Germany Sinkholes Botnet of 30,000 BadBox-Infected Devices

December 13, 2024 at 06:26AM Germany’s Federal Office for Information Security reported that over 30,000 media devices sold with pre-installed BadBox malware became part of a botnet. The agency has disrupted communication between infected devices and their command servers, advising users to disconnect and scan devices, while working with internet providers to address the issue. … Read more

Iranian Hackers Use IOCONTROL Malware to Target OT, IoT Devices in US, Israel

December 13, 2024 at 06:03AM A state-sponsored Iranian hacking group, CyberAv3ngers, has employed custom malware, IOCONTROL, to target IoT and operational technology devices in the U.S. and Israel. This malware exploits vulnerabilities in industrial control systems, leading to significant disruptions. The U.S. government offers a $10 million reward for information on the group. ### Meeting … Read more

Russian cyber spies hide behind other hackers to target Ukraine

December 12, 2024 at 11:09AM Russian cyber-espionage group Turla is leveraging other threat actors’ infrastructure, specifically targeting Ukrainian military devices via Starlink. Utilizing malware from the Amadey botnet and other sources, Turla deploys custom malware like Tavdig and KazuarV2 to gather intelligence and perform reconnaissance on compromised systems. Microsoft recently highlighted these activities. ### Key … Read more

Russian Turla hackers hit Starlink-connected devices in Ukraine

December 11, 2024 at 01:56PM Russian cyber-espionage group Turla, also known as “Secret Blizzard,” is targeting Ukrainian military devices via Starlink by leveraging infrastructure from other threat actors, like Storm-0156 and Storm-1837. Their operations involve deploying custom malware, including Tavdig and KazuarV2, to gather intelligence on military activities. ### Meeting Takeaways: Turla Cyber Operations Targeting … Read more

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

December 11, 2024 at 10:36AM A new technique exploits Windows UI Automation to conduct malicious activities undetected by endpoint security. It allows for command execution, data theft, and access to messaging apps. Additionally, recent research highlights vulnerabilities in the DCOM protocol, enabling attackers to remotely write and execute payloads, creating embedded backdoors on target machines. … Read more

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

December 11, 2024 at 09:42AM Cybersecurity researchers have identified an updated version of ZLoader malware, which now uses a DNS tunnel for communication. It features improved resilience against detection, interactive capabilities for attacks, and updates to evade analysis. ZLoader is increasingly linked to Black Basta ransomware, highlighting its role in facilitating cyberattacks. ### Meeting Takeaways … Read more

Sprawling ‘Operation Digital Eye’ Attack Targets European IT Orgs

December 10, 2024 at 06:03AM Chinese hackers nearly infiltrated critical European supply chain companies by disguising attacks within Microsoft tools during a three-week span. This operation, called “Operation Digital Eye,” involved SQL injections and the use of Visual Studio Code for persistent access, complicating attribution and demonstrating a sophisticated approach to cyber-espionage. ### Meeting Takeaways … Read more

CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force

December 10, 2024 at 05:12AM The Ukrainian Computer Emergency Response Team (CERT-UA) warns of phishing attacks targeting defense firms and military forces by the Russia-linked UAC-0185 group. The emails masquerade as official conference invitations, containing malicious links that enable remote system access and credential theft from messaging apps and military systems. ### Meeting Takeaways – … Read more

Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

December 9, 2024 at 07:07AM A botnet named Socks5Systemz operates the malicious proxy service PROXY.AM, enabling cybercriminals to mask their activities. Recent findings reveal its resurgence after losing control of its initial version. Meanwhile, the Gafgyt malware targets misconfigured Docker API servers, emphasizing the risks of cloud misconfigurations and the need for better security practices. … Read more

Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

December 7, 2024 at 06:15AM Two versions of the Python AI library Ultralytics (8.3.41 and 8.3.42) were compromised, delivering a cryptocurrency miner. The affected versions have been removed, and a new one includes a security fix. The attack exploited a GitHub Actions vulnerability, raising concerns about potential future threats like backdoors. **Meeting Takeaways – Dec … Read more