July 1, 2024 at 08:06AM OpenSSH has issued security updates for a critical flaw enabling unauthenticated remote code execution with root privileges in glibc-based Linux systems. Dubbed CVE-2024-6387, the race condition bug affects versions 8.5p1 to 9.7p1, potentially leading to full system compromise. Users are urged to apply the latest patches and enforce network-based controls … Read more
May 31, 2024 at 11:33AM Researchers uncovered a new cybercrime group, LilacSquid, exhibiting espionage-focused behavior akin to other North Korean state-sponsored groups. LilacSquid has targeted organizations in the US, Europe, and Asia, successfully breaching software, oil and gas, and pharmaceutical companies. The group deploys customized malware, including the heavily obfuscated PurpleInk, to evade detection. From … Read more
April 16, 2024 at 09:00AM Kevin O’Connor, a former high school hacker turned NSA employee and director at Adlumin, reflects on the nature versus nurture debate within hacking. Hacking may be innate, but ethical boundaries and moral compass are influenced by nurture. Positive intervention and nurturing environments can guide hackers like O’Connor to use their … Read more
April 15, 2024 at 05:15AM Cybersecurity researchers discovered a new cyber espionage campaign named “F_Warehouse” targeting South Asian users with an Apple iOS spyware implant, LightSpy. The malware-steals sensitive data and communicates with a server pointing to Chinese involvement, possibly state-sponsored. Apple issued threat notifications to users in 92 countries, including India. BlackBerry warns of … Read more
April 12, 2024 at 11:36AM The Sysdig Threat Research Team has discovered a longstanding Romanian cybercriminal group named RubyCarp, operating discreetly for at least a decade. The group’s distinct activities and tool suite have been unveiled, shedding light on its cryptomining and credential phishing focus. Despite its low profile, Sysdig has accessed the group, provoking … Read more
April 10, 2024 at 03:12PM Proofpoint researchers observed a malicious campaign targeting multiple organizations in Germany, featuring an AI-generated malware dropper. While this development may signal future threats, it’s reassuring that defenses against malware remain consistent, and human expertise still outpaces AI in writing malicious code. The use of AI in cyberattacks presents more of … Read more
April 9, 2024 at 11:37AM The RUBYCARP botnet, operated by a Romanian group, is exploiting vulnerabilities and conducting brute force attacks to compromise corporate networks for financial gain. Managed through private IRC channels, the botnet runs over 600 compromised servers, using Perl-based payloads for attacks with low detection rates. It has been active for over … Read more
February 20, 2024 at 06:27AM In 2023, the Scattered Spider threat group conducted impactful ransomware attacks on major financial institutions. Silverfort’s threat research team responded with a real-time playbook. A webinar will detail their response to the attack, focusing on key response goals and insights into addressing various dimensions of lateral movement. Limited spots are … Read more
February 16, 2024 at 09:45AM Cryptocurrency companies are targeted by a new Apple macOS backdoor called RustDoor, distributed as a Visual Studio update and used in targeted attacks. Its components include first-stage downloaders masquerading as job offering PDFs, Golang-based binaries, and leaky endpoint revealing infected victims’ details. Meanwhile, a South Korean IT organization affiliated with … Read more
February 14, 2024 at 07:29AM The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in campaigns targeting financial market traders. The vulnerability has been patched by Microsoft, and it was discovered and disclosed by the Trend Micro Zero Day Initiative. Water Hydra has used sophisticated methods to bypass SmartScreen and … Read more