Lucene search
K

1667 matches found

Securelist
Securelist
added 2022/08/25 1:0 a.m.23 views

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky also known as Thallium, Black Banshee and Velvet Chollima is a prolific and active threat actor primarily targeting Korea-related entities. Like other sophisticated adversaries, this group also updates its tools very quickly. In early 2022, we observed this group was attacking the media a...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/24 5:59 p.m.56 views

Crypto Miners Using Tox P2P Messenger as Command and Control Server

Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format ELF artifact "72client"...

7.5AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/08/24 4:0 p.m.29 views

Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks

Microsoft has observed the Sliver command-and-control C2 framework now being adopted and integrated in intrusion campaigns by nation-state threat actors, cybercrime groups directly supporting ransomware and extortion, and other threat actors to evade detection. We’ve seen these actors use Sliver...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/19 2:4 p.m.54 views

DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities

The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previousl...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2022/08/17 3:7 p.m.110 views

APT Lazarus Targets Engineers with macOS Malware

North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign targeting engineers with a fake job posting that attempt to spread macOS malware. The malicious Mac executable used in the campaign targets both Apple and Intel chip-based systems. The campaign, identified by...

7AI score
Exploits0References11
The Hacker News
The Hacker News
added 2022/08/16 6:36 a.m.47 views

Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware

Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as...

2.5AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/11 6:0 p.m.45 views

Threat Source newsletter (Aug. 11, 2022) — All of the things-as-a-service

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Everyone seems to want to create the next “Netflix” of something. Xbox’s Game Pass is the “Netflix of video games.” Rent the Runway is a “Netflix of fashion” where customers subscribe to a rotation of fancy clothes. A...

9.6AI score0.6798EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/08/08 1:55 p.m.54 views

New Orchard Botnet Uses Bitcoin Founder's Account Info to Generate Malicious Domains

A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto's account transaction information to generate domain names to conceal its command-and-control C2 infrastructure. "Because of the uncertainty of Bitcoin transactions, this technique is more unpredictable than using...

0.3AI score
Exploits0
hivepro
hivepro
added 2022/08/05 8:15 a.m.17 views

Manjusaka – Cybercriminal’s new attack framework weapon

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Manjusaka is a new attack framework that mimics Cobalt Strike and Sliver. The new malware family implants are written in the Rust programming language and are compatible with Windows and Linux. The command and...

2.4AI score
Exploits0
CNNVD
CNNVD
added 2022/08/03 12:0 a.m.3 views

TripleCross 安全漏洞

TripleCross is a Linux eBPF rootkit with backdoor, C2, library injection, execution hijacking, persistence, and steganography from the individual developer Marcos Bajo in Spain. A security vulnerability exists in TripleCross version v0.1.0, which stems from a segmentation fault that occurs when...

7.5CVSS7.5AI score0.00767EPSS
Exploits1References2
Talos Blog
Talos Blog
added 2022/08/02 12:0 p.m.60 views

Manjusaka: A Chinese sibling of Sliver and Cobalt Strike

By Asheer Malhotra and Vitor Ventura. Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants...

Exploits0
The Hacker News
The Hacker News
added 2022/07/27 10:28 a.m.41 views

New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts

Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation. "The threat actor targets individuals and employees that may have access to a Facebook Business account wit...

1.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/21 12:2 p.m.83 views

Hackers Target Ukrainian Software Company Using GoMet Backdoor

A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "uncommon" piece of malware, new research has found. The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known ...

10CVSS1.5AI score0.99999EPSS
Exploits69
hivepro
hivepro
added 2022/07/13 12:22 p.m.7 views

HavanaCrypt ransomware spreads through fake google updates

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary HavanaCrypt is a new ransomware that distinguishes itself as a Google software update. It evades detection using a Microsoft web hosting service IP address as the command and control C&C server...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/01 5:36 a.m.242 views

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence...

9.8CVSS0.6AI score0.99999EPSS
Exploits110
Malwarebytes
Malwarebytes
added 2022/06/30 3:35 p.m.19 views

ZuoRAT is a sophisticated malware that mainly targets SOHO routers

Researchers have analysed a campaign leveraging infected SOHO routers to target predominantly North American and European networks of interest. The so-called ZuoRAT campaign, which very likely started in 2020, is so sophisticated that the researchers suspect that there is a state sponsored threat...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/28 7:56 a.m.51 views

New Android Banking Trojan 'Revive' Targeting Users of Spanish Financial Services

A previously unknown Android banking trojan has been discovered in the wild, targeting users of the Spanish financial services company BBVA. Said to be in its early stages of development, the malware — dubbed Revive by Italian cybersecurity firm Cleafy — was first observed on June 15, 2022 and...

1.5AI score
Exploits0
Trellix
Trellix
added 2022/06/20 12:0 a.m.29 views

Trellix Global Defenders: Defending against Cyber Espionage Campaigns – Operation Graphite

Trellix Global Defenders: Defending against Cyber Espionage Campaigns – Operation Graphite By Ben Marandel, Arnab Roy · June 20, 2022 Cyber Espionage campaigns by nature are targeted attacks that can go undetected for prolonged periods of time. Cyber Espionage campaigns often involve adversaries...

8.8CVSS9.4AI score0.96843EPSS
Exploits38
ThreatPost
ThreatPost
added 2022/06/17 1:34 p.m.79 views

China-linked APT Flew Under Radar for Decade

Researchers have identified a small yet potent China-linked APT that has flown under the radar for nearly a decade running campaigns against government, education and telecommunication organizations in Southeast Asia and Australia. Researchers from SentinelLabs said the APT, which they dubbed Aoq...

9.3CVSS7.5AI score0.99966EPSS
Exploits25References1
The Hacker News
The Hacker News
added 2022/06/08 8:20 a.m.35 views

U.S. Agencies Warn About Chinese Hackers Targeting Telecoms and Network Service Providers

U.S. cybersecurity and intelligence agencies have warned about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private sector organizations since at least 2020. The widespread intrusion campaigns aim to exploit publicly identified security flaws i...

0.4AI score
Exploits0
Rows per page
Query Builder