December 5, 2024 at 10:41AM Latrodectus is a sophisticated malware family targeting corporate networks and financial institutions, leveraging advanced tactics like phishing and dynamic API resolution for data theft while evading detection. It utilizes a modular design for adaptability and persistence. Effective defenses include employee training, endpoint security, network segmentation, and regular updates. ### Meeting … Read more
November 28, 2024 at 06:08AM Researchers found a year-long software supply chain attack on the npm package registry involving the malicious package @0xengine/xmlrpc, which harvested sensitive data and mined cryptocurrency. Discovered by Checkmarx, it exploited trust in dependencies. Additionally, ongoing malicious campaigns using counterfeit packages target multiple platforms, including Roblox developers. ### Meeting Takeaways – … Read more
October 22, 2024 at 01:33AM Ghostpulse malware has updated its delivery method, now embedding payloads within the pixels of PNG files, enhancing evasion of detection tools. This sophisticated technique allows it to act as a loader for more dangerous malware like Lumma, compelling defenses to evolve accordingly. Attackers also use social engineering tricks for distribution. … Read more
October 15, 2024 at 04:05AM Trend Micro’s Threat Hunting Team identified EDRSilencer, a tool designed to block endpoint detection and response (EDR) solutions, enhancing malware stealth by disrupting telemetry transmission. This enables threat actors to evade detection, complicating the identification of malware. Organizations are urged to strengthen security measures and monitor for this evolving threat. … Read more
October 14, 2024 at 06:21PM North Korean hackers are deploying a new Linux variant of FASTCash malware, targeting payment switch systems at financial institutions for unauthorized cash withdrawals. This variant, first noted in June 2023, manipulates transaction messages to bypass declines, facilitating thefts akin to previous FASTCash operations since 2016. **Meeting Takeaways:** 1. **New Threat … Read more
October 12, 2024 at 02:10PM OpenAI reported that its AI chatbot, ChatGPT, has been exploited in over 20 cyber operations for creating malware, spreading misinformation, and phishing. Threat actors from China and Iran used the tool for tasks like vulnerability research and scripting. OpenAI has banned the accounts involved and shared relevant data with cybersecurity … Read more
October 3, 2024 at 10:39AM Summary: The Linux malware “perfctl” has evaded detection for at least three years, targeting servers for cryptomining purposes. It exploits misconfigurations and known vulnerabilities to gain initial access, deploys rootkits for evasion, and communicates with threat actors over TOR. Aqua Nautilus offers detection and mitigation strategies to combat perfctl’s activities. … Read more
October 3, 2024 at 09:45AM Threat actors linked to North Korea have been identified launching a new campaign named SHROUDED#SLEEP targeting Cambodia and other Southeast Asian countries using the VeilShell backdoor and RAT. The group, APT37, is associated with North Korea’s MSS and uses varied tactics for intelligence gathering. The campaign involves sophisticated techniques and … Read more
September 4, 2024 at 10:37AM The Cicada3301 ransomware, linked to at least 20 victims since June, shares similarities with BlackCat ransomware. It’s coded in Rust and targets Windows’ Volume Snapshot Service, manipulating the shadow copies. The malware also embeds user credentials and customizes ransom notes per victim. Its detection capabilities and targets, primarily SMBs, are … Read more
August 26, 2024 at 03:56PM Microsoft administrators faced a challenging Monday after being inundated with false malware reports, leading to legitimate emails being quarantined. Microsoft’s 365 Service Center issued an alert on Xitter, acknowledging an issue with malware detection. A mitigation is in progress, but admins may need to manually unblock emails due to the … Read more