Lucene search
K

18 matches found

The Hacker News
The Hacker News
added 2024/05/17 8:46 a.m.11 views

Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

The Kimsuky aka Springtail advanced persistent threat APT group, which is linked to North Korea's Reconnaissance General Bureau RGB, has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is...

8.1AI score
Exploits0
Trellix
Trellix
added 2023/09/01 12:0 a.m.15 views

ICYMI: Emotet Reappeared Early This Year, Unfortunately

ICYMI: Emotet Reappeared Early This Year, Unfortunately By Adithya Chandra and Joao Marques · September 1, 2023 This blog was also written by Raghav Kapoor Executive Summary Emotet first appeared in 2014 and continues to be a dangerous and resilient malware, despite attempts by law enforcement...

7.7AI score
Exploits0
Securelist
Securelist
added 2023/05/23 8:0 a.m.41 views

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far as we know, has not been publicly described. We...

8.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/12/02 4:0 p.m.28 views

SideCopy APT: Connecting lures to victims, payloads to infrastructure

This blog post was authored by Hossein Jazi and the Threat Intelligence Team. Last week, Facebook announced that back in August it had taken action against a Pakistani APT group known as SideCopy. Facebook describes how the threat actors used romantic lures to compromise targets in Afghanistan. I...

0.2AI score
Exploits0
Securelist
Securelist
added 2021/07/14 10:0 a.m.60 views

LuminousMoth APT: Sweeping attacks for the chosen few

APT actors are known for the frequently targeted nature of their attacks. Typically, they will handpick a set of targets that in turn are handled with almost surgical precision, with infection vectors, malicious implants and payloads being tailored to the victims identities or environment. Its no...

0.5AI score
Exploits0
CISA
CISA
added 2021/02/05 12:0 a.m.37 views

NCIJTF Releases Ransomware Factsheet

The National Cyber Investigative Joint Task Force NCIJTF has released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques. The Ransomware Factsheet was developed by an interagency group of subject matter experts...

6.6AI score
Exploits0References4
Kitploit
Kitploit
added 2020/07/10 12:30 p.m.28 views

GIVINGSTORM - Infection Vector That Bypasses AV, IDS, And IPS

The beginnings of a C2 framework. Currently without all the C2 stuff so far. Generates a dual stage VBS infection vector, and a dual stage HTA infection vector. The variables take into account C2 addresses, Koadic/Empire payloads, and a few delivery mechanisms. The payload files are output to an...

7.2AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2020/04/09 5:5 p.m.64 views

APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure

The coronavirus COVID-19 has become a global pandemic, and this is a golden time for attackers to take advantage of our collective fear to increase the likelihood of successful attack. True to form, they've been doing just that: performing spam and spear phishing campaigns using coronavirus as a...

0.2AI score
Exploits0
FireEye
FireEye
added 2020/03/16 12:0 a.m.16 views

They Come in the Night: Ransomware Deployment Trends

Ransomware is a remote, digital shakedown. It is disruptive and expensive, and it affects all kinds of organizations, from cutting edge space technology firms, to the wool industry, to industrial environments. Infections have forced hospitals to turn away patients and law enforcement to drop case...

1.2AI score
Exploits0References12
Talos Blog
Talos Blog
added 2019/12/20 12:23 p.m.78 views

Incident Response lessons from recent Maze ransomware attacks

By JJ Cummings and Dave Liebenberg This year, we have been flooded with reports of targeted ransomware attacks. Whether it's a city, hospital, large- or medium-sized enterprise — they are all being targeted. These attacks can result in significant damage, cost, and have many different initial...

1.9AI score
Exploits0
Securelist
Securelist
added 2019/11/08 10:0 a.m.83 views

Titanium: the Platinum group strikes again

Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium named after a password to one of the self-executable archives. Titanium is the final result of a...

7.2AI score
Exploits0
Securelist
Securelist
added 2019/07/10 10:0 a.m.116 views

New FinSpy iOS and Android implants revealed ITW

Updated: 23.07.2019 After publication of this article, we received a letter from a representative of Gamma Group International Ltd. stating that they disposed of all interests in FinFisher FinSpy in 2013. This article has been corrected in accordance with this new information. According to...

Exploits0
Akamai Blog
Akamai Blog
added 2019/06/13 4:0 a.m.15 views

Latest ECHOBOT: 26 Infection Vectors

Introduction Since the release of the Mirai source code in October of 2016, there have been hundreds of variants. While publishing my own research, I noticed that Palo Alto Networks was also examining similar samples, and published their findings. Earlier...

2.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/06/05 12:45 a.m.546 views

It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign

This blog was authored by Danny Adamitis, David Maynor and Kendall McKay. Executive summary Cisco Talos recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. We assess that the attackers carried...

9.3CVSS8.8AI score0.99945EPSS
Exploits33
The Hacker News
The Hacker News
added 2018/06/11 1:45 p.m.1 views

A New Paradigm For Cyber Threat Hunting

It's no secret that expecting security controls to block every infection vector is unrealistic. For most organizations, the chances are very high that threats have already penetrated their defenses and are lurking in their network. Pinpointing such threats quickly is essential, but traditional...

6.7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/10/02 12:0 p.m.43 views

National Cyber Security Awareness Month for Organizations

The month of October 2017 is again the National Cyber Security Awareness Month NCSAM for individuals and organizations. This year’s theme is shared responsibility which is something we’ve been talking a lot about when it comes to public cloud support for many years. This year Trend Micro will be...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/06/29 3:46 p.m.12 views

Petya Is Not Ransomware, It's a 'Wiper'

The outbreak of the ExPetr malware isn’t a ransomware attack, but more precisely, it’s a wiper attack that sabotaged PCs globally, overwriting their Master Boot Record forever. That’s the analysis of security experts from Kaspersky Lab and Comae Technologies who shared their latest research on th...

1.1AI score
Exploits0References1
Akamai Blog
Akamai Blog
added 2017/06/27 7:28 p.m.40 views

Dealing with Petya

Akamai is aware of and is tracking the malware threat known as "Petya". Petya is ransomware spread using several methods, including PSexec, Windows Management Instrumentation Command-line WMIC, and the EternalBlue exploit used by the WannaCry family of ransomware. The malware spreads via port 139...

6.6AI score
Exploits0
Rows per page
Query Builder