Lucene search
K

1667 matches found

hivepro
hivepro
added 2022/03/25 4:5 a.m.454 views

Magic Hound Exploiting Old Microsoft Exchange ProxyShell Vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here APT35 aka Magic Hound, an Iranian-backed threat group, has begun using Microsoft Exchange ProxyShell vulnerabilities as an initial attack vector and to execute code through multiple web shells. The group has primarily targeted...

10CVSS0.9AI score0.99999EPSS
Exploits18
The Hacker News
The Hacker News
added 2022/03/23 11:59 a.m.33 views

Chinese 'Mustang Panda' Hackers Spotted Deploying New 'Hodur' Malware

A China-based advanced persistent threat APT known as Mustang Panda has been linked to an ongoing cyber espionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/23 10:3 a.m.24 views

New Variant of Chinese Gimmick Malware Targeting macOS Users

Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia. Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new...

0.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/22 3:44 p.m.16 views

8 Tips for Securing Networks When Time Is Scarce

"At this particular mobile army hospital, we're not concerned with the ultimate reconstruction of the patient. We only care about getting the kid out of here alive enough for someone else to put on the fine touches. We work fast and we're not dainty, because a lot of these kids who can stand 2...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/21 9:12 a.m.45 views

New Backdoor Targets French Entities via Open-Source Package Installer

Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems. Enterprise security firm Proofpoint attribute...

1.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/21 7:15 a.m.44 views

South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau

Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022. Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/18 4:52 a.m.53 views

New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers

ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. According to a new report published by Trend Micro, the botnet's...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/17 10:5 a.m.148 views

TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control

Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things IoT devices as a go-between for establishing communications with the command-and-control C2 servers. "By using MikroTik routers as proxy server...

9.1CVSS1AI score0.96087EPSS
Exploits23
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/03/17 12:0 a.m.16 views

Cyclops Blink Sets Sights on Asus Routers

This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control C&C servers of the Cyclops Blink botnet...

1.3AI score
Exploits0
Trellix
Trellix
added 2022/03/17 12:0 a.m.22 views

Suspected DarkHotel APT Activity Update

Suspected DarkHotel APT activity update One Hotel to rule them all, One Hotel to find them, One Hotel to bring them all and in the darkness bind them. By John Fokker · March 17, 2022 This story was also written by Thibault Seret Introduction: Our advanced threat research team has discovered a...

0.2AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/03/16 3:0 p.m.110 views

Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure

Trickbot, a sophisticated trojan that has evolved significantly since its discovery in 2016, has continually expanded its capabilities and, even with disruption efforts and news of its infrastructure going offline, it has managed to remain one of the most persistent threats in recent years. The...

6.4CVSS0.8AI score0.96087EPSS
Exploits23
Microsoft Secure
Microsoft Secure
added 2022/03/16 3:0 p.m.162 views

Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure

Trickbot, a sophisticated trojan that has evolved significantly since its discovery in 2016, has continually expanded its capabilities and, even with disruption efforts and news of its infrastructure going offline, it has managed to remain one of the most persistent threats in recent years. The...

6.4CVSS0.8AI score0.96087EPSS
Exploits23
hivepro
hivepro
added 2022/03/12 9:45 a.m.9 views

Mustang Panda targets European diplomats using enhanced PlugX backdoor

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2022/03/10 1:0 p.m.510 views

Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads

The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacki...

8.6AI score
Exploits0References6
The Hacker News
The Hacker News
added 2022/03/10 7:18 a.m.24 views

Emotet Botnet's Latest Resurgence Spreads to Over 100,000 Computers

The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. "While Emotet has not yet attained the same scale it once...

2.5AI score
Exploits0
CISA
CISA
added 2022/02/28 12:0 a.m.32 views

Broadcom Software Discloses APT Actors Deploying Daxin Malware in Global Espionage Campaign

Broadcom Software—an industry member of CISA’s Joint Cyber Defense Collaborative JCDC—uncovers an advanced persistent threat APT campaign against select governments and other critical infrastructure targets in a publication titled Daxin: Stealthy Backdoor Designed for Attacks Against Hardened...

6.8AI score
Exploits0References7
Malwarebytes
Malwarebytes
added 2022/02/24 3:38 p.m.17 views

Cyclops Blink malware: US and UK authorities issue alert

According to a joint security advisory published yesterday by US and UK cybersecurity and law enforcement agencies, a new malware called Cyclops Blink has surfaced to replace the VPNFilter malware attributed to the Sandworm group, which has always been seen as a Russian state-sponsored group...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/02/18 11:57 a.m.18 views

PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans

Numerous Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot. "PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot, and ...

2.4AI score
Exploits0
ThreatPost
ThreatPost
added 2022/02/17 5:28 p.m.57 views

Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators

There’s a new, still-under-development, Golang-based botnet called Kraken with a level of brawn that belies its youth: It’s using the SmokeLoader malware loader to spread like wildfire and is already raking in a tidy USD $3,000/month for its operators, researchers report. Though its name may soun...

9AI score
Exploits0References9
hivepro
hivepro
added 2022/02/17 8:28 a.m.28 views

BlackCat Ransomware group attacks on the rise

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Blackcat Ransomware gang also known as ALPHV has targeted around 25 organizations belonging to multiple sectors globally since November 2021. The group has claimed responsibility for the recent cyber attack on Swissport...

6.8AI score
Exploits0
Rows per page
Query Builder