Global Exposure of 180,000 ICS/OT Devices Raises Safety Concerns

Bitsight warns ICS/OT exposure jumped 12% in 2024, leaving 180,000+ critical infrastructure systems open to attack. Learn about the possible vulnerabilities and new malware strains...

2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends

Now that we’ve reached the end of another year, you may be looking around the cybersecurity infosphere and seeing a glut of posts offering “hot takes” on the 2024 threat landscape and predictions about what’s coming next. At Rapid7, we don’t truck in hot takes, but rather, cold hard facts. Stayin...

PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads

Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader,"...

ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies

Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. "HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers an...

QakBot's Endgame: The Final Move Before the Takedown

QakBot's Endgame: The Final Move Before the Takedown By Daksh Kapur, Nico Paulo Yturriaga and Alfred Alvarado · September 06, 2023 Figure 1 Attribution at the bottom Qakbot, known under aliases like QBot, QuakBot, and Pinkslipbot, represents an intricately advanced malware strain that has...

Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches

The U.S. Federal Bureau of Investigation FBI is warning that Barracuda Networks Email Security Gateway ESG appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups. It also deemed the fixes as "ineffective"...

New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions

A new information-stealing malware called Mystic Stealer has been found to steal data from about 40 different web browsers and over 70 web browser extensions. First advertised on April 25, 2023, for $150 per month, the malware also targets cryptocurrency wallets, Steam, and Telegram, and employs...

Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry

A new botnet called Dark Frost has been observed launching distributed denial-of-service DDoS attacks against the gaming industry. "The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices," Akamai security...

Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities

The Russia-linked APT29 aka Cozy Bear threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland's Military Counterintelligence Service and the CERT...

Actors, Threats and Vulnerabilities 13 March to 19 March 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Over the past week, Hive Pro detected the presence of five active threat actors. The first of these is Dark Pink APT, a notorious group with a history of engaging in informati...

Actors, Threats and Vulnerabilities 6 March to 12 March 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Last week, HiveForce Labs discovered three threat actors. One of them is a Russian group called TA499, which has a history of conducting different cyberattacks such as...

Actors, Threats and Vulnerabilities 27 February to 5 March 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs discovered six actors that have been active in the past week. TA866, APT-C-61, and DEV-0569 are cybercrime groups that focus on Financial gain. The other three...

Actors, Threats and Vulnerabilities 30 January to 5 February 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro discovered four actors that have been active in the past week. The first, Sandworm Team, is a well-known Russian threat actor known for Sabotage and destruction. The...

Actors, Threats and Vulnerabilities 23 January 2023 – 29 January 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro discovered four actors that have been active in the past week. The first, APT40 and Tick, are well-known Chinese threat actors known for information theft and...

Actors, Threats and Vulnerabilities 16 January 2023 – 22 January 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro identified three active actors during the past week. The first, Earth Bogle, is a notable threat actor known for information theft and espionage. The second,...

BlueNoroff introduces new methods bypassing MoTW

BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the groups activities and this October we observed the adoption of new...

CISA and ACSC Release Top 2021 Malware Strains

CISA and the Australian Cyber Security Centre ACSC have published a joint Cybersecurity Advisory on the top malware strains observed in 2021. Malicious cyber actors often use malware to covertly compromise and then gain access to a computer or mobile device. As malicious cyber actors have been...

New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices

Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface UEFI firmware impacting multiple HP enterprise devices. The shortcomings, which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in...

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat...

Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data

Summary This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the Multi-State Information Sharing and Analysis Center MS-ISAC. The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeti...