August 29, 2024 at 09:48AM Google TAG has identified evidence of Russian state-backed hackers using iOS and Chrome exploits previously associated with commercial spyware vendors NSO Group and Intellexa. These exploits have been used in high-profile corporate hacks, including a breach at Microsoft. The hackers have been observed using exploits against iOS and Android devices, … Read more
July 30, 2024 at 10:37AM EvilProxy, a phishing kit known as the “LockBit of phishing,” is being used to launch attacks using legitimate Cloudflare services to disguise malicious traffic. Criminals are offered customer support, videos, and guides to launch campaigns and disguise their activity. Notable threat actors, TA4903 and TA577, have adopted EvilProxy for their … Read more
July 15, 2024 at 10:55AM CVE-2024-38112, exploited by APT group Void Banshee, allowed them to use a zero-day to access and execute files via the disabled Internet Explorer using MSHTML. The vulnerability was promptly reported to Microsoft and patched. Void Banshee lured victims using zip archives with malicious files disguised as PDFs, targeting North America, … Read more
June 5, 2024 at 04:22PM RansomHub, a new cyber-crime group, has been identified as a possible rebrand of the Knight ransomware gang. It has been active in stealing and auctioning off data from various organizations using sophisticated techniques. There is evidence of overlap between RansomHub and Knight’s code, suggesting a connection between the two groups. … Read more
April 18, 2024 at 07:36AM A new Android trojan named SoumniBot is targeting users in South Korea by exploiting vulnerabilities in manifest extraction. It evades analysis through unconventional approaches, including obfuscating the Android manifest. The malware collects sensitive data, manipulates device settings, and searches for digital signature certificates. Its developers successfully complicate detection through insufficiently … Read more
April 11, 2024 at 06:19PM The US federal government warned customers of Sisense, a business analytics platform, about a password compromise. The Cybersecurity and Infrastructure Security Agency advised users to reset credentials and passwords for sensitive data. The platform, which serves over 2,000 companies, including Air Canada and Nasdaq, is an attractive target for supply … Read more
April 8, 2024 at 07:33AM Threat hunters discovered a new malware, Latrodectus, distributed through email phishing campaigns since late November 2023. It is associated with IcedID threat actors and has been primarily linked to two initial access brokers. The malware has sophisticated capabilities and is expected to be increasingly used by financially motivated threat actors. … Read more
March 22, 2024 at 06:07PM Chinese spies exploited critical-severity bugs in F5 and ConnectWise equipment to gain access to US defense organizations, UK government agencies, and other entities, according to Mandiant. The exploits were attributed to a group known as UNC5174, who also targeted other vulnerabilities and used custom software and a remote command-and-control framework … Read more
March 12, 2024 at 08:27AM Threat hunters have discovered a set of seven malicious packages on PyPI, targeting cryptocurrency wallets by stealing BIP39 mnemonic phrases. The campaign codenamed BIPClip has been active since December 2022 and has raised concerns about supply chain attacks on crypto assets. The attackers have been careful in crafting the packages … Read more
March 7, 2024 at 01:40PM Menlo Security linked China to the ALPHV/BlackCat gang behind the Change Healthcare ransomware attack, impacting US pharmacies. The criminals demanded a $22 million Bitcoin ransom, suggesting ties to Chinese state-backed groups. Menlo also found evidence of Notchy’s involvement and purchases of malware tools, causing significant impact on US healthcare infrastructure. … Read more