September 23, 2024 at 07:55AM macOS 15 Sequoia’s release has caused disruptions for cybersecurity software and network connectivity. Users reported issues with security solutions from CrowdStrike, ESET, Microsoft, and SentinelOne, as well as connectivity problems and browser malfunctions. Apple was aware of the problems, yet still released the update. Workarounds and risks have been suggested … Read more
August 19, 2024 at 06:45AM The Xeon Sender tool is being used for large-scale SMS phishing and spam campaigns through abusing legitimate cloud services. It exploits APIs of services like Amazon SNS, Nexmo, and Twilio to send bulk SMS spam attacks without exploiting any weaknesses of the providers. Organizations should monitor for anomalous changes in … Read more
July 17, 2024 at 07:18AM Financially motivated threat actor FIN7 has been observed using multiple pseudonyms to promote AvNeutralizer, a tool used by ransomware groups. Known for sophisticated tactics, FIN7 has adapted its malware arsenal and set up front companies to recruit unwitting engineers. The group’s malvertising tactics and latest tool updates highlight its ongoing … Read more
July 17, 2024 at 06:10AM AuKill, a cybercrime tool by FIN7, is evolving to disrupt Windows processes guarded by endpoint detection and response tools. The collective has significantly enhanced their tool, attracting high-level ransomware groups’ attention. By targeting protected processes, AuKill aims to induce a denial-of-service condition, emphasizing the need for robust security solutions against … Read more
June 26, 2024 at 06:10AM A China-backed APT group, ChamelGang, has been using ransomware to hide its cyberespionage operations for three years. Recently targeting critical infrastructure in East Asia and India, the group’s tactic aims to provide deniability and cover tracks while exfiltrating data. ChamelGang’s focus on data theft and cyberespionage is attributed to geopolitical … Read more
March 22, 2024 at 12:33AM New findings from SentinelOne show that the data wiping malware AcidPour may have been used in attacks targeting four Ukrainian telecom providers, linked to Russian military intelligence. It has expanded capabilities to disable various devices and overlaps with the AcidRain wiper, demonstrating a refined and calculated approach by threat actors … Read more
March 19, 2024 at 06:48AM A new variant of the data wiping malware AcidRain, named AcidPour, has been discovered, targeting Linux x86 devices. This ELF binary variant is designed to erase content from RAID arrays and UBI file systems. The specific targets and scale of the attacks are currently unknown. The discovery highlights the use … Read more
January 3, 2024 at 05:08PM SentinelOne, a leader in AI-powered security, has announced the acquisition of PingSafe to enhance its cloud security capabilities. By integrating PingSafe’s cloud native application protection platform with its own offerings, SentinelOne aims to provide a fully integrated platform for comprehensive cloud security. The acquisition is anticipated to close in the … Read more
January 3, 2024 at 02:55PM SentinelOne plans to acquire PingSafe in a cash-and-stock deal, expanding its cloud-native application protection platform (CNAPP) capabilities. The financial terms were undisclosed, and the deal is expected to close in the first quarter. PingSafe, with headquarters in the US and India, provides real-time monitoring of multi-cloud workloads and advanced secrets … Read more
December 14, 2023 at 10:00AM The Gaza Cyber Gang, a pro-Hamas threat actor, has been targeting Palestinian entities using an updated backdoor called Pierogi++. This malware is implemented in C++ and has been used for consistent targeting of Palestinian entities. The group has been active since 2012 and continues to refine its malware for successful … Read more