July 18, 2024 at 02:06AM MuddyWater, an Iranian cyber-espionage group, has shifted from using legitimate remote management software to deploying a custom backdoor implant known as BugSleep. This shift was prompted by the ineffectiveness of their previous approach. The group’s tactics involve phishing, deploying malicious PDFs, and targeting various government and critical industries in the … Read more
May 17, 2024 at 07:48AM Cybercriminals using the Black Basta ransomware have abused the Quick Assist remote management tool in vishing attacks. Active since 2022, Black Basta has targeted over 500 organizations worldwide, inflicting over $100 million in ransom payments. Microsoft warns of these attacks on critical infrastructure and is incorporating alerts to combat tech … Read more
April 16, 2024 at 10:15AM Open source groups are cautioning about recent attacks targeting project maintainers, similar to the attempted backdoor incident in a core Linux library. The OpenJS Foundation and OpenSSF are observing suspicious emails aiming to manipulate project maintainers and have shared tactics to identify potential threats. They emphasize the need to support … Read more
March 15, 2024 at 05:14PM The new GhostRace exploit, similar to Spectre, allows attackers to access sensitive information from system memory and perform malicious actions. Based on the meeting notes, it seems that the discussion was about the new GhostRace exploit, which, similar to Spectre, poses a threat by allowing attackers to access sensitive information … Read more
February 22, 2024 at 10:51AM The open-source pentesting tool SSH-Snake has been used to steal SSH credentials from approximately 100 organizations, leading to worm-like attacks on networks. Developed by Joshua Rogers, the tool maps network dependencies and enables hackers to compromise systems. Despite being used for malicious purposes, its fileless and self-replicating nature makes it … Read more