency brands with specially crafted pages and was active throughout … Read more
January 3, 2024 at 06:18AM A new exploitation technique called SMTP smuggling allows threat actors to send malicious emails with fake sender addresses, bypassing security measures. The method exploits vulnerabilities in messaging servers from Microsoft, GMX, and Cisco, impacting SMTP implementations from Postfix and Sendmail. Cisco users are advised to change settings to avoid receiving … Read more
December 29, 2023 at 04:36AM North Korean state actors are using spear-phishing attacks to distribute various malware and backdoors to infiltrate compromised systems. An advanced persistent threat group known as Kimsuky is responsible for the malicious activity, with a focus on targeting entities in South Korea and expanding globally. The group has been sanctioned by … Read more
December 28, 2023 at 01:54AM A new malware loader, Win/TrojanDownloader.Rugmi, is being used to distribute various information stealers like Lumma Stealer, Vidar, and RecordBreaker. ESET reports a spike in Rugmi loader detections in late 2023. Stealer malware, like Lumma, is sold as a service, utilizing various distribution methods including leveraging Discord’s content delivery network. McAfee … Read more
December 22, 2023 at 08:48AM Indian government entities and the defense sector are targeted by a phishing campaign dubbed Operation RusticWeb, dropping Rust-based malware for intelligence gathering. The attack involves Rust-based payloads, PowerShell commands, and trojans like AllaKore RAT, Ares RAT, and DRat. The group behind the campaign is linked to Pakistan and uses advanced … Read more
December 20, 2023 at 06:27AM The article discusses the growing threat of website impersonation and brandjacking, highlighting the challenges faced by organizations and the new approach offered by Memcyco’s real-time website spoofing protection solution. Memcyco’s Proof of Source Authenticity (PoSA™) technology, digital watermark, and back-end dashboard tools offer enhanced protection and attack visibility, promising to … Read more