January 25, 2024 at 02:30AM CherryLoader, a new Go-based malware loader, has been discovered by threat hunters. It masquerades as the legitimate CherryTree note-taking application to trick victims. The loader delivers privilege escalation tools and can swap out exploits without recompiling code. Its distribution method is unknown, but it is contained in a RAR archive … Read more
January 23, 2024 at 09:08AM VexTrio, a traffic distribution system operator, manages over 70,000 domains to connect cybercriminals with compromised websites, facilitating scams, phishing, and malware. Infoblox characterizes it as the most widespread threat actor, infiltrating over half of monitored organizations. VexTrio evades detection using diverse tactics, making it hard for security companies to take … Read more
January 22, 2024 at 03:46PM ScarCruft, a North Korea-sponsored APT group, is preparing for targeted cyberattacks on threat intelligence professionals. They aim to steal nonpublic threat intel and enhance their offensive tactics. The innovative campaign involves using lure related to the Kimsuky APT group to target cybersecurity professionals, and the group is refining their malicious … Read more
January 22, 2024 at 12:06PM In December 2023, media organizations and North Korea experts were targeted by a cyber campaign orchestrated by the threat actor ScarCruft. This North Korea-linked group, also known as APT37, targeted individuals with malicious files, displaying a sophisticated and evolving approach. The attack is indicative of the group’s ongoing efforts to … Read more
January 20, 2024 at 10:16AM The 3AM ransomware operation is found to have connections with infamous groups like the Conti syndicate and the Royal ransomware gang. They are using new tactics such as sharing data leaks with victims’ social media followers and using bots to reply to high-ranking accounts on X. 3AM also tested a … Read more
January 19, 2024 at 11:57PM The U.S. CISA issued an emergency directive for Federal Civilian Executive Branch agencies to address actively exploited zero-day flaws in Ivanti Connect Secure and Policy Secure products. These vulnerabilities allow threat actors to execute commands and are being exploited, necessitating immediate mitigation. Ivanti is expected to release an update next … Read more
January 19, 2024 at 06:12AM The US security agency CISA warns of increasing exploitation of two Ivanti Connect Secure VPN vulnerabilities by a Chinese cyberespionage group, compromising over 2,100 devices belonging to various organizations. Additionally, a separate Ivanti product flaw is being exploited. Patches have been released with mitigations, but widespread exploitation continues, including new … Read more
January 17, 2024 at 04:59PM Intel 471, a leading cyber threat intelligence solutions provider, appoints Sonja Tsiridis as its new Chief Technology Officer. With over 20 years of experience, Sonja will lead the Global Engineering Organization, driving innovation in product and platform technology to further expand Intel 471’s unparalleled CTI capabilities worldwide. Learn more about … Read more
January 16, 2024 at 10:04AM Ivanti Connect Secure (ICS) VPN users are at risk if they have not applied recent vulnerability mitigation. Over 1,700 devices have been compromised due to successful exploits. The attacks have targeted a wide range of organizations globally. Users are advised to run Ivanti’s Integrity Checker Tool to detect compromises and … Read more
January 15, 2024 at 08:07PM Volexity discovered mass exploitation of two zero-day vulnerabilities affecting Ivanti’s Connect Secure VPN and Policy Secure NAC appliances. The attacks by multiple threat groups have targeted organizations worldwide, including Fortune 500 companies and government departments. Mitigation measures and a list of malicious tools used in the attacks have been provided. … Read more