October 2, 2024 at 05:49PM North Korean APT group “Stonefly” has pivoted to targeting US private companies for financial gain, evading a recent US indictment and $10 million bounty. Previously focused on espionage, the group deployed Backdoor.Preft and Nukebot in August attacks, intending ransomware deployment. Businesses should watch for Stonefly’s indicators of compromise to guard … Read more
September 9, 2024 at 05:30PM Mustang Panda, a China-based cyber espionage group, has been using new strategies and malware to carry out attacks, targeting government and non-government entities mostly in the Asia-Pacific region. The group’s recent activities involve the deployment of new tools such as FDMTP and PTSOCKET to steal information from breached networks. The … Read more
May 27, 2024 at 02:08AM Hackers are using a Python clone of Minesweeper to conceal malicious scripts in attacks on US and European financial organizations, as reported by Ukraine’s CSIRT-NBU and CERT-UA. The attacks involve the installation of SuperOps RMM, granting unauthorized access. The email-based attack disguises the malicious code within the Minesweeper game, bypassing … Read more
April 19, 2024 at 08:04AM Akira ransomware has victimized over 250 organizations globally, collecting $42 million in ransom payments. Initially targeting Windows systems, it has expanded to infect VMware ESXi virtual machines. Through various tactics like targeting VPN services and known vulnerabilities in Cisco products, the operators gain access to victims’ environments. They then deploy … Read more
April 17, 2024 at 10:22AM Multiple botnets are exploiting a command-injection flaw in TP-Link Archer AX21 routers for DDoS attacks. Despite a patch being available for CVE-2023-1389, threat actors are using unpatched devices to deploy botnets like Moobot, Miori, Agoent, Gafgyt, and variants of Mirai. Fortiguard advises applying patches and vigilance against DDoS botnets targeting … Read more
April 17, 2024 at 10:01AM Cisco’s Talos unit warns of mass brute-force attacks targeting VPN services, web application authentication interfaces, and SSH services. The attacks, originating from Tor exit nodes, use generic and valid usernames, affecting various services. Cisco observed a significant increase in these attacks and has added the associated IP addresses to its … Read more
April 16, 2024 at 06:48AM Privileged access management provider Delinea rushed to patch a critical authentication bypass vulnerability in Secret Server SOAP API. Despite attempts at responsible disclosure, the company initially ignored researcher Johnny Yu’s findings. Delinea has since released patches for its platforms and assured customers that their data has not been compromised. No … Read more
March 13, 2024 at 05:26PM The DarkGate malware exploits Windows Defender SmartScreen vulnerability, allowing attackers to automatically install fake software. Microsoft fixed the flaw in mid-February, but DarkGate operators are still using it to infect targeted systems. The attack involves malicious emails with PDF attachments, using open redirects to bypass security checks. Once executed, the … Read more
March 5, 2024 at 03:28PM The ‘WogRAT’ malware targets Windows and Linux, utilizing the ‘aNotepad’ platform to store and retrieve malicious code. Named by AhnLab Security Intelligence Center (ASEC), it has been active since late 2022, targeting Asian countries. The malware employs covert distribution methods to avoid detection, using an online, legitimate service for stealthier … Read more
February 26, 2024 at 05:57PM The hacking group UAC-0184 utilized steganographic images to deploy the Remcos remote access trojan onto a Ukrainian entity in Finland. The group expanded to target organizations outside Ukraine. The attack involves phishing emails, a modular loader, and executing malware disguised in a PNG image. Details are available in the CERT-UA … Read more