January 18, 2024 at 12:09PM A novel campaign is targeting vulnerable Docker services by deploying XMRig cryptocurrency miner and 9Hits Viewer software to generate revenue. The campaign uses various strategies to drive traffic to websites, breaching servers to deploy malicious containers via Docker API. The impact includes resource exhaustion and potential for a serious breach. … Read more
January 17, 2024 at 10:07AM A recent CloudSEK XVigil report reveals a 95% surge in cyberattacks on government agencies in 2022. The public sector faces greater cybersecurity challenges due to limited resources and widespread personal data. A whole-of-state (WoS) cybersecurity strategy is proposed for collaborative defense, supported by the State and Local Cybersecurity Grant Program. … Read more
January 16, 2024 at 08:33AM The Remcos RAT, disguised as adult-themed games, is being distributed in South Korea through webhards. This sophisticated remote access trojan allows threat actors to unauthorizedly control and surveil compromised hosts, exfiltrating sensitive information. Originally marketed as a remote administration tool, it has evolved into a potent weapon for infiltrating systems … Read more
January 16, 2024 at 02:45AM Threat actors exploit a patched security flaw in Microsoft Windows to deploy the Phemedrone Stealer, targeting web browsers, cryptocurrency wallets, and messaging apps. The flaw, CVE-2023-36025, allows attackers to bypass Windows SmartScreen protection. Despite being patched, threat actors find ways to exploit the flaw, highlighting their flexibility in adapting attack … Read more
January 15, 2024 at 07:48AM A Windows SmartScreen vulnerability (CVE-2023-36025) is being actively exploited to deliver Phemedrone Stealer malware, as reported by Trend Micro. Despite patches being released, threat actors continue to exploit the bug to bypass Windows Defender SmartScreen protection, leading to infections. The malware, written in C#, can steal a wide range of … Read more
January 12, 2024 at 06:15AM The recently discovered Ivanti Connect Secure zero-day vulnerabilities are being exploited by threat actors linked to China, aiming to steal valuable data. These vulnerabilities, CVE-2023-46805 and CVE-2024-21887, pose a serious threat, with over 7,000 internet-exposed instances vulnerable to attacks. Patches are expected by the week of January 22, but CISA … Read more
January 11, 2024 at 10:53AM GitHub’s widespread usage in IT has made it an attractive option for threat actors to host and deliver malicious content, acting as dead drop resolvers, command-and-control, and data exfiltration points. The platform is used for various malicious activities, including payload delivery and phishing, presenting challenges for traditional security defenses. Recorded … Read more
January 10, 2024 at 01:37PM Cybercriminals are using tactics such as fake 401(k) notices, open enrollment communications, and salary adjustment messages to steal employees’ credentials. Despite organizations’ robust email security solutions, phishing emails are still making their way into employees’ inboxes, particularly targeting large enterprises. Cofense advises coordinating and educating personnel to mitigate these attacks … Read more
January 9, 2024 at 11:24AM A new report from cybersecurity firm Securonix warns that financially motivated threat actors based in Turkey have been targeting Microsoft SQL Server databases with ransomware attacks. The campaign, primarily aimed at organizations in the US, Europe, and Latin America, involves various malicious activities including brute-forcing credentials, executing shell commands, and … Read more
January 8, 2024 at 09:19AM Threat actors known as Anonymous Arabic have released a remote access trojan called Silver RAT, designed to bypass security software and launch hidden applications. The group also offers services such as the distribution of cracked RATs and social media bots used for promoting illicit activities. Silver RAT was first observed … Read more