November 7, 2023 at 09:24AM The BlueNoroff nation-state group, which has connections to North Korea, is behind a newly discovered macOS malware called ObjCShellz. It is used as part of the RustBucket malware campaign and is suspected to be delivered through social engineering. BlueNoroff is a sub-group of the Lazarus Group, known for financial crimes … Read more
November 1, 2023 at 11:40AM Prolific Puma, a threat actor, has been running an underground link shortening service for other malicious actors for the past four years. This service helps them distribute phishing, scams, and malware while evading detection. Puma uses an American domain registrar and web hosting company named NameSilo for registration. The real … Read more
October 30, 2023 at 03:18AM Unpatched security flaws have been discovered in the NGINX Ingress controller for Kubernetes. These vulnerabilities (CVE-2022-4886, CVE-2023-5043, CVE-2023-5044) could allow threat actors to steal secret credentials, execute arbitrary commands, and inject code into the ingress controller. Mitigations have been released, but updating NGINX and enabling strict path validation is recommended. … Read more
October 27, 2023 at 11:43AM The Lazarus Group, a North Korea-linked threat actor, has launched a new cyber attack campaign targeting a software vendor through known security flaws in another software. The attack involved the deployment of malware families such as SIGNBT and LPEClient. The Lazarus Group has demonstrated advanced evasion techniques and targeted other … Read more
October 26, 2023 at 07:11PM Octo Tempest is a threat actor group tracked by Microsoft, specializing in data extortion and ransomware attacks. They have evolved their tactics over time, targeting organizations in various sectors and partnering with the ALPHV/BlackCat ransomware group. With advanced social engineering capabilities, they gain initial access through phishing, social engineering, and … Read more
October 26, 2023 at 03:54PM A threat actor sponsored by Iran has been using watering-hole attacks and a new malware downloader to target Mediterranean organizations in the maritime, shipping, and logistics sectors. The group, known as Tortoiseshell, Imperial Kitten, TA456, Crimson Sandstorm, and Yellow Liderc, has been utilizing various tactics including phishing domains, targeted emails, … Read more
October 26, 2023 at 10:06AM Scattered Spider, a prolific threat actor, is impersonating new employees in targeted firms to infiltrate organizations worldwide. Microsoft describes the group, also known as Octo Tempest, as a dangerous financial criminal group that utilizes SMS phishing, SIM swapping, and help desk fraud to carry out their attacks. Their tactics include … Read more
October 26, 2023 at 04:48AM A new threat actor called YoroTrooper, likely consisting of operators from Kazakhstan, has been identified. The group employs various tactics to hide their activities, including targeting Kazakhstani entities and using VPN exit nodes in Azerbaijan. YoroTrooper primarily uses spear-phishing and malware to steal data, and has now shifted to custom … Read more
October 25, 2023 at 04:51PM The YoroTrooper espionage group, which has been active since June 2022, appears to consist of individuals from Kazakhstan. The group has been targeting government entities in Azerbaijan, Kyrgyzstan, Tajikistan, and other CIS countries. They use Kazakh currency and languages, and have only targeted one institution in Kazakhstan. They rely on … Read more
October 24, 2023 at 03:03PM Kaspersky has released a report detailing the iOS zero-click attacks it suffered. Dubbed ‘Operation Triangulation’, the attacks used malicious iMessage attachments to exploit a zero-day vulnerability and deploy spyware named TriangleDB. The attackers implemented stealth techniques to avoid detection, including using two validators to collect device information and ensure the … Read more