16 matches found
TP-Link Router Botnet
There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution RCE possible so that the malware can spread itself across the internet automatically. This high severity security flaw tracked as CVE-2023-1389 has also been us...
New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems
Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42. "Once installed, Auto-color allows threat actors full...
Angry Likho: Old beasts in a new forest
Angry Likho referred to as Sticky Werewolf by some vendors is an APT group we've been monitoring since 2023. It bears a strong resemblance to Awaken Likho, which we've analyzed before, so we classified it within the Likho malicious activity cluster. However, Angry Likho's attacks tend to be...
RansomHub: The New King of Ransomware? Targeted 600 Firms in 2024
RansomHub emerges as a major ransomware threat in 2024, targeting 600 organizations after ALPHV and LockBit disruptions. Group-IB…...
Analysis of Storm-0558 techniques for unauthorized email access
Executive summary On July 11, 2023, Microsoft published two blogs detailing a malicious campaign by a threat actor tracked as Storm-0558 that targeted customer email that weve detected and mitigated: Microsoft Security Response Center and Microsoft on the Issues. As we continue our investigation...
Actors, Threats and Vulnerabilities 30 January to 5 February 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro discovered four actors that have been active in the past week. The first, Sandworm Team, is a well-known Russian threat actor known for Sabotage and destruction. The...
What is ransomware and how can you defend your business from it?
Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems known as...
Watch out for the email that says “You have a new voicemail!”
A phishing campaign is using voicemail notification messages to go after victims Office 365 credentials. According to researchers at ZScaler, the campaign uses spoofed emails with an HTML attachment that contains encoded javascript. The email claims that you have a new voicemail and that you can...
Nation-State Crosshairs: France, Germany & United Kingdom
In the Nation-State Crosshairs: France, Germany & the United Kingdom By Trellix · March 28, 2022 Today Trellix and the Center for Strategic and International Studies CSIS released a global report, In the Crosshairs: Organizations and Nation-State Cyber Threats, examining security professionals’...
Iran's Lyceum Hackers Target Telecoms, ISPs in Israel, Saudi Arabia, and Africa
A state-sponsored threat actor allegedly affiliated with Iran has been linked to a series of targeted attacks aimed at internet service providers ISPs and telecommunication operators in Israel, Morocco, Tunisia, and Saudi Arabia, as well as a ministry of foreign affairs MFA in Africa, new finding...
Oil & Gas Targeted in Year-Long Espionage Campaign
A sophisticated campaign targeting large international companies in the oil and gas sector has been underway for more than a year, researchers said, spreading common remote access trojans RATs for cyber-espionage purposes. According to Intezer analysis, spear-phishing emails with malicious...
Nobelium Phishing Campaign Poses as USAID
The cybercriminal group behind the notorious SolarWinds attack is at it again with a sophisticated mass email campaign aimed at delivering malicious URLs with payloads enabling network persistence so the actors can conduct further nefarious activities. Microsoft Threat Intelligence Center MSTIC...
New sophisticated email-based attack from NOBELIUM
Microsoft Threat Intelligence Center MSTIC has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and...
SamSam Ransomware Attacks Extorted Nearly $6 Million
Ransomware has become a multimillion-dollar black market business for cybercriminals, and SamSam being a great example. New research revealed that the SamSam ransomware had extorted nearly $6 million from its victims since December 2015, when the cyber gang behind the ransomware started...
Spoofed SEC Emails Distribute Evolved DNSMessenger
This post was authored by Edmund Brumaghin, Colin Grady, with contributions from Dave Maynor and @Simpo13.Executive SummaryCisco Talos previously published research into a targeted attack that leveraged an interesting infection process using DNS TXT records to create a bidirectional command and...
Large DDoS Attacks Still a Serious Problem
In the world of botnets and denial-of-service attacks, 2009 was a very interesting year. While a handful of large, noisy botnets got most of the attention, there were thousands of serious, prolonged DDoS attacks that not only chewed up huge amounts of bandwidth but likely caused major problems fo...