America's Army Security Vulnerabilities
Russia Creates Malware False-Flag App
The Russian hacking group Turla released an Android app that seems to aid Ukrainian hackers in their attacks against Russian networks. It's actually malware, and provides information back to the Russians: The hackers pretended to be a "community of free people around the world who are fighting...
1.5AI Score
Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia" — The Hacker News
Russian threat actors capitalized on the ongoing conflict against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service (DDoS) attacks against Russian sites. Google Threat Analysis Group (TAG) attributed the malware to...
7.8CVSS
0.8AI Score
0.962EPSS
Fedora: Security Advisory for bettercap (FEDORA-2022-3969b64d4b)
The remote host is missing an update for...
9.1CVSS
8.9AI Score
0.005EPSS
[SECURITY] Fedora 35 Update: bettercap-2.32.0-4.fc35
The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM...
9.1CVSS
9AI Score
0.005EPSS
Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign
This blog was authored by Roberto Santos and Hossein Jazi The Malwarebytes Threat Intelligence team recently reviewed a series of cyber attacks against Ukraine that we attribute with high confidence to UAC-0056 (AKA UNC2589, TA471). This threat group has repeatedly targeted the government entities....
-0.4AI Score
Fedora: Security Advisory for bettercap (FEDORA-2022-fae3ecee19)
The remote host is missing an update for...
9.1CVSS
8.9AI Score
0.005EPSS
British Military’s Twitter and YouTube Accounts Hacked to Scam Crypto Users
By Deeba Ahmed The British Army has confirmed the breaching of its Twitter and YouTube accounts. On Sunday, July 3rd, the… This is a post from HackRead.com Read the original post: British Military’s Twitter and YouTube Accounts Hacked to Scam Crypto...
2AI Score
[SECURITY] Fedora 36 Update: bettercap-2.32.0-4.fc36
The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM...
9.1CVSS
9AI Score
0.005EPSS
Five Ways Cyber Attackers Leverage Bad Bots to Commit Automated Fraud
The accelerated shift to digital payments has made online fraud more prevalent than ever, as losses from it are expected to exceed $206 billion over the next five years, driven by identity fraud, fake accounts, and payment fraud. Catalyzed by the pandemic, the shift gained substantial traction in.....
0.7AI Score
Growling Bears Make Thunderous Noise
Growling Bears Make Thunderous Noise By Trellix · June 6, 2022 Per public attribution, Russian cybercriminal groups have always been active. Their tactics, techniques, and procedures (TTPs) have not significantly evolved over time, although some changes have been observed. Lately, the threat...
0.1AI Score
Growling Bears Make Thunderous Noise
Growling Bears Make Thunderous Noise By Trellix · June 6, 2022 Per public attribution, Russian cybercriminal groups have always been active. Their tactics, techniques, and procedures (TTPs) have not significantly evolved over time, although some changes have been observed. Lately, the threat...
7.2AI Score
3 ways DNS filtering can save SMBs from cyberattacks
If you’re an SMB, chances are that you’re already well-aware of the fact that cyber threats can wreak havoc on your business. Everything from rootkits to ransomware threaten not just financial losses, but also significant network downtime and reputational damage as well. Couple this with the fact.....
-0.3AI Score
Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy
In April 2022 it was reported that pro-Russian hacktivist group, KILLNET, carried out a series of Distributed Denial of Service (DDoS) attacks against a number of websites including the United Nations (UN), The Organization for Security and Cooperation (OSCE) an organization founded in Finland,...
0.8AI Score
Bad Bots and the Commoditization of Online Fraud
Fraudsters will stop at nothing to exploit your websites and customers, and with the accelerated shift to digital payments, online fraud has never been more profitable. This shift, catalyzed by the pandemic, really gained traction in 2021 as the popularity of digital payments exploded. In fact,...
AI Score
Fronton IOT Botnet Packs Disinformation Punch
A fresh look at the Fronton DDoS-focused botnet reveals the criminal tool has more capabilities than previously known. The Fronton botnet first made the headline in March 2020. That is when, according to news reports, a hacktivist group called Digital Revolution said it obtained documents claiming....
1.4AI Score
Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns
Fronton, a distributed denial-of-service (DDoS) botnet that came to light in March 2020, is much more powerful than previously thought, per the latest research. "Fronton is a system developed for coordinated inauthentic behavior on a massive scale," threat intelligence firm Nisos said in a report.....
1AI Score
When Your Smart ID Card Reader Comes With Malware
Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder's appropriate security level. But many government...
-0.6AI Score
Evaluation of cyber activities and the threat landscape in Ukraine
Introduction When the war in Ukraine broke out, many analysts were surprised to discover that what was simultaneously happening in the cyber domain did not match their predictions[1]. Since the beginning of the fighting, new cyberattacks taking place in Ukraine have been identified every week,...
-0.1AI Score
Ahead of the Anti-Ransomware Day, we summarized the tendencies that characterize ransomware landscape in 2022. This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop....
-0.2AI Score
Fedora: Security Advisory for bettercap (FEDORA-2022-08ae2dd481)
The remote host is missing an update for...
7.5CVSS
10AI Score
0.003EPSS
Zi - A Swiss Army Knife for Zsh - Unix Shell
A Swiss Army Knife for Zsh - Unix Shell. Roadmap See the open issues for a list of proposed features (and known issues). Top Feature Requests (Add your votes using the reaction) * Top issues (Add your votes using the reaction) * Newest issues Contributing First off, thanks for taking...
1.7AI Score
[SECURITY] Fedora 36 Update: bettercap-2.28-9.fc36
The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM...
7.5CVSS
10AI Score
0.003EPSS
DDoS Attacks by Hacktivists Disrupted Russian Alcohol Supply Chain
By Deeba Ahmed Attackers from the Ukrainian IT army successfully disrupted alcohol shipments in Russia by targeting EGAIS, the country’s primary… This is a post from HackRead.com Read the original post: DDoS Attacks by Hacktivists Disrupted Russian Alcohol Supply...
4.1AI Score
VHD Ransomware Linked to North Korea’s Lazarus Group
Cryptocurrency thief Lazarus Group appears to be widening its scope into using ransomware as a way to rip off financial institutions and other targets in the Asia-Pacific (APAC) region, researchers have found. Financial transactions and similarities to previous malware in its source code link a...
0.3AI Score
Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers
A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various...
1.2AI Score
Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector
A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX. Cybersecurity firm SentinelOne tied the intrusions to an actor it tracks under the name "Moshen Dragon," with tactical overlaps...
1AI Score
The Hermit Kingdom’s Ransomware Play
The Hermit Kingdom’s Ransomware play By Trellix · May 3, 2022 (With a special thanks to @ValidHorizon who helped and shared information) In February 2016, news broke about what is now known as the ‘Bangladesh Bank Heist’. Hackers attempted to transfer nearly one billion USD through the SWIFT...
7.6AI Score
The Hermit Kingdom’s Ransomware Play
The Hermit Kingdom’s Ransomware play By Trellix · May 3, 2022 (With a special thanks to @ValidHorizon who helped and shared information) In February 2016, news broke about what is now known as the ‘Bangladesh Bank Heist’. Hackers attempted to transfer nearly one billion USD through the SWIFT...
0.9AI Score
Fedora: Security Advisory for bettercap (FEDORA-2022-3a63897745)
The remote host is missing an update for...
7.5CVSS
10AI Score
0.003EPSS
Fedora: Security Advisory for bettercap (FEDORA-2022-5cbd6de569)
The remote host is missing an update for...
7.5CVSS
10AI Score
0.003EPSS
[SECURITY] Fedora 34 Update: bettercap-2.28-9.fc34
The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM...
7.5CVSS
10AI Score
0.003EPSS
[SECURITY] Fedora 35 Update: bettercap-2.28-9.fc35
The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM...
7.5CVSS
10AI Score
0.003EPSS
Elon Musk-themed cryptocurrency scam uses fake Medium as the promotion site
So Elon Musk is buying Twitter, and you can be sure that scammers are making the most of this news. As Elon Musk spends most of the week in the headlines, so pop up Elon Musk-themed scams—and it looks like they may be ramping up. We witnessed a flurry of replies from the man himself in response...
-0.4AI Score
Russia Is Being Hacked at an Unprecedented Scale
From “IT Army” DDoS attacks to custom malware, the country has become a target like never...
2.3AI Score
News overview The DDoS landscape in Q1 2022 was shaped by the ongoing conflict between Russia and Ukraine: a significant part of all DDoS-related news concerned these countries. In mid-January, the website of Kyiv Mayor Vitali Klitschko was hit by a DDoS attack, and the websites of a number of...
0.3AI Score
Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Systems
The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil...
3.1AI Score
Chinese Hacker Groups Continue to Target Indian Power Grid Assets
China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to...
0.7AI Score
Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine
Microsoft on Thursday disclosed that it obtained a court order to take control of seven domains used by APT28, a state-sponsored group operated by Russia's military intelligence service, with the goal of neutralizing its attacks on Ukraine. "We have since re-directed these domains to a sinkhole...
0.4AI Score
Hackers Increasingly Using 'Browser-in-the-Browser' Technique in Ukraine Related Attacks
A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which masquerades as a legitimate...
7.8CVSS
0.5AI Score
0.969EPSS
Ukraine shuts down disinformation bot farm
Given current world events, there’s an incredible amount of misinformation and disinformation around at the moment. Whether we’re talking 5G, the pandemic, vaccines, or invasions, there’s a lot out there. One of the biggest problems where bad information placed online is concerned is bot farms. A.....
-0.4AI Score
Weekly Threat Digest: 21 – 27 March 2022
For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 340 10 5 53 24 84 The fourth week of March 2022 witnessed the discovery of 340 vulnerabilities out of which 10...
10CVSS
AI Score
0.975EPSS
Anti-war open-source software developer targets Russians and Belarussians with “protestware”
Russia is in the midst of its fourth week of attack against Ukraine. People worldwide have been increasingly and passionately showing support for Ukrainians since day one while condemning the atrocities of Russian President Vladimir Putin, the Russian military, and Belarus, its allied country....
9.8CVSS
0.4AI Score
0.008EPSS
8 Tips for Securing Networks When Time Is Scarce
"At this particular mobile army hospital, we're not concerned with the ultimate reconstruction of the patient. We only care about getting the kid out of here alive enough for someone else to put on the fine touches. We work fast and we're not dainty, because a lot of these kids who can stand 2...
-0.4AI Score
Ukraine Secret Service Arrests Hacker Helping Russian Invaders
The Security Service of Ukraine (SBU) said it has detained a "hacker" who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory. The anonymous suspect is said to have broadcasted text messages to Ukrainian officials,...
0.8AI Score
Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers
Looking to cyber-hassle Russia, Ukrainian sympathizers? Be careful — malware is making the rounds, disguised as a pro-Ukraine cyber-tool that will turn around and bite you instead, researchers are warning. In a Wednesday threat advisory, Cisco Talos described a campaign it’s observed in which a...
10CVSS
AI Score
0.976EPSS
It is a Code Scanning/SAST/Static Analysis/Linting solution using many tools/Scanners with One Report. You can also add any tool to it. Currently, it supports many languages and tech stacks. Similar to SonarQube, but it is different. _Fig. 1 Scanmycode...
-0.2AI Score
Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks
A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine. Google's Threat Analysis Group (TAG) said it took down two Blogspot domains that were used.....
AI Score
When fake dating profiles try the military approach
I’ve run into many romance scams over the years. You’ll find them lurking on social media, instant messaging, chatrooms/forums, and many more besides. They’re particularly popular during times of war or natural disaster, as they often dovetail into donation and charity scams. The icing on the cake....
AI Score
Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks
Cybersecurity company Imperva on Friday said it recently mitigated a ransom distributed denial-of-service (DDoS) attack targeting an unnamed website that peaked at 2.5 million requests per second (RPS). "While ransom DDoS attacks are not new, they appear to be evolving and becoming more...
9.1CVSS
0.8AI Score
0.975EPSS
Russia-Ukraine Cybersecurity Updates
Cyberattacks are a distinct concern in the Russia-Ukraine conflict, with the potential to impact individuals and organizations far beyond the physical frontlines. With events unfolding rapidly, we want to provide a single channel by which we can communicate to the security community the major...
8.8CVSS
0.4AI Score
0.967EPSS