DarkGate, the evil Swiss Army knife of malware, sees boom after rival Qbot crushed

July 15, 2024 at 08:19PM The DarkGate malware has become more prevalent after a competitor was taken down by the FBI. Its developer, named RastaFarEye, designed the malware for keylogging, data and credential theft, remote access, and ransomware deployment. Infections are achieved through social engineering, phishing, and compromised websites. The malware’s flexibility and numerous infection … Read more

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

July 1, 2024 at 08:06AM OpenSSH has issued security updates for a critical flaw enabling unauthenticated remote code execution with root privileges in glibc-based Linux systems. Dubbed CVE-2024-6387, the race condition bug affects versions 8.5p1 to 9.7p1, potentially leading to full system compromise. Users are urged to apply the latest patches and enforce network-based controls … Read more

New Nork-ish cyberespionage outfit uncovered after three years

May 31, 2024 at 11:33AM Researchers uncovered a new cybercrime group, LilacSquid, exhibiting espionage-focused behavior akin to other North Korean state-sponsored groups. LilacSquid has targeted organizations in the US, Europe, and Asia, successfully breaching software, oil and gas, and pharmaceutical companies. The group deploys customized malware, including the heavily obfuscated PurpleInk, to evade detection. From … Read more

Hacker Conversations: Kevin O’Connor, From Childhood Hacker to NSA Operative

April 16, 2024 at 09:00AM Kevin O’Connor, a former high school hacker turned NSA employee and director at Adlumin, reflects on the nature versus nurture debate within hacking. Hacking may be innate, but ethical boundaries and moral compass are influenced by nurture. Positive intervention and nurturing environments can guide hackers like O’Connor to use their … Read more

Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users

April 15, 2024 at 05:15AM Cybersecurity researchers discovered a new cyber espionage campaign named “F_Warehouse” targeting South Asian users with an Apple iOS spyware implant, LightSpy. The malware-steals sensitive data and communicates with a server pointing to Chinese involvement, possibly state-sponsored. Apple issued threat notifications to users in 92 countries, including India. BlackBerry warns of … Read more

RubyCarp: Insights Into the Longevity of a Romanian Cybercriminal Gang

April 12, 2024 at 11:36AM The Sysdig Threat Research Team has discovered a longstanding Romanian cybercriminal group named RubyCarp, operating discreetly for at least a decade. The group’s distinct activities and tool suite have been unveiled, shedding light on its cryptomining and credential phishing focus. Despite its low profile, Sysdig has accessed the group, provoking … Read more

TA547 Uses an LLM-Generated Dropper to Infect German Orgs

April 10, 2024 at 03:12PM Proofpoint researchers observed a malicious campaign targeting multiple organizations in Germany, featuring an AI-generated malware dropper. While this development may signal future threats, it’s reassuring that defenses against malware remain consistent, and human expertise still outpaces AI in writing malicious code. The use of AI in cyberattacks presents more of … Read more

RUBYCARP hackers linked to 10-year-old cryptomining botnet

April 9, 2024 at 11:37AM The RUBYCARP botnet, operated by a Romanian group, is exploiting vulnerabilities and conducting brute force attacks to compromise corporate networks for financial gain. Managed through private IRC channels, the botnet runs over 600 compromised servers, using Perl-based payloads for attacks with low detection rates. It has been active for over … Read more

Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time

February 20, 2024 at 06:27AM In 2023, the Scattered Spider threat group conducted impactful ransomware attacks on major financial institutions. Silverfort’s threat research team responded with a real-time playbook. A webinar will detail their response to the attack, focusing on key response goals and insights into addressing various dimensions of lateral movement. Limited spots are … Read more

RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job Offers

February 16, 2024 at 09:45AM Cryptocurrency companies are targeted by a new Apple macOS backdoor called RustDoor, distributed as a Visual Studio update and used in targeted attacks. Its components include first-stage downloaders masquerading as job offering PDFs, Golang-based binaries, and leaky endpoint revealing infected victims’ details. Meanwhile, a South Korean IT organization affiliated with … Read more