Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

December 13, 2024 at 07:33AM Iran-affiliated hackers have developed IOCONTROL, a custom malware targeting IoT and operational technology systems in Israel and the U.S. It can compromise various devices like cameras and PLCs, enabling attackers to shut down services and steal data. The malware functions via MQTT and employs advanced evasion tactics. **Meeting Takeaways – … Read more

New IOCONTROL malware used in critical infrastructure attacks

December 12, 2024 at 03:48PM Iranian threat actors are deploying a new malware, IOCONTROL, to attack IoT devices and critical infrastructure systems in Israel and the U.S. It targets various devices, including routers and fuel management systems, potentially causing disruptions. Linked to the CyberAv3ngers group, it is difficult to detect with current antivirus tools. ### … Read more

US sanctions Chinese firm for hacking firewalls in ransomware attacks

December 10, 2024 at 11:40AM The U.S. Treasury sanctioned Sichuan Silence, a Chinese cybersecurity firm, and an employee for involvement in 2020 Ragnarok ransomware attacks on U.S. critical infrastructure. Guan Tianfeng exploited a zero-day vulnerability, compromising 81,000 firewalls globally, including over 23,000 in the U.S. A $10 million reward has been offered for information. **Meeting … Read more

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

December 9, 2024 at 01:18PM Black Basta ransomware is evolving its tactics, utilizing social engineering and various malware like Zbot and DarkGate since October 2024. The group employs email bombing, impersonation on Microsoft Teams, and QR codes to target users. Their ultimate aim includes credential harvesting and VPN file theft for further breaches. ### Meeting … Read more

Spy v Spy: Russian APT Turla Caught Stealing from Pakistani APT

December 4, 2024 at 12:02PM Russian hackers, known as Turla, spent two years infiltrating Pakistani cyberspies, gaining access to sensitive South Asian government networks. By commandeering Pakistani command servers, Turla deployed its own malware and extracted valuable data. This operation showcases their strategy of exploiting other threat actors’ infrastructures for espionage without revealing their own … Read more

SpyLoan Android malware on Google play installed 8 million times

November 30, 2024 at 02:01PM McAfee identified 15 malicious SpyLoan apps targeting users in South America, Southeast Asia, and Africa, accumulating over 8 million downloads on Google Play. Deceptively marketed as loan services, these apps extort sensitive data and harass users post-installation. Despite removal efforts, SpyLoan risks persist, highlighting ongoing security challenges for app stores. … Read more

‘RomCom’ APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

November 26, 2024 at 04:44PM In October, Russian hackers exploited two zero-day vulnerabilities affecting Firefox and Windows, allowing them to deploy malicious code via infected websites. The vulnerabilities were swiftly patched, limiting potential damage, primarily impacting targets in North America and Europe. The attackers utilized fake domains related to IT services to spread the malware. … Read more

Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia

November 22, 2024 at 07:12AM Russian-linked threat group TAG-110 has been conducting a cyber espionage campaign targeting Central Asia, East Asia, and Europe, utilizing custom malware HATVIBE and CHERRYSPY. The campaign, focused on government and educational institutions, aims to gather intelligence to support Russia’s geopolitical interests, particularly in post-Soviet states. **Meeting Takeaways – Cyber Espionage … Read more

Russian Cyberespionage Group Hit 60 Victims in Asia, Europe

November 22, 2024 at 07:02AM A Russia-linked cyberespionage group, TAG-110, has targeted over 60 victims across Asia and Europe, mainly in government and education, since at least 2021. Utilizing malware like HatVibe and CherrySpy, the group’s activities align with Russian geopolitical interests, particularly in Central Asia, impacting multiple sectors and national institutions. ### Meeting Takeaways … Read more

The Urgent And Critical Need To Prioritize Mobile Security

November 19, 2024 at 09:54AM SecurityWeek offers extensive resources on cybersecurity, including news, webcasts, and virtual events. Key topics include malware, cybercrime, ransomware, and risk management. They also host ICS Cybersecurity Conferences, provide funding insights, and offer a daily newsletter for updates on the latest threats and expert opinions. **Meeting Takeaways: SecurityWeek Overview** 1. **Focus … Read more