July 4, 2024 at 08:33AM Hackers are targeting older versions of Rejetto’s HTTP File Server (HFS) with malware and cryptocurrency mining. They exploit CVE-2024-23692 to execute commands without authentication. Vulnerable versions include up to 2.3m, categorized as “dangerous” by Rejetto. Attackers gather system information, install backdoors, and deploy various malware, including XMRig for cryptocurrency mining. … Read more
June 26, 2024 at 06:57AM Between 2021 and 2023, threat actors with ties to China and North Korea have conducted ransomware attacks targeting government and critical infrastructure sectors worldwide. Cybersecurity firms linked these attacks to groups including ChamelGang and state-sponsored entities. The use of ransomware in cyber espionage operations blurs the lines between cybercrime and … Read more
May 28, 2024 at 02:01PM Microsoft has linked the North Korean hacking group Moonstone Sleet to FakePenny ransomware attacks, causing millions of dollars in ransom demands. Moonstone Sleet has adopted novel attack methods and infrastructure, targeting various industries and employing trojanized software, malicious games, and fake companies. This expansion into ransomware may indicate a shift … Read more
May 14, 2024 at 03:43PM Microsoft released security updates addressing 60 vulnerabilities, including an actively exploited zero-day bug called CVE-2024-30051 with a severity score of 7.8/10. They also warned of CVE-2024-30040 allowing attackers to execute code in Microsoft 365, and CVE-2024-30044 for remote code execution in Microsoft Sharepoint, urging admins to take immediate action. From … Read more
April 15, 2024 at 04:36PM TA558 hacking group’s “SteganoAmor” campaign uses steganography to conceal and deliver various malware tools, targeting hospitality and tourism organizations worldwide. The campaign involves sending malicious emails with document attachments exploiting a Microsoft Office vulnerability. This leads to the download of various malware families, including spyware, info-stealers, RATs, and downloaders. Over … Read more
April 10, 2024 at 06:18AM Microsoft’s April 2024 Patch Tuesday updates fix around 150 vulnerabilities, including two zero-day exploits. The first, CVE-2024-26234, involves a proxy driver spoofing flaw in Windows, reportedly linked to an Android app named LaiXi associated with a backdoor. Microsoft addressed this issue by adding relevant files to its driver revocation list. … Read more
April 9, 2024 at 12:02AM A new cybercrime group, CoralRaider, linked to Vietnam, targets individuals and organizations in Asia to steal social media account information and user data. The group relies on social engineering and legitimate services for data exfiltration but has made mistakes. CoralRaider prioritizes financial gain and does not appear to be working … Read more
April 4, 2024 at 11:30AM Cyber threats like viruses, trojans, ransomware, etc., are becoming increasingly advanced, posing significant risks. Recent high-profile attacks, including StripedFly, Android banking trojans, and the breach at the Dutch Ministry of Defense, underscore the need for robust security measures. Strategies such as anti-virus software, employee training, and automation are crucial in … Read more
April 2, 2024 at 01:51AM TA558, a threat actor targeting the Latin America region, has launched a large-scale phishing campaign to deploy Venom RAT. Primarily focusing on hotel, travel, trading, financial, manufacturing, industrial, and government sectors in multiple countries, it aims to harvest sensitive data and remotely control systems. Additionally, malvertising campaigns delivering malware are … Read more
March 24, 2024 at 02:57AM Kimsuky, a North Korea-linked threat actor, has been observed utilizing Compiled HTML Help (CHM) files to distribute malware, targeting entities in South Korea, North America, Asia, and Europe. The cybersecurity firm Rapid7 has attributed this activity to Kimsuky with moderate confidence. The group’s tactics include deploying an Endoor backdoor malware … Read more