November 27, 2024 at 10:36AM Security researchers have discovered “Bootkitty,” the first UEFI bootkit targeting Linux, specifically some Ubuntu releases. Although currently a proof of concept, its existence indicates a shift in UEFI threat dynamics, dispelling the notion that such threats are exclusive to Windows, and highlights the need for future preparedness. ### Meeting Takeaways … Read more
November 21, 2024 at 03:09PM ESET researchers have identified two new Linux malware families: ‘WolfsBane,’ a backdoor linked to the Chinese Gelsemium group, and ‘FireWood,’ potentially used by various APT groups. Both target Linux systems, highlighting a trend as attackers seek new vulnerabilities amid enhanced Windows security measures. WolfsBane employs sophisticated evasion techniques. ### Meeting … Read more
October 29, 2024 at 09:07AM The U.S. charged Russian national Maxim Rudometov, a key figure in the RedLine malware operation, which stole credentials and financial data. Part of an international crackdown, authorities disrupted the malware platform and arrested two in Belgium. Rudometov faces multiple charges with potential maximum sentences totaling 35 years in prison. ### … Read more
October 21, 2024 at 09:16AM ESET is investigating a situation where a product distributor in Israel sent emails containing wiper malware. This incident involved the abuse of the distributor’s systems. The details are reported in a post by SecurityWeek. ### Meeting Notes Takeaways: 1. **Investigation Initiated**: ESET has launched an investigation regarding a security incident … Read more
October 18, 2024 at 02:27PM Hackers breached ESET’s Israeli partner, sending phishing emails to businesses that disguised data wipers as antivirus software. The emails, appearing legitimate, originated from the compromised eset.co.il domain. Malicious files included legitimate DLLs and a harmful Setup.exe. The attack aimed to disrupt, reflecting ongoing cybersecurity threats in Israel. **Meeting Takeaways: ESET … Read more
October 18, 2024 at 01:30PM ESET denies reports of a cyberattack that compromised its platforms to target Israeli customers with wiper malware. The company addressed a recent security incident involving a malicious email campaign, which was blocked quickly. ESET asserts its technology is secure, while continuing to investigate the situation with its partner. ### Meeting … Read more
October 18, 2024 at 07:08AM ESET has denied being compromised following allegations of a wiper campaign originating from its infrastructure. An infosec researcher reported an email targeting cybersecurity professionals in Israel, linked to a campaign by the pro-Palestine Handala group, but ESET stated it blocked the threat within ten minutes and is investigating the incident. … Read more
October 8, 2024 at 11:56AM The APT hacking group GoldenJackal breached air-gapped government systems in Europe using custom toolsets to steal sensitive data, including emails, encryption keys, and documents. The attacks occurred at least twice, targeting government and diplomatic entities for espionage. GoldenJackal also developed a new modular toolset to optimize covert operations. Multiple tools … Read more
October 8, 2024 at 06:07AM GoldenJackal, a little-known threat actor, has been linked to cyber attacks on embassies and governmental organizations. They aim to infiltrate air-gapped systems using bespoke toolsets. The attacks targeted a South Asian embassy in Belarus and a European Union government organization. The group has displayed advanced capabilities, using multiple malware families … Read more
October 2, 2024 at 12:15PM CeranaKeeper, a new threat actor, has been conducting data exfiltration attacks in Southeast Asia, targeting countries like Thailand, Myanmar, the Philippines, Japan, and Taiwan. Utilizing backdoors through legitimate cloud and file-sharing services, the group demonstrates a relentless and creative approach, with an extensive custom toolset for massive data siphoning. ESET … Read more