Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

December 9, 2024 at 07:07AM A botnet named Socks5Systemz operates the malicious proxy service PROXY.AM, enabling cybercriminals to mask their activities. Recent findings reveal its resurgence after losing control of its initial version. Meanwhile, the Gafgyt malware targets misconfigured Docker API servers, emphasizing the risks of cloud misconfigurations and the need for better security practices. … Read more

QR codes bypass browser isolation for malicious C2 communication

December 9, 2024 at 02:59AM Mandiant has discovered a method to bypass browser isolation using QR codes for command-and-control operations. This technique encodes commands in QR codes displayed on webpages, allowing compromised local browsers to capture and decode them. Despite limitations like data size and latency, it highlights vulnerabilities in current security measures, necessitating enhanced … Read more

Blue Yonder ransomware termites claim credit

December 8, 2024 at 10:10PM The Termite ransomware gang claimed responsibility for a ransomware attack on Blue Yonder, stealing 680GB of data. Blue Yonder’s operations were disrupted, affecting clients like Starbucks and UK grocery chains. Additionally, a Nigerian scammer received eight years in prison for a business email compromise scheme that stole over $6 million. … Read more

More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

December 6, 2024 at 03:48AM The More_eggs malware has expanded with new families: RevC2, an information-stealing backdoor, and Venom Loader, a customized malware loader. Both are deployed via VenomLNK. Their campaigns, observed from August to October 2024, demonstrate ongoing innovation in the malware-as-a-service sector despite previous arrests of key operators. ### Meeting Takeaways – December … Read more

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

December 6, 2024 at 02:48AM Gamaredon, a Russian-affiliated cyber threat group, is using Cloudflare Tunnels to hide its GammaDrop malware in a spear-phishing campaign targeting Ukrainian entities since early 2024. The group employs various techniques, including HTML smuggling and DNS fast-fluxing, to evade detection and maintain access to compromised systems. ### Meeting Takeaways – December … Read more

Microsoft: Another Chinese cyberspy crew targeting US critical orgs ‘as of yesterday’

December 5, 2024 at 08:13PM Microsoft’s threat intelligence team reports that the China-linked group Storm-0227 is targeting critical infrastructure and US government agencies, leveraging public security vulnerabilities and spear-phishing tactics. Active since January, they steal credentials and sensitive data, indicating significant and ongoing espionage efforts focused on US defense, telecommunications, and legal sectors. ### Meeting … Read more

Romania’s election systems targeted in over 85,000 cyberattacks

December 5, 2024 at 07:01PM A declassified Romanian Intelligence report reveals over 85,000 cyberattacks targeting the country’s election infrastructure, with leaked credentials for election websites surfacing on a Russian hacker forum. Concurrently, an influence campaign utilized TikTok influencers to promote pro-Russian presidential candidate Calin Georgescu. Romania’s election system remains vulnerable to attacks. ### Meeting Notes … Read more

Russia’s ‘BlueAlpha’ APT Hides in Cloudflare Tunnels

December 5, 2024 at 05:21PM BlueAlpha, a Russian APT group, has adapted its malware delivery by exploiting Cloudflare Tunnels to deploy GammaDrop malware. This method conceals staging infrastructure, enabling HTML smuggling attacks and evading detection. Insikt Group recommends enhancing email security, flagging suspicious attachments, and implementing network monitoring to counter these threats. ### Meeting Takeaways … Read more

LLMs Raise Efficiency, Productivity of Cybersecurity Teams

December 5, 2024 at 04:16PM According to Dark Reading’s research, integrating LLM and GenAI into cybersecurity programs enhances efficiency in threat detection and boosts analyst productivity. Key benefits include faster report generation, proactive threat hunting, and improved incident response. Additionally, these tools optimize resources, reduce operational costs, and alleviate staffing pressures. ### Meeting Takeaways: 1. … Read more

Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges

December 5, 2024 at 04:08PM The Android RAT “DroidBot” features keylogging and data monitoring, targeting banks and organizations. Active since mid-2024, it’s linked to 17 affiliate groups and 77 attacks in Europe, with plans to expand into Latin America. Researchers warn its evolution into malware-as-a-service poses greater cybersecurity threats. ### Meeting Notes Takeaways: 1. **Emergence … Read more