August 21, 2024 at 12:36PM A new remote access trojan called MoonPeak is being used by a state-sponsored North Korean threat activity cluster in a new campaign. This variant of Xeno RAT malware is developed to access and set up new infrastructure to support the campaign, with constant evolution and obfuscation techniques to prevent analysis. … Read more
August 20, 2024 at 05:22PM Toyota confirmed a third-party data breach exposing customer data. While initially saying their systems were not breached, a spokesperson later clarified that the data came from a misrepresented third-party entity. The leaked data includes customer and employee details, contracts, and financial information. This follows previous incidents of data breaches at … Read more
August 20, 2024 at 06:40AM Summary: Iranian state-sponsored threat actors, identified as TA453, have orchestrated spear-phishing campaigns targeting a prominent Jewish figure to deliver a new intelligence-gathering tool called AnvilEcho. The enterprise security company Proofpoint is tracking this activity, reflecting IRGC intelligence priorities, and the adversary’s active retooling of its arsenal with the new Go-based … Read more
August 20, 2024 at 01:33AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Jenkins to its Known Exploited Vulnerabilities catalog. The CVE-2024-23897 vulnerability, with a CVSS score of 9.8, allows code execution and has been actively exploited in ransomware attacks. Federal agencies have until September 9, 2024, to … Read more
August 16, 2024 at 10:33AM Palo Alto Networks discovered threat actors extorting organizations by exploiting inadvertently exposed environment variables in cloud environments, compromising sensitive information. Over 110,000 domains were targeted, exposing access keys and login credentials for various services. The attackers used various methods to exploit the compromised data and urged organizations to enhance their … Read more
August 13, 2024 at 01:33PM A China-backed threat group known as APT41 is expanding its cyber espionage reach from Asia to Europe, the Middle East, and Africa. Their spinoff group, Earth Baku, has been targeting organizations in Italy, Germany, UAE, and Qatar, using new malware and living-off-the-land techniques. APT41’s evolving and sophisticated threat profile poses … Read more
August 11, 2024 at 06:27AM Researchers found a malicious package on PyPI that poses as a Solana blockchain library to steal user secrets. The fraudulent “solana-py” package was downloaded 1,122 times before being removed. It mimicked the legitimate “solana” package and harvested wallet keys. The attack highlights supply chain risks and the abuse of legitimate … Read more
August 9, 2024 at 12:14AM Earth Baku (associated with APT41) has expanded its reach from the Indo-Pacific to Europe, the Middle East, and Africa since late 2022. This advanced threat actor targets countries such as Italy, Germany, UAE, and Qatar, using public-facing applications like IIS servers for initial access and deploying advanced malware toolsets such … Read more
August 2, 2024 at 03:46PM China-linked APT41 compromised a Taiwanese research institute in July 2023, deploying various malware tools including the ShadowPad RAT and Cobalt Strike tool. The group, known for cyber espionage and financially motivated attacks, targeted a valuable source of proprietary technology. The attack involved stealing documents and deploying sophisticated techniques to evade … Read more
August 2, 2024 at 07:00AM Researchers have identified a new Windows backdoor, known as BITSLOTH, using the Background Intelligent Transfer Service for command-and-control. It’s used by threat actors for keylogging, screen capturing, and data gathering. The malware also utilizes an open-source tool called RingQ, with potential ties to Chinese speakers. The attack leverages various tactics, … Read more