BlackBasta Ransomware Brand Picks Up Where Conti Left Off

November 25, 2024 at 05:09PM Recent analysis shows that Russian-language ransomware groups are coordinating closely, sharing tactics and malware. BlackBasta has emerged as a key player, adapting to law enforcement crackdowns. Cybersecurity experts warn of potential cooperation between BlackBasta and the Russian state, emphasizing the need for enhanced defenses against evolving social engineering attacks. ### … Read more

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

November 22, 2024 at 12:17PM A China-linked group, TAG-112, compromised Tibetan media and university websites, delivering the Cobalt Strike toolkit via malicious JavaScript. Visitors were tricked into downloading disguised malware, highlighting ongoing cyber-espionage targeting Tibet. Although linked to a more advanced group (TAG-102), TAG-112 exhibits less sophistication in its attacks. ### Meeting Takeaways – Nov … Read more

Chinese APT Gelsemium Deploys ‘Wolfsbane’ Linux Variant

November 21, 2024 at 03:32PM Recent modifications to Chinese backdoors, particularly Gelsemium’s new tools Wolfsbane and Firewood, target Linux systems, marking a significant shift in malware development. As organizations increasingly adopt Linux, experts highlight a surge in Linux-based cyber threats, with 54% of endpoint attacks affecting Linux in 2023. ### Meeting Takeaways 1. **Emergence of … Read more

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

November 21, 2024 at 11:57AM China-aligned APT actor Gelsemium is using a new Linux backdoor, WolfsBane, targeting East and Southeast Asia for cyber espionage. Recent findings by ESET reveal WolfsBane and another implant, FireWood, aiming to gather sensitive data. This marks a shift towards Linux malware amidst enhanced security measures in the APT ecosystem. ### … Read more

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

November 21, 2024 at 01:48AM Threat hunters report an updated Python NodeStealer targeting Facebook Ads Manager and web browser credit card data. Developed by Vietnamese actors, it uses advanced techniques for data exfiltration, including avoiding detection in Vietnam. Recent phishing campaigns deploy I2Parcae RAT via ClickFix techniques, endangering users’ security and financial stability. ### Meeting … Read more

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

November 19, 2024 at 09:42AM The Ngioweb malware powers the NSOCKS residential proxy service, with 80% of its bots originating from the Ngioweb botnet. This operation, involving over 20,000 IoT devices, allows users to proxy malicious traffic globally, facilitating attacks while obscuring identities. The underground proxy market is expected to grow significantly. ### Meeting Takeaways: … Read more

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

November 18, 2024 at 12:57PM Researchers have identified a new malware loader called BabbleLoader, designed to evade detection and deliver information stealers like WhiteSnake and Meduza. It employs various evasion techniques, including runtime resolution and unique code for each sample, complicating analysis. This loader highlights the growing complexity of malware delivery methods. **Meeting Takeaways – … Read more

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 – Nov 17)

November 18, 2024 at 07:03AM Cybercriminals are increasingly exploiting vulnerabilities and human trust, affecting everyone and every organization. Recent threats include a zero-day flaw in Palo Alto firewall, hijacked domains, and phishing job offers targeting LinkedIn users. To defend against attacks, regular system updates and cybersecurity awareness are essential. ### Meeting Takeaways – Cybersecurity / … Read more

Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices

November 18, 2024 at 04:27AM Water Barghest, estimated to control over 20,000 IoT devices by October 2024, exploits vulnerabilities to monetize them as proxies on a marketplace. Utilizing automated scripts and the Ngioweb malware, the process from infection to marketplace availability can be completed in under 10 minutes, highlighting its operational efficiency. **Meeting Notes Takeaways: … Read more

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

November 16, 2024 at 02:24AM A threat actor named BrazenBamboo has exploited a zero-day vulnerability in Fortinet’s FortiClient for Windows to extract VPN credentials using a tool called DEEPDATA. Discovered by Volexity, this malware, used in cyber espionage, is part of a broader framework encompassing various communication platforms and data exfiltration capabilities. ### Meeting Takeaways … Read more