Identifying a Patch Management Solution: Overview of Key Criteria

Software is rarely a one-and-done proposition. In fact, any application available today will likely need to be updated – or patched – to fix bugs, address vulnerabilities, and update key features at multiple points in the future. With the typical enterprise relying on a multitude of applications,...

Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts

Ransomware affiliates associated with the Qilin ransomware-as-a-service RaaS scheme earn anywhere between 80% to 85% of each ransom payment, according to new findings from Group-IB. The cybersecurity firm said it was able to infiltrate the group in March 2023, uncovering details about the...

Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts

Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023. The development comes against the backdrop of fake ChatGPT web browser extensio...

New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets

Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer or AMOS on Telegram for $1,000 per month, joining the likes of MacStealer. "The Atomic macOS Stealer can steal various types of information from the victim's machine, including...

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack

Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response EDR software by means of a Bring Your Own Vulnerable Driver BYOVD attack. "The AuKill tool abuses an outdated version of the driver used by version...

Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign

The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running campaign called DeathNote. While the nation-state adversary is known for persistently singling out the cryptocurrency sector, recent...

Microsoft Takes Legal Action to Disrupt Cybercriminals' Illegal Use of Cobalt Strike Tool

Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center Health-ISAC to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware. To that end, the tech giant's Digital Crimes Unit DCU revealed that it secured a court order i...

Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks

The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022. Symantec, which is tracking the group under its insect-themed moniker Mantis, said the adversary is "going to great lengths to...

Microsoft Tightens OneNote Security by Auto-Blocking 120 Risky File Extensions

Microsoft has announced plans to automatically block embedded files with "dangerous extensions" in OneNote following reports that the note-taking service is being increasingly abused for malware delivery. Up until now, users were shown a dialog warning them that opening such attachments could har...

Cyberstorage: Leveraging the Multi-Cloud to Combat Data Exfiltration

Multi-cloud data storage, once merely a byproduct of the great cloud migration, has now become a strategy for data management. "Multi-cloud by design," and its companion the supercloud, is an ecosystem in which several cloud systems work together to provide many organizational benefits, including...

4 Steps to Creating a Powerful Research Lab for Reverse Engineering

However, manual lab setup and configuration can prove to be a laborious and time-consuming process. In this article, we'll look at 4 ways to create a reverse engineering lab, discuss how to save time, and, potentially, improve the detection rate using a sandbox-as-a-service, and a recommended lis...

Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware

Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors ... can be silent for years, show no network activity or any other signs of presence...

U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency NCA revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand peopl...

Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials

The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign...

Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips

Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo...

Authorities Shut Down ChipMixer Platform Tied to Crypto Laundering Scheme

A coalition of law enforcement agencies across Europe and the U.S. announced the takedown of ChipMixer, an unlicensed cryptocurrency mixer that began its operations in August 2017. "The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking t...

How to Apply NIST Principles to SaaS in 2023

The National Institute of Standards and Technology NIST is one of the standard-bearers in global cybersecurity. The U.S.-based institute's cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance ...

Iranian Hackers Target Women Involved in Human Rights and Middle East Politics

Iranian state-sponsored actors are continuing to engage in social engineering campaigns targeting researchers by impersonating a U.S. think tank. "Notably the targets in this instance were all women who are actively involved in political affairs and human rights in the Middle East region,"...

New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims

A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access...

Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy

Google has announced the general availability of client-side encryption CSE for Gmail and Calendar, months after piloting the feature in late 2022. The data privacy controls enable "even more organizations to become arbiters of their own data and the sole party deciding who has access to it,"...

Shocking Findings from the 2023 Third-Party App Access Report

Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps. SaaS-to-SaaS third-party app installations are growing nonstop at organizations around the world. When an employee needs an additional app to increase their...

NewsPenguin Threat Actor Emerges with Malicious Campaign Targeting Pakistani Entities

A previously unknown threat actor dubbed NewsPenguin has been linked to a phishing campaign targeting Pakistani entities by leveraging the upcoming international maritime expo as a lure. "The attacker sent out targeted phishing emails with a weaponized document attached that purports to be an...

Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm

The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying...

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

Two new security weaknesses discovered in several electric vehicle EV charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft. The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing th...

Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices

Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems. "This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Window...

FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft

The U.S. Federal Bureau of Investigation FBI on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack to the Lazarus Group and APT38, the...

Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks

The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus, said it observed the...

RedZei Chinese Scammers Targeting Chinese Students in the U.K.

Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed RedZei aka RedThief. "The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe...

The Rise of the Rookie Hacker - A New Trend to Reckon With

More zero knowledge attacks, more leaked credentials, more Gen-Z cyber crimes - 2022 trends and 2023 predictions. Cybercrime remains a major threat to individuals, businesses, and governments around the world. Cybercriminals continue to take advantage of the prevalence of digital devices and the...

New Agenda Ransomware Variant, Written in Rust, Aiming at Critical Infrastructure

A Rust variant of a ransomware strain known as Agenda has been observed in the wild, making it the latest malware to adopt the cross-platform programming language after BlackCat, Hive, Luna, and RansomExx. Agenda, attributed to an operator named Qilin, is a ransomware-as-a-service RaaS group that...

New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts

A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system CMS to seize control of targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' t...

French Electricity Provider Fined for Storing Users' Passwords with Weak MD5 Algorithm

The French data protection watchdog on Tuesday fined electricity provider Électricité de France EDF €600,000 for violating the European Union General Data Protection Regulation GDPR requirements. The Commission nationale de l'informatique et des libertés CNIL said the electric utility breached...

Threat hunting with MITRE ATT&CK and Wazuh

Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay...

Download eBook: Top virtual CISOs share 7 tips for vCISO service providers

Virtual Chief Information Security Officer vCISO services also known as 'Fractional CISO' or 'CISO-as-a-Service' are growing in popularity, especially as growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises dema...

Сryptocurrency and Ransomware — The Ultimate Friendship

Both cryptocurrency and ransomware are nothing new in the digital world; both have been there for a very long time, which was enough for them to find common pieces for starting their relationship. Ransomware can be like a virtual car that works on all types of fuels, and crypto is the one that is...

Emotet Botnet Started Distributing Quantum and BlackCat Ransomware

The Emotet malware is now being leveraged by ransomware-as-a-service RaaS groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware...

North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application

A threat with a North Korea nexus has been found leveraging a "novel spear phish methodology" that involves making use of trojanized versions of the PuTTY SSH and Telnet client. Google-owned threat intelligence firm Mandiant attributed the new campaign to an emerging threat cluster it tracks unde...

Hacktivist Group GhostSec Compromises 55 Berghof PLCs Across Israel

A hacktivist collective called GhostSec has claimed credit for compromising as many as 55 Berghof programmable logic controllers PLCs used by Israeli organizations as part of a "Free Palestine" campaign. Industrial cybersecurity firm OTORIO, which dug deeper into the incident, said the breach was...

Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials

Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services AWS credentials, posing a major security risk. "Over three-quarters 77% of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter...

Penetration Testing or Vulnerability Scanning? What's the Difference?

Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let's dive in and explain the differences. People frequently confuse penetration testing and vulnerability scanning, and it's easy to see...

Hackers Opting New Attack Methods After Microsoft Blocked Macros by Default

With Microsoft taking steps to block Excel 4.0 XLM or XL4 and Visual Basic for Applications VBA macros by default across Office apps, malicious actors are responding by refining their tactics, techniques, and procedures TTPs. "The use of VBA and XL4 Macros decreased approximately 66% from October...

HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains

Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. "The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal...

New 'FabricScape' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads

Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. The issue, which has been dubbed FabricScape CVE-2022-30137,...

Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns

Fronton, a distributed denial-of-service DDoS botnet that came to light in March 2020, is much more powerful than previously thought, per the latest research. "Fronton is a system developed for coordinated inauthentic behavior on a massive scale," threat intelligence firm Nisos said in a report...

New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars

A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas. The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy BLE, a wireless technology...

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic. "The websites all shared a common issue —...

Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers

Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a...

Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers

A new set of phishing attacks delivering the moreeggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers. "This year the moreeggs operation has...

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers

An Android spyware application has been spotted masquerading as a "Process Manager" service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app — that has the package name "com.remote.app" — establishes contact with a remote command-and-control server...

Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems

The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the latest research from SentinelOne. The findings come a day after th...