May 20, 2024 at 12:10PM The BiBi Wiper malware’s new variants are targeting Israeli and Albanian systems, linked to an Iranian hacking group named ‘Void Manticore.’ Check Point Research uncovered newer variants and operational overlaps involving another Iranian threat group. The malware is designed to complicate data restoration efforts, significantly extending downtime for targeted victims … Read more
May 16, 2024 at 10:15AM The Kimsuky hacking group is behind a new social engineering attack, using fictitious Facebook accounts to target individuals via Messenger and deliver malware. The campaign impersonates a legitimate individual to trick activists in the North Korean human rights and anti-North Korea sectors. This approach aims to avoid detection and may … Read more
May 10, 2024 at 09:08AM A malware-infected USB inserted into a military laptop in Afghanistan in 2008 caused the worst US military breach, leading to the formation of the US Cyber Command. The malware, suspected to be from Russian cyber spies, infected DoD systems and prompted Operation Buckshot Yankee. The Four Horsemen of Cyber discussed … Read more
May 7, 2024 at 04:15AM MITRE disclosed details of a recent hack targeting its NERVE network, including the use of Ivanti zero-day vulnerabilities and attribution to a Chinese cyberespionage group. The attack involved manipulating virtual machines, deploying malicious payloads and preparing for data exfiltration. MITRE shared technical details on the malware and indicators of compromise. … Read more
April 24, 2024 at 02:09PM Cisco issued a warning about professional, nation state-backed hackers exploiting two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks. The campaign, known as ArcaneDoor, aims to exploit software defects in Cisco products, potentially exfiltrate data, and execute commands. Cisco recommended ensuring proper … Read more
April 23, 2024 at 01:00PM The National Police Agency in South Korea issued an urgent warning about North Korean hacking groups targeting defense industry entities in South Korea. Groups Lazarus, Andariel, and Kimsuky breached companies by exploiting vulnerabilities, stealing critical technology information. Special inspection found multiple companies compromised since late 2022, leading to recommendations for … Read more
March 27, 2024 at 04:09AM A new phishing campaign discovered by Trustwave SpiderLabs involves a novel loader malware delivering Agent Tesla via a deceptive bank payment notification email. The malware evades detection and antivirus defenses, retrieves its payload using unique URLs, and exfiltrates data via legitimate email accounts. This tactic poses challenges for detection and … Read more
March 25, 2024 at 02:13PM The Top.gg Discord bot community, with over 170,000 members, has been targeted by a supply-chain attack aiming to deliver malware for data theft and monetization. The attacker used various tactics, including hijacking GitHub accounts and distributing malicious Python packages. This campaign compromised user data from various platforms, highlighting the risks … Read more
March 25, 2024 at 10:18AM Summary: Over 100 US and EU organizations have been targeted in recent phishing campaigns distributing the StrelaStealer malware, which harvests credentials from email clients. Palo Alto Networks reports multiple large-scale campaigns with varying techniques, targeting high-tech, finance, legal, government, and other sectors. The evolving malware aims to evade security detection. … Read more
March 25, 2024 at 08:00AM Python developers, including a maintainer of Top.gg, were targeted by information-stealing malware. Attackers cloned and inserted malicious code into Colorama, a widely-used tool, and spread it through fake mirror domains and compromised repositories. The malware invaded systems, stealing data and executing additional harmful actions, impacting multiple browsers and platforms. Key … Read more