July 3, 2024 at 03:16AM FakeBat, a widely distributed loader malware, mainly aims to download and execute next-stage payload, using methods like SEO poisoning. Offered as a service on underground forums, it’s designed to bypass security mechanisms. Different activity clusters disseminate FakeBat and it’s being used in various malware campaigns. The malware is sold under … Read more
June 28, 2024 at 02:04PM Microsoft’s corporate infrastructure hack by the Russian government continues to have far-reaching impact as it’s revealed that customers’ emails were also stolen by the Midnight Blizzard hackers. The company is notifying affected customers and providing a secure portal for them to review the compromised emails. The hacking group seems to … Read more
June 21, 2024 at 06:15AM A malvertising campaign is using fake websites to distribute backdoor malware disguised as popular software like Google Chrome and Microsoft Teams. The malware, called Oyster, can gather information, communicate with a command-and-control address, and execute remote code. This coincides with the emergence of a new phishing platform called ONNX Store. … Read more
June 12, 2024 at 11:08AM Microsoft has deprecated its DirectAccess remote access solution and recommends companies to transition to ‘Always On VPN’ for increased security and ongoing support. Always On VPN, introduced as a successor to DirectAccess, supports modern VPN protocols and is more flexible, requiring users to plan and execute a migration to avoid … Read more
May 14, 2024 at 08:30AM Cacti network monitoring framework has addressed a dozen security flaws, including critical vulnerabilities like arbitrary code execution via file write and command injection. These flaws impact all versions prior to 1.2.26 and have been fixed in version 1.2.27. Users are advised to update to the latest version promptly to mitigate … Read more
May 7, 2024 at 09:57AM The recent cyber attack on MITRE Corporation, disclosed last month, exploited two zero-day vulnerabilities to target its NERVE research network. The attackers utilized various web shells and backdoors to gain access and maintain control, including deploying a Golang backdoor and conducting data exfiltration. The attack, attributed to a China-nexus cyber … Read more
April 18, 2024 at 11:03AM Summary: Ukrainian government networks have been infected with OfflRouter malware since 2015, spreading through infected documents and USB media. The malware targets .DOC files and can modify Windows Registry. Its unusual propagation mechanism and coding mistakes indicate an inventive but inexperienced creator. The malware has been relatively contained within Ukraine. … Read more
April 7, 2024 at 05:37PM Windows 11 24H2 introduces Copilot improvements allowing control of settings directly through the AI window, and integration of Power Automate for file management. Voice Clarity feature extends to all PCs, and Sudo for Windows enables elevated command execution. Additionally, Microsoft Teams app undergoes a major revamp to support cross-platform usage, … Read more
April 2, 2024 at 11:43AM Russia’s Prosecutor General’s Office has indicted six men for card skimming crimes, involving using malware to steal payment card information from foreign online stores. The suspects are accused of bypassing website security, accessing databases, and selling the stolen card details on the dark web. Authorities advise using digital payment methods … Read more
February 29, 2024 at 07:09AM Threat hunters discovered a new Linux malware, GTPDOOR, designed for telecom networks near GPRS roaming exchanges. It uses GPRS Tunnelling Protocol for command-and-control communication. The backdoor is linked to known threat actor LightBasin targeting telecom sector for subscriber information theft. GTPDOOR allows contact with a compromised host and executing commands. … Read more