June 11, 2024 at 08:03AM Forescout annually analyzes and presents risk scores for various devices based on configuration, behavior, and function. The score quantifies the risk of a dangerous liaison between threat actors and vulnerable devices. The report aims to increase awareness and prompt urgent attention to specific devices. It is based on fresh data … Read more
May 17, 2024 at 05:33AM The Kimsuky APT group, associated with North Korea’s Reconnaissance General Bureau, has been observed deploying the Gomir backdoor on Linux to target South Korean organizations. The malware shares extensive code with GoBear and is distributed through trojanized security programs. The campaign highlights the preference for software installation packages as infiltration … Read more
April 5, 2024 at 06:33AM Bogus Adobe Acrobat Reader installers are distributing a new multi-functional malware called Byakugan. The attack begins with a PDF file in Portuguese prompting the victim to download the Reader application. Clicking the link leads to the installation of the malware, which leverages various techniques to deploy its payload and gather … Read more
April 2, 2024 at 04:52PM Understanding Iran’s techniques and comprehensive threat intelligence can help organizations identify and defend against attacks, giving them a valuable edge. The main takeaway from the meeting notes is that gaining a clear understanding of Iran’s techniques, combined with comprehensive threat intelligence, can provide organizations with a competitive advantage in identifying … Read more
March 28, 2024 at 11:12AM Gartner predicts a $208.7 billion global investment in IT security this year. However, Accenture reports CEOs’ lack confidence in their organizations’ cybersecurity, emphasizing the challenge of managing data from multiple security tools. A cybersecurity mesh architecture (CSMA) offers an integrated solution, with potential cost reduction and tools like Dassana and … Read more
March 5, 2024 at 03:28PM The ‘WogRAT’ malware targets Windows and Linux, utilizing the ‘aNotepad’ platform to store and retrieve malicious code. Named by AhnLab Security Intelligence Center (ASEC), it has been active since late 2022, targeting Asian countries. The malware employs covert distribution methods to avoid detection, using an online, legitimate service for stealthier … Read more
February 20, 2024 at 10:40AM Ransomware attacks are often initiated by criminals exploiting easily accessible targets, rather than choosing them. Infostealer malware, particularly through Telegram channels, contributes to the proliferation of ransomware attacks. Additionally, initial access brokers sell corporate IT access, which is taken advantage of by ransomware groups and affiliates to carry out attacks, … Read more