April 11, 2024 at 12:42PM CISA issued a red-alert notice about a potential supply chain breach at Sisense, a data analytics company. The agency advised Sisense customers to reset credentials and report any suspicious activity. CISA is collaborating with industry partners to address the incident, emphasizing its potential impact on critical infrastructure. Sisense has not … Read more
April 11, 2024 at 09:24AM The US Cyber Command (USCYBERCOM) conducted ‘hunt forward’ operations in over a dozen countries last year, aiming to monitor and deter adversaries. General Timothy D. Haugh, commander of USCYBERCOM, shared this information with the Senate Committee on Armed Services. These missions led to the public release of 90 malware samples … Read more
April 11, 2024 at 06:12AM Earth Hundun, a cyberespionage group, has been refining the Waterbear and Deuterbear malware to infiltrate technology and government sectors in the Asia-Pacific region. The malware, particularly Deuterbear, employs advanced evasion tactics and HTTPS encryption for network traffic protection, posing significant challenges to organizational defenses. Trend Micro continues to enhance monitoring … Read more
April 10, 2024 at 04:18PM CISA has made its Malware Next-Gen system available for public use, allowing organizations to submit potentially malicious files or URLs for automatic analysis. The service, previously accessible only to .gov and .mil organizations, has already identified around 200 suspicious or malicious files and URLs, demonstrating its value in cyber threat … Read more
April 9, 2024 at 11:37AM The RUBYCARP botnet, operated by a Romanian group, is exploiting vulnerabilities and conducting brute force attacks to compromise corporate networks for financial gain. Managed through private IRC channels, the botnet runs over 600 compromised servers, using Perl-based payloads for attacks with low detection rates. It has been active for over … Read more
April 8, 2024 at 02:06AM A new version of the JSOutProx JavaScript remote access Trojan targets organizations in the Middle East and Asia-Pacific, infecting victims with multiple plugins and sophisticated capabilities. The group behind it, Solar Spider, appears to be linked to China. Visa warns financial institutions about the malware’s threat and advises vigilance and … Read more
April 2, 2024 at 01:54AM Summary: Earth Freybug actors are using dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to avoid being monitored by a new malware called UNAPIMON. The malware prevents child processes from being monitored, enabling malicious activity to go undetected. Security measures such as restricting admin privileges and frequent password … Read more
February 27, 2024 at 06:15AM Security Operations Centers (SOC) professionals rely on processing alerts swiftly. Threat intelligence platforms, such as ANY.RUN’s Threat Intelligence Lookup, facilitate SOC investigations by providing access to threat data and enhancing threat analysis. These platforms offer deeper visibility into threats, faster alert investigations, proactive threat hunting, and support informed decision-making. From … Read more
February 22, 2024 at 08:52AM LockBit ransomware developers were working on a new version, LockBit-NG-Dev, likely to become LockBit 4.0, before law enforcement dismantled their infrastructure. Trend Micro’s analysis revealed this new version’s capabilities, including support for multiple operating systems and encryption modes, though lacking some features from previous iterations. The discovery poses a challenge … Read more
February 20, 2024 at 04:37AM Summary: Earth Preta’s APT campaign, employing a customized PlugX malware named DOPLUGS, targeted Asian countries, including Taiwan and Vietnam. Phishing emails embedded with Google Drive links were used as initial access, executing DOPLUGS malware. The DOPLUGS variant was found to integrate the KillSomeOne module for malware distribution and USB infection. … Read more