August 26, 2024 at 12:54PM Microsoft is investigating a false positive issue in Exchange Online, where emails with images are wrongly tagged as malicious and quarantined. The ongoing service degradation issue seems widespread, affecting outbound traffic, replies, and forwards of external emails. This is reminiscent of a past issue in October 2023. Microsoft is actively … Read more
August 25, 2024 at 12:48PM ‘Sedexp’ is a stealthy Linux malware that has been evading detection since 2022 by using a persistence technique not included in the MITRE ATT&CK framework. Based on the meeting notes, the key takeaways are: 1. A Linux malware named ‘sedexp’ has been evading detection since 2022. 2. It uses a … Read more
August 25, 2024 at 02:36AM Cybersecurity researchers have discovered a stealthy Linux malware called sedexp, utilized by financially motivated threat actors since 2022. Noteworthy for using udev rules to maintain persistence, the malware runs upon system reboot, enabling remote access and memory modification to conceal its presence. It has been observed hiding credit card scraping … Read more
August 16, 2024 at 09:33AM Cybersecurity researchers have identified a complex information theft campaign, “Tusk,” conducted by Russian-speaking cybercriminals. The campaign leverages legitimate brands to distribute malware like DanaBot and StealC through phishing tactics and social engineering. The sophisticated threat actors mimic well-known projects, employing multistage malware delivery methods, highlighting their advanced capabilities in deceiving … Read more
August 6, 2024 at 06:06AM The LianSpy, an Android post-compromise spyware, has targeted users in Russia since 2021. Discovered in March 2024, it uses Yandex Cloud for command-and-control communications, enabling it to capture screencasts, exfiltrate user data, and evade detection. Its stealth tactics include bypassing privacy indicators and leveraging legitimate services for communication and storage. … Read more
August 5, 2024 at 11:27AM A new Android malware called ‘LightSpy’ has been found targeting Russian users by posing as an Alipay app or system service to avoid detection. This previously unknown threat aims to compromise mobile phones and steal sensitive information. Based on your meeting notes, it seems that a new Android malware called … Read more
August 2, 2024 at 03:46PM China-linked APT41 compromised a Taiwanese research institute in July 2023, deploying various malware tools including the ShadowPad RAT and Cobalt Strike tool. The group, known for cyber espionage and financially motivated attacks, targeted a valuable source of proprietary technology. The attack involved stealing documents and deploying sophisticated techniques to evade … Read more
August 1, 2024 at 06:05PM Japanese researchers will demonstrate at Black Hat USA how attackers can insert malicious commands into the machine code of software interpreters, like VBScript and Python, to execute malicious code undetected. By exploiting the lack of bytecode scanning in security software, attackers can hide their activity, posing a significant supply chain … Read more
August 1, 2024 at 09:06AM Italian cybersecurity firm Cleafy discovered an Android remote access trojan (RAT) called BingoMod. It’s capable of fraudulent money transfers and device wiping to erase malware traces. The RAT, attributed to a Romanian-speaking threat actor, uses remote access to exploit on-device fraud, and the malware is under active development. BingoMod employs … Read more
July 25, 2024 at 08:08AM Kaspersky proposed a “comprehensive assessment framework” to verify its security products to the US Department of Commerce, aiming to mitigate supply chain risks and provide security assurances. Despite this, the Commerce Department did not respond to the proposal. The framework includes localization of data processing, review of data received, and … Read more