July 4, 2024 at 12:34AM Law enforcement operation MORPHEUS seized nearly 600 servers used by cybercriminal groups and part of the Cobalt Strike attack infrastructure. The crackdown targeted unlicensed versions of Cobalt Strike, involving multiple countries. Exploitation of cracked software contributed to cybercrime, with related arrests and dismantling of other criminal schemes worldwide. Based on … Read more
July 3, 2024 at 03:16AM FakeBat, a widely distributed loader malware, mainly aims to download and execute next-stage payload, using methods like SEO poisoning. Offered as a service on underground forums, it’s designed to bypass security mechanisms. Different activity clusters disseminate FakeBat and it’s being used in various malware campaigns. The malware is sold under … Read more
July 2, 2024 at 09:22AM Critical vulnerabilities in the CocoaPods dependency manager allowed threat actors to take over orphaned packages, execute shell commands, and impact millions of iOS and macOS applications. Orphaned pods were associated with a default owner, and an authentication server bug enabled remote code execution. The vulnerabilities were addressed by CocoaPods in … Read more
July 2, 2024 at 01:41AM A South Korean ERP vendor’s product update server was breached, resulting in the delivery of malware instead of legitimate updates. The attack, potentially linked to the North Korea-associated Andariel group, targeted ERP systems with backdoors named HotCroissant and Riffdoor. This incident, detected by AhnLab, highlights the threat posed by such … Read more
June 28, 2024 at 02:04PM Microsoft’s corporate infrastructure hack by the Russian government continues to have far-reaching impact as it’s revealed that customers’ emails were also stolen by the Midnight Blizzard hackers. The company is notifying affected customers and providing a secure portal for them to review the compromised emails. The hacking group seems to … Read more
June 27, 2024 at 08:43PM TeamViewer detected an irregularity in its corporate IT environment and promptly called in cybersecurity investigators and implemented remediation measures. While TeamViewer downplays the incident, NCC Group suggests an advanced persistent threat (APT) group’s compromise. Health sector warned of ongoing exploitation by APT29. Investigations are ongoing. Potential impact on customer data … Read more
June 26, 2024 at 12:27PM Google has introduced new Chrome Enterprise Core features tailored for IT and security teams, aiming to enhance productivity and security. This development was highlighted in a post on SecurityWeek. Based on the meeting notes, it’s clear that Google has introduced new Chrome Enterprise Core features designed to benefit IT and … Read more
June 25, 2024 at 08:14AM The latest Omdia Vulnerability Report highlights Trend Micro™ Zero Day Initiative’s significant role in cybersecurity, spearheading 60% of 2023 disclosures. This underscores Trend’s comprehensive threat coverage, proactive risk mitigation, and trustworthiness. Leveraging Trend’s expertise can help organizations effectively manage attack surface risk and stay ahead of potential cyber threats. Based … Read more
June 20, 2024 at 05:32PM RansomHub ransomware has a Linux encryptor tailored for VMware ESXi environments. Launched in February 2024, RansomHub has affected over 45 victims across 18 countries. An ESXi variant was detected in April 2024, presenting a bug that defenders can exploit. Additionally, the encryptor has specific commands and a unique encryption scheme. … Read more
June 20, 2024 at 12:01PM A widespread campaign is targeting cryptocurrency users through fake virtual meeting software, Vortax, delivering infostealing malware such as Rhadamanthys, Stealc, and Atomic. The threat actor “Markopolo” is linked to this campaign, posing as a legitimate software company but actually engaging in credential harvesting. This campaign highlights an increased focus on … Read more