May 31, 2024 at 06:57AM APT28, a Russian GRU-backed threat actor, has conducted cyber attacks across Europe using the HeadLace malware and credential-harvesting web pages. Operating with stealth and sophistication, they utilized legitimate internet services to conceal their operations. Their main targets included entities with military significance and services like Yahoo! and UKR[.]net. Key takeaways … Read more
May 30, 2024 at 01:27PM Cloudflare disrupted a phishing campaign by Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign used debt-themed lures to distribute the PowerShell malware COOKBOX. Cloudforce One identified the campaign in mid-April 2024, involving Cloudflare Workers and GitHub, and exploiting a WinRAR vulnerability. Another financially motivated group, UAC-0006, was also identified by … Read more
May 30, 2024 at 01:10AM Summary: Water Sigbin, also known as the 8220 Gang, exploited Oracle WebLogic vulnerabilities to deploy a cryptocurrency miner via a PowerShell script. The group used obfuscation techniques to conceal its activities, including hexadecimal URL encoding and fileless execution. Organizations are advised to prioritize patch management, network segmentation, security audits, employee … Read more
May 24, 2024 at 11:42AM Google has addressed a critical high-severity security flaw, CVE-2024-5274, in its Chrome browser. The bug, a type confusion vulnerability in the V8 engine, poses threats such as code execution or access control bypasses. Two researchers, ClĂ©ment Lecigne and Brendon Tiszka, reported the flaw. It marks Google’s fourth zero-day vulnerability this … Read more
May 23, 2024 at 10:17AM MITRE detailed a recent cyberattack where state-sponsored hackers exploited zero-day vulnerabilities to access its NERVE environment. The attackers abused VMware systems for persistence and detection evasion, deploying backdoors and web shells. MITRE identified the threat actor and shared mitigation scripts for other organizations to safeguard their VMware environments. Key takeaways … Read more
May 17, 2024 at 01:30PM Cloud security firm Aqua recently uncovered the evolving threat of Kinsing, a persistent cryptojacking group utilizing newly disclosed vulnerabilities to expand its botnet. The malware exploits various flaws to enroll systems in crypto-mining, targeting open-source applications and utilizing scripts and binaries to carry out attacks on Linux and Windows systems. … Read more
May 16, 2024 at 03:47AM This report provides a detailed analysis of Earth Hundun’s cyberespionage campaign, focusing on the evolution from Waterbear to Deuterbear malware. Deuterbear displays advancements in capabilities such as shellcode plugins and HTTPS communication for C&C operations. The report also outlines the functionalities and differences between the two malware variants. The comprehensive … Read more
May 13, 2024 at 04:29PM Cybercriminal “salfetka” is allegedly selling the source code of INC Ransom, a ransomware-as-a-service operation. The sale is announced on hacking forums, with a price tag of $300,000 and limitations on potential buyers. Additionally, INC Ransom is undergoing changes, possibly indicating a rift within its core team or plans for a … Read more
May 11, 2024 at 03:45AM FIN7, a financially motivated threat actor, has used malicious Google ads to imitate reputable brands, such as AnyDesk and Google Meet, to spread the NetSupport RAT. The group has evolved from targeting point-of-sale systems to launching ransomware campaigns and has expanded its malware arsenal. This activity has prompted Microsoft to … Read more
May 9, 2024 at 11:30AM Dell recently cautioned about a data breach where a threat actor claimed to have acquired information for about 49 million customers via a breached Dell portal. The stolen data includes names, physical addresses, Dell hardware and order details. Though Dell reassures minimal risk as no financial data was accessed, customers … Read more