September 5, 2024 at 04:15AM Cisco Talos has discovered that threat actors may be using MacroPack, a payload generation framework, to distribute malware. The malicious documents are observed to have bypassed anti-malware detections and follow a three-step attack chain. The attackers are utilizing sophisticated techniques and diverse lure themes, suggesting the involvement of distinct threat … Read more
May 6, 2024 at 02:06PM Google unveiled new threat-intel and security operations products, leveraging AI and Mandiant assets to enhance enterprise cybersecurity. With Gemini AI, Google Threat Intelligence offers breach forensics expertise and malware scanning. Google Security Operations employs generative AI to simplify threat detection and provides features like Investigation Assistant and Playbook Assistant to … Read more
April 18, 2024 at 11:03AM Summary: Ukrainian government networks have been infected with OfflRouter malware since 2015, spreading through infected documents and USB media. The malware targets .DOC files and can modify Windows Registry. Its unusual propagation mechanism and coding mistakes indicate an inventive but inexperienced creator. The malware has been relatively contained within Ukraine. … Read more
December 28, 2023 at 04:20PM The popular Slay the Spire fan expansion, Downfall, was breached on Christmas Day, distributing the Epsilon information stealer malware via the Steam update system. The compromised package was a prepackaged standalone modified version of the game and not a mod installed via Steam Workshop. The attackers gained control of the … Read more
November 22, 2023 at 03:06PM Experts say that web shells, which are easy-to-use tools used to issue commands to compromised servers, are becoming more popular among attackers. The use of web shells such as WSO-NG and others by ransomware gangs and in mass exploitation campaigns has been observed. Web shells are difficult to detect and … Read more
November 21, 2023 at 10:56AM VirusTotal, a cybersecurity intelligence website, has integrated IP address and URL scans from Criminal IP, a Cyber Threat Intelligence search engine. VirusTotal aggregates data from antivirus engines, website scanners, and user contributions to enhance internet safety. Criminal IP specializes in aggregating threat data related to IP and domain addresses and … Read more
October 30, 2023 at 12:59PM A new malware called BiBi-Linux is targeting Linux systems of Israeli companies to destroy data. It does not drop a ransom note or establish communication with attackers. The malware overwrites files with useless data, damaging both the data and the operating system. It can wipe an entire device if run … Read more