January 25, 2024 at 02:30AM CherryLoader, a new Go-based malware loader, has been discovered by threat hunters. It masquerades as the legitimate CherryTree note-taking application to trick victims. The loader delivers privilege escalation tools and can swap out exploits without recompiling code. Its distribution method is unknown, but it is contained in a RAR archive … Read more
January 24, 2024 at 07:06AM Kasseika, a new ransomware group, has adopted the Bring Your Own Vulnerable Driver (BYOVD) attack to evade security processes on Windows hosts, demonstrating similarities with the now-defunct BlackMatter. Their attack chain begins with a phishing email, followed by deploying remote administration tools and executing a malicious batch script. The ransomware … Read more
January 23, 2024 at 08:24AM Apple macOS users have been targeted by cracked software delivering a new stealer malware, capable of stealing cryptocurrency wallet data. The attack involves booby-trapped disk image files, prompting users to enter the system administrator password and execute a modified executable. The malware establishes contact with a command-and-control server to fetch … Read more
January 22, 2024 at 05:31PM Hackers are utilizing a covert approach to disseminate information-stealing malware to macOS users via DNS records. The campaign targets macOS Ventura and later users, leveraging cracked applications containing a trojan. Victims unknowingly execute the malware, granting it access to their system and potentially compromising sensitive data. Kaspersky’s findings underscore the … Read more
January 19, 2024 at 10:03PM TA866, a threat actor, has returned after a hiatus, launching a large phishing campaign to distribute malware such as WasabiSeed and Screenshotter. The campaign targeted North America with PDFs containing OneDrive URLs that initiate a multi-step infection chain. Other actors, such as TA571, are involved in spam email campaigns to … Read more
January 19, 2024 at 07:54PM CISA is pressuring organizations to urgently address critical vulnerabilities in Ivanti Connect Secure VPN. Agencies must apply available mitigations, remove compromised products, and report infected devices. This follows a Chinese government-backed hacking team exploiting the vulnerabilities. The company has released pre-patch mitigations, with comprehensive fixes set to begin rollout on … Read more
January 18, 2024 at 11:03AM COLDRIVER, a Russia-linked threat actor, has evolved its tactics to include creating and using its first custom malware in the Rust programming language. The group leverages PDF decoy documents in spear-phishing campaigns, targeting organizations in various sectors. Google TAG has observed the actor’s use of benign PDFs to deliver a … Read more
January 17, 2024 at 09:57AM PAX Technology’s PoS terminals have high-severity vulnerabilities that could allow threat actors to execute arbitrary code. The STM Cyber R&D team discovered six flaws, including privilege escalation and local code execution, impacting various PAX devices. The vulnerabilities were responsibly disclosed to PAX, and patches were released in November 2023. Key … Read more
January 15, 2024 at 01:34PM Phemedrone malware exploits Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass security prompts in Windows. It steals data from web browsers, cryptocurrency wallets, and apps like Discord and Steam. The flaw was fixed in November 2023, but unpatched systems remain at risk. Trend Micro researchers have identified the specific apps and … Read more
January 12, 2024 at 10:36AM Hackers have been exploiting two zero-day vulnerabilities in Ivanti Connect Secure since early December, deploying multiple malware families for espionage. The vulnerabilities, CVE-2023-46805 and CVE-2024-21887, bypass authentication and inject arbitrary commands. Attackers targeted a small number of Ivanti customers. The threat actor, tracked as UNC5221, used various custom malware and … Read more