Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads

December 3, 2024 at 12:51AM A new malware campaign named Horns&Hooves targets users and businesses in Russia, infecting over 1,000 victims since March 2023. It delivers NetSupport RAT and BurnsRAT, utilizing deceptive email attachments to install additional malware. The threat is linked to group TA569, known for facilitating ransomware attacks and data theft. ### Meeting … Read more

SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan

December 2, 2024 at 11:09PM Taiwanese manufacturing, healthcare, and IT sectors are targeted by a campaign using SmokeLoader malware, which has advanced evasion techniques and modular capabilities. It primarily serves as a downloader but can execute attacks independently. The campaign starts with a phishing email exploiting old vulnerabilities to deploy SmokeLoader via Ande Loader. **Meeting … Read more

‘Bootkitty’ First Bootloader to Take Aim at Linux

December 2, 2024 at 05:34PM Researchers have discovered “Bootkitty,” a proof-of-concept UEFI bootkit for Linux, developed by Korean students for cybersecurity training. Although still unfinished, it exploits vulnerabilities allowing it to bypass Secure Boot. This notable malware indicates a shift in bootkit attacks targeting Linux systems, previously dominated by Windows-focused malware. ### Meeting Takeaways: 1. … Read more

THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 – Dec 1)

December 2, 2024 at 07:09AM Hackers launch approximately 2,200 attacks daily, with evolving threats like AI-generated phishing emails and adaptive malware. T-Mobile recently detected attempted intrusions by a group called ‘Salt Typhoon’ using a new tool, GHOSTSPIDER. Key developments include arrests in ransomware operations and new malware targeting various platforms. Stay vigilant in cybersecurity. ### … Read more

Wanted Russian Cybercriminal Linked to Hive and LockBit Ransomware Has Been Arrested

November 30, 2024 at 02:42AM Russian cybercriminal Mikhail Pavlovich Matveev, linked to LockBit and Hive ransomware, has been arrested. He is charged with developing a malware program for encrypting files and demanding ransom. Matveev has been under U.S. indictment since May 2023, facing consequences for his extensive cybercrime activities. ### Meeting Takeaways – Ransomware / … Read more

Russia arrests cybercriminal Wazawaka for ties with ransomware gangs

November 29, 2024 at 12:55PM Russian ransomware affiliate Mikhail Matveev, also known as Wazawaka, was arrested and indicted for his involvement in multiple hacking groups, including LockBit and Babuk. The U.S. has charged him for cyberattacks against American organizations and is offering a $10 million reward for information leading to his conviction. ### Meeting Takeaways … Read more

In Other News: OPPC Breach Impacts 1.7M, US Soldier Suspected in Snowflake Hack, Cloudflare Loses Logs

November 29, 2024 at 07:05AM This week’s cybersecurity news roundup highlights significant developments, including the doubling of a data breach affecting OnePoint Patient Care, Meta’s crackdown on scam operations, malware exploiting Avast’s software, and various vulnerability patches from notable companies. Additional stories cover hacking incidents, Cloudflare’s log loss, and recent data breaches at Keesal, Young … Read more

Russian Script Kiddie Assembles Massive DDoS Botnet

November 27, 2024 at 09:08AM A hacker known as “Matrix” has created a DDoS botnet using publicly available malware tools, targeting IoT devices and enterprise servers. Operating on Telegram, Matrix offers various DDoS attack plans. Researchers emphasize the need for improved security practices to address vulnerabilities being exploited, particularly default credentials and unpatched systems. ### … Read more

Firefox and Windows zero-days exploited by Russian RomCom hackers

November 26, 2024 at 06:28AM The Russian-based RomCom cybercrime group exploited two zero-day vulnerabilities targeting Firefox and Tor Browser users, allowing remote code execution without user interaction. Their attacks, focusing on organizations in Ukraine, Europe, and North America, utilized a malicious website to deploy the RomCom backdoor, indicating sophisticated capabilities and targeted espionage motives. ### … Read more

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

November 26, 2024 at 06:18AM The Russia-aligned group RomCom has exploited two zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows to install their backdoor malware on victim systems without user interaction. The attacks utilize a fake website to redirect users, highlighting RomCom’s advanced capabilities and its history of cybercrime since 2022. ### Meeting Takeaways – … Read more