Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

November 23, 2023 at 08:24AM Shipping-themed email messages are being used to distribute the WailingCrab malware. The malware consists of multiple components and is associated with the threat actor TA544. It prioritizes stealth and utilizes hacked websites and platforms like Discord for communication. The newer variants of the malware use the MQTT protocol for command-and-control, … Read more

Amid Military Buildup, China Deploys Mustang Panda in the Philippines

November 20, 2023 at 04:12PM Chinese APT group Mustang Panda, also known as Stately Taurus, has been conducting cyber espionage operations against high-profile government and government-adjacent organizations in the South Pacific, including the exploitation of a Philippine government entity. The group used a simple sideloading technique involving malicious ZIP files to compromise their targets. Unit … Read more

Saudi Arabia Arms Public Sector With Google Cloud Services

November 20, 2023 at 12:47PM Saudi Arabia has signed a deal with Google and Haboob, a cybersecurity service provider, to offer Chronicle CyberShield as a managed service for the nation’s public sector organizations. The deal also includes an AI-powered managed security monitoring service, incident response capabilities, and a government security operations center overseen by Haboob. … Read more

Leveraging Sandbox and Threat Intelligence Feeds to Combat Cyber Threats

November 20, 2023 at 03:08AM A proactive cybersecurity approach requires comprehensive information on threats and vulnerabilities. Malware sandboxes offer isolated environments to analyze malware, while threat intelligence feeds provide real-time information on threats. Combining these tools allows organizations to detect, analyze, and respond to threats more effectively, enhancing detection capabilities, reducing false positives, improving incident … Read more

Cybersecurity Investment Involves More Than Just Technology

November 17, 2023 at 03:18AM Organizations prioritize “high value for money” when allocating cybersecurity budgets, focusing on cybersecurity technologies, threat intelligence, risk assessment, cyber-insurance, and third-party risk management. While fewer organizations see technology as good value for money compared to the previous year, there is an awareness that technology investments require investment in governance and … Read more

BlackCat plays with malvertising traps to lure corporate victims

November 16, 2023 at 09:48AM ALPHV/BlackCat ransomware-as-a-service affiliates are resorting to malvertising campaigns to gain initial access to victims’ systems. They are using paid ads for popular business software like Slack and Cisco AnyConnect to trick corporate victims into downloading Nitrogen malware, which can then be used to deploy ransomware. eSentire’s Threat Response Unit has … Read more

Russian Hackers Launch ‘Largest Ever Cyber Attack’ on Danish Critical Infrastructure

November 16, 2023 at 01:18AM Russian threat actors are suspected of launching the largest cyber attack on Danish critical infrastructure in May 2023. The attack targeted 22 energy sector companies and was coordinated and successful. Evidence suggests the involvement of Russia’s GRU military intelligence agency. The attacks exploited a critical command injection flaw in Zyxel … Read more

Zero-Days in Edge Devices Become China’s Cyber Warfare Tactic of Choice

November 14, 2023 at 03:31PM Chinese state-sponsored actors have become adept at exploiting zero-day vulnerabilities to conduct espionage, posing a significant and persistent threat to global organizations. Recent reports indicate that these actors are increasingly targeting public-facing devices, including firewalls, hypervisors, and email security tools. The success of these attacks is facilitated by threat sharing … Read more

New Campaign Targets Middle East Governments with IronWind Malware

November 14, 2023 at 05:21AM Middle Eastern government entities are under attack from phishing campaigns deploying a new initial access downloader called IronWind. The campaigns, attributed to the threat actor TA402, have been active between July and October 2023. TA402, also known as Molerats, Gaza Cyber Gang, and APT-C-23, is a Middle Eastern APT group … Read more

Azerbaijan Agencies Sign Cyber-Partner Deals

November 13, 2023 at 01:30PM Azerbaijan and Turkmenistan have signed a memorandum of understanding (MOU) to cooperate on cybersecurity issues, particularly in the field of information security. The specific details of the agreement were not disclosed. This partnership follows reports of targeted attacks on Azerbaijani businesses and Israel’s assistance in training cyber specialists. Similar collaborations … Read more