IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny – while the use of some malware families is reported for decades, information about others disappears after days, months or several...

IT threat evolution Q3 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations...

Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw

A hacking group that leveraged a recently disclosed security flaw in the WinRAR software as a zero-day has now been categorized as an entirely new advanced persistent threat APT. Cybersecurity company NSFOCUS has described DarkCasino as an "economically motivated" actor that first came to light i...

CISA Log4Shell warning: Patch VMware Horizon installations immediately

CISA and the United States Coast Guard Cyber Command CGCYBER are warning that the threat of Log4Shell hasnt gone away. Its being actively exploited and used to target organisations using VMware Horizon and Unified Access Gateway servers. Log4Shell: what is it? Log4Shell was a zero-day vulnerabili...

Emotet fixes bug in code, resumes spam campaign

Emotet threat actors resumed their email spam campaign on Monday after stopping it late last week to fix a bug. The bug—a flaw in how Emotet is installed onto a system after a victim opens a malicious email attachment—forced the actors to prematurely halt their campaign. Sample email of an Emotet...

Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms

Details have emerged about a new cyber espionage campaign directed against the aerospace and telecommunications industries, primarily in the Middle East, with the goal of stealing sensitive information about critical assets, organizations' infrastructure, and technology while remaining in the dar...

Attackers Targeting Fortinet Devices and SAP Applications

The following blog was co-authored by Caitlin Condon and Bob Rudis, also known in his own words as “some caveman from Maine.” Last week, the U.S. Cybersecurity and Infrastructure Security Agency CISA and the FBI published a joint alert to warn users that APT threat actors were likely exploiting...

Advanced Threat predictions for 2021

Trying to make predictions about the future is a tricky business. However, while we dont have a crystal ball that can reveal the future, we can try to make educated guesses using the trends that we have observed over the last 12 months to identify areas that attackers are likely to seek to exploi...

Google Firebase cloud messaging abused to spread Android malware

By Waqas Dubbed Firestarter by researchers; the Android malware campaign is exploiting the Kashmir issue between India and Pakistan but its target remains the Pakistani government, noted Cisco Talos researchers. Cisco Talos researchers have discovered that the APT threat group DoNot exploits...

Platinum APT Shines Up New Titanium Backdoor

APT threat group Platinum has a shiny new plaything: A custom trojan backdoor dubbed Titanium. The backdoor’s name, aside from keeping with the silvery metal theme, comes from password to one of the self-executable archives found in the code. According to Kaspersky researchers who analyzed the...

Shikata Ga Nai Encoder Still Going Strong

One of the most popular exploit frameworks in the world is Metasploit. Its vast library of pocket exploits, pluggable payload environment, and simplicity of execution makes it the de facto base platform. Metasploit is used by pentesters, security enthusiasts, script kiddies, and even malicious...

IT threat evolution Q1 2019

Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor's past behaviour, ...

Tracking Tick Through Recent Campaigns Targeting East Asia

This blog post is authored by Ashlee Benge and Jungsoo An, with contributions from Dazhuo Li. Summary Since 2016, an advanced threat group that Cisco Talos is tracking has carried out cyberattacks against South Korea and Japan. This group is known by several different names: Tick, Redbaldknight a...

Ghosts in the Endpoint

We would like to introduce the first of our “Ghosts in the Endpoint” series, a report prepared by FireEye Labs that documents malicious software not being detected in the wild by traditional signature-based detections. In this study, all the families identified are samples from VirusTotal VT with...

After hack, RSA Release Open Letter to RSA Customers !

Just now Top security firm RSA Security revealed by extremely sophisticated hack, Read complete Story here - Now, RSA Release Open Letter to RSA Customers, as given below : Like any large company, EMC experiences and successfully repels multiple cyber attacks on its IT infrastructure every day...