November 5, 2024 at 07:57AM A new Android banking malware, ToxicPanda, has infected over 1,500 devices, primarily in Italy. It conducts fraudulent transactions via account takeover and bypasses identity verification. The malware is believed to be linked to a Chinese threat actor and shares similarities with an earlier malware, TgToxic. It targets users through counterfeit … Read more
November 5, 2024 at 02:48AM Golang ransomware abuses Amazon S3 Transfer Acceleration to exfiltrate victim files to attacker-controlled buckets, leveraging hard-coded AWS credentials. It disguises itself as LockBit ransomware to manipulate victims. AWS confirmed that this activity violates their policy, leading to account suspensions, highlighting the importance of monitoring cloud security. ### Key Takeaways from … Read more
November 4, 2024 at 12:49PM The UK’s NCSC analyzed “Pygmy Goat,” a Linux malware targeting Sophos XG firewalls used in attacks by Chinese threat actors. It employs advanced techniques for maintaining persistence and remote access. The report offers detection strategies and highlights similarities with “Castletap” malware linked to state-sponsored actors. ### Meeting Takeaways 1. **Malware … Read more
November 1, 2024 at 10:45AM The NCSC reported a stealthy backdoor, dubbed ‘Pygmy Goat,’ discovered on compromised Sophos XG firewall devices. This malware is designed to operate on a wider variety of Linux-based devices, raising security concerns regarding its potential impact on broader systems. **Meeting Notes Takeaways:** 1. **Discovery of a Backdoor**: A stealthy network … Read more
October 30, 2024 at 03:44AM Trend Micro researchers identified an attacker exploiting the CVE-2023-22527 vulnerability in Atlassian Confluence to execute remote code for cryptomining via the Titan Network. The attacker performed reconnaissance, installed Titan binaries on compromised machines, and connected them to the Cassini Testnet, aiming for financial gain through delegated proof of stake rewards. … Read more
October 29, 2024 at 10:36AM The FBI and international agencies disrupted cybercriminal activities tied to the RedLine and Meta stealers, seizing servers and source code under Operation Magnus. Developer Maxim Rudometov faces multiple charges. The malware, responsible for massive credential theft, is sold via forums and Telegram, enabling ongoing cybercrime. Investigations continue. ### Meeting Takeaways: … Read more
October 24, 2024 at 02:09AM The “Prometei” botnet, active since 2016, targets outdated software vulnerabilities globally, infecting over 10,000 computers. Its primary goal is cryptojacking, particularly of Monero cryptocurrency, while also enabling further malicious activities. Notably, it avoids Russian targets, reflecting a deliberate safeguarding of Russian-language accounts and systems. ### Meeting Takeaways on Prometei Botnet … Read more
October 23, 2024 at 02:08PM The North Korean Lazarus hacking group exploited a Google Chrome zero-day (CVE-2024-4947) through a fake DeFi game, targeting cryptocurrency users. Discovered by Kaspersky on May 13, 2024, the exploit gained access to sensitive data. Google issued a fix by May 25, 2024, addressing the vulnerability. ### Meeting Takeaways: **Incident Overview:** … Read more
October 23, 2024 at 09:09AM The Prometei botnet targets systems via brute force attacks for cryptocurrency mining and credential theft. Its modular malware exploits various vulnerabilities, including SMB and RDP. The investigation reveals its detailed installation and lateral movement tactics, emphasizing the significance of proactive detection and response through tools like Trend Vision One. ### … Read more
October 22, 2024 at 06:18AM Two malware families, Bumblebee and Latrodectus, have resurfaced in new phishing campaigns following a law enforcement operation called Endgame. Both are malware loaders aimed at stealing personal data. The campaigns utilize malicious email attachments and links to deploy these threats, targeting sectors like finance, automotive, and business. ### Meeting Takeaways … Read more