malware

Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations

by

November 15, 2024 at 01:00PM Cybersecurity company Check Point has identified a remote access trojan named WezRat, attributed to Iranian state-sponsored hackers. It enables malicious activities like keylogging and file uploads. Distributed via phishing emails mimicking Israeli authorities, WezRat shows ongoing development, indicating significant investment in cyber espionage targeting various global entities. ### Meeting Takeaways: … Read more

New RustyAttr Malware Targets macOS Through Extended Attribute Abuse

by

November 14, 2024 at 04:57AM A new malware, RustyAttr, has been linked to the North Korean Lazarus Group, utilizing macOS file extended attributes to execute attacks. Disguised as legitimate applications, it uses distractions like error messages and fake PDFs. Protection remains effective on macOS systems, but social engineering may still be needed to bypass safeguards. … Read more

Toolkit Vastly Expands APT41’s Surveillance Powers

by

November 13, 2024 at 05:58PM China’s APT41 threat group has developed a sophisticated Windows-based malware toolkit, “DeepData Framework,” targeting South Asian organizations. The toolkit includes 12 modular plug-ins for data theft, including communications and system information. Analysts emphasize the need for heightened security measures against APT41’s ongoing cyber-espionage campaigns. ### Meeting Takeaways: 1. **APT41 Threat … Read more

China’s Volt Typhoon crew and its botnet surge back with a vengeance

by

November 12, 2024 at 08:01PM China’s Volt Typhoon cyber group has resurfaced, compromising outdated Cisco and Netgear routers to target critical U.S. infrastructure, sparking cyberattacks. Despite previous claims of dismantling the botnet, researchers report increased sophistication, with breaches extending to Singapore Telecommunications. The resurgence highlights rising Chinese cyber espionage threats globally. ### Meeting Takeaways on … Read more

Volt Typhoon rebuilds malware botnet following FBI disruption

by

November 12, 2024 at 10:55AM Volt Typhoon, a Chinese state-sponsored hacking group, is rebuilding its KV-Botnet after earlier disruptions. Targeting outdated Cisco and Netgear routers, they have compromised roughly 30% of exposed devices. Researchers recommend replacing old routers and enhancing security measures to mitigate this persistent threat. ### Meeting Notes Takeaways: 1. **Volt Typhoon Resurgence**: … Read more

North Korean hackers create Flutter apps to bypass macOS security

by

November 12, 2024 at 10:46AM North Korean threat actors are targeting macOS systems with trojanized cryptocurrency-themed apps built using Flutter, which bypassed Apple’s security checks. Discovered by Jamf Threat Labs, these signed and notarized apps connected to DPRK servers and executed scripts. Apple revoked their signatures, but the full extent of the operation is unclear. … Read more

New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia

by

November 12, 2024 at 05:57AM A targeted campaign leveraging SEO poisoning delivers GootLoader malware to users searching for Bengal cat legality in Australia. Victims encounter compromised sites, leading to malware installations via ZIP archives. Recent tactics have shifted towards fake PDF converters instead of legal terms, broadening the potential target audience. ### Meeting Takeaways: Nov … Read more

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

by

November 12, 2024 at 02:06AM Cybersecurity researchers have identified a new ransomware, Ymir, linked to an attack in Colombia after compromised systems by RustyStealer malware. Ymir’s unique features enhance stealth, utilizing advanced memory functions. Despite the rise in ransomware groups, there was a 10% drop in attacks month-over-month, prompting discussions on countermeasures, including insurance policy … Read more

Alleged Snowflake attacker gets busted by Canadians – politely, we assume

by

November 10, 2024 at 10:30PM Alexander “Connor” Moucka, linked to the Snowflake breach affecting 165 customers, was arrested in Canada due to a U.S. extradition request. His co-conspirator, John Binns, is jailed in Turkey. Critical vulnerabilities in various software and cyber threats targeting crypto businesses are also highlighted, emphasizing ongoing security challenges. Here are the … Read more

Malicious PyPI package with 37,000 downloads steals AWS keys

by

November 9, 2024 at 03:12PM A malicious Python package, ‘fabrice,’ has been available on PyPI since 2021, stealing AWS credentials from developers. Downloaded over 37,000 times through typosquatting the legitimate ‘fabric,’ it executes OS-specific scripts for credential theft, exfiltrating them to a VPN server. Users are advised to verify packages and implement IAM for protection. … Read more