10 matches found
Zimbra CVE-2024-27443 XSS Flaw Hits 129K Servers, Sednit Suspected
A critical XSS vulnerability, CVE-2024-27443, in Zimbra Collaboration Suite's CalendarInvite feature is actively being exploited, potentially by the…...
Little Crumbs Can Lead To Giants
This week is the Virus Bulletin Conference in London. Part of the conference is the Cyber Threat Alliance summit, where CTA members like Rapid7 showcase their research into all kinds of cyber threats and techniques. Traditionally, when we investigate a campaign, the focus is mostly on the code of...
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine
Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google's Threat Analysis Group TAG, which is monitoring the...
Zebrocy Retools for New Political Attacks
The APT known as the Sednit threat group also known as Sofacy, APT28 and Fancy Bear has kicked off a fresh spearphishing campaign, that was spotted targeting government entities with the Zebrocy backdoor. The malware features a rewritten and newly-improved backdoor and downloader, indicating an...
First-Ever UEFI Rootkit Tied to Sednit APT
LEIPZIG, GERMANY – Researchers hunting cyber-espionage group Sednit an APT also known as Sofacy, Fancy Bear and APT28 say they have discovered the first-ever instance of a rootkit targeting the Windows Unified Extensible Firmware Interface UEFI in successful attacks. The discussion of Sednit was...
Sofacy Russia-Linked APT Debuts Fresh Zebrocy Variant
The Zebrocy trojan – a custom downloader malware used by Russia-linked APT Sofacy a.k.a. APT28, Fancy Bear or Sednit – has a new variant. While it’s functionally much the same as its other versions, the new code was written using the Go programming language. The similarities between the new paylo...
Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild
Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe. Dubbed LoJax , the UEFI rootkit is part of a malware...
Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild
Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe. Dubbed LoJax, the UEFI rootkit is part of a malware...
FBI seizes control of a massive botnet that infected over 500,000 routers
Shortly after Cisco's released its early report on a large-scale hacking campaign that infected over half a million routers and network storage devices worldwide, the United States government announced the takedown of a key internet domain used for the attack. Yesterday we reported about a piece ...
Fake EFF Site Used in Spear Phishing Campaign
Attackers, possibly associated with the Russian government, registered a phony Electronic Frontier Foundation domain earlier this month in an attempt to dupe users into thinking correspondence from the site was coming from the well-known privacy watchdog. The scheme, largely carried out via spear...