New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace

A previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what's suspected to be a cyber espionage mission. The BlackBerry Threat Research and Intelligence team is tracking the activity cluster as AeroBlade. Its origin is...

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability

Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a now-patched critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called...

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle AitM scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2...

Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk

As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn't have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the...

New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices

Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that's capable of targeting routers and IoT devices. The latest version, per Cado Security Labs, is compiled for Microprocessor without Interlocked Pipelined Stages MIPS architecture, broadening its...

LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks

The Unified Extensible Firmware Interface UEFI code from various independent firmware/BIOS vendors IBVs has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, "can ...

Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware

Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to "hands-on-keyboard activity by ransomware operator Storm-0216 Twisted Spider, UNC2198, culminating in the deployment of...

Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.

Organizations in the Middle East, Africa, and the U.S. have been targeted by an unknown threat actor to distribute a new backdoor called Agent Racoon. "This malware family is written using the .NET framework and leverages the domain name service DNS protocol to create a covert channel and provide...

Russian Hacker Vladimir Dunaev Pleads Guilty for Creating TrickBot Malware

A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice DoJ announced. Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later. "Dunaev develope...

New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia

Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. "Spreading primarily through messaging services, it combines...

Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats

The U.S. Department of Justice DOJ and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may still pose a danger...

Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan

A suspected Chinese-speaking threat actor has been attributed to a malicious campaign that targets the Uzbekistan Ministry of Foreign Affairs and South Korean users with a remote access trojan called SugarGh0st RAT. The activity, which commenced no later than August 2023, leverages two different...

Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks

The most recent Gcore Radar report and its aftermath have highlighted a dramatic increase in DDoS attacks across multiple industries. At the beginning of 2023, the average strength of attacks reached 800 Gbps, but now, even a peak as high as 1.5+ Tbps is unsurprising. To try and break through...

WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform. The feature has been described as an "additional way to protect those chats and make them harder to find if someone has access to your phone o...

U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign-Based Agents

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC on Thursday sanctioned the North Korea-linked adversarial collective known as Kimsuky as well as eight foreign-based agents who are alleged to have facilitated sanctions evasion. The agents, the Treasury said, helped in...

Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices

Zyxel has released patches to address 15 security issues impacting network-attached storage NAS, firewall, and access point AP devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are listed below - CVE-2023-35138 CVSS...

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are describe...

Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails

Google has revealed a new multilingual text vectorizer called RETVec short for Resilient and Efficient Text Vectorizer to help detect potentially harmful content such as spam and malicious emails in Gmail. "RETVec is trained to be resilient against character-level manipulations including insertio...

North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

Threat actors from the Democratic People's Republic of Korea DPRK are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country. "Even though movement in and out of and within the country is...

This Free Solution Provides Essential Third-Party Risk Management for SaaS

Wing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management TPRM and what companies should do to ensure a proper SaaS-TPRM process is in place. In this article we wi...

7 Uses for Generative AI to Enhance Security Operations

Welcome to a world where Generative AI revolutionizes the field of cybersecurity. Generative AI refers to the use of artificial intelligence AI techniques to generate or create new data, such as images, text, or sounds. It has gained significant attention in recent years due to its ability to...

CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks

A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments. "This campaign marks the first documented instance ... where threat actors deployi...

U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers

The U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. "Sinbad has processed millions of dollars' worth of virtual currency from Lazarus Group heists,...

Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.

The U.S. Cybersecurity and Infrastructure Security Agency CISA revealed that it's responding to a cyber attack that involved the active exploitation of Unitronics programmable logic controllers PLCs to target the Municipal Water Authority of Aliquippa in western Pennsylvania. The attack has been...

200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn

An Android malware campaign targeting Iranian banks has expanded its capabilities and incorporated additional evasion tactics to fly under the radar. That's according to a new report from Zimperium, which discovered more than 200 malicious apps associated with the malicious operation, with the...

Discover Why Proactive Web Security Outsmarts Traditional Antivirus Solutions

In a rapidly evolving digital landscape, it's crucial to reevaluate how we secure web environments. Traditional antivirus-approach solutions have their merits, but they're reactive. A new report delves into the reasons for embracing proactive web security solutions, ensuring you stay ahead of...

Okta Discloses Broader Impact Linked to October 2023 Support System Breach

Identity services provider Okta has disclosed that it detected "additional threat actor activity" in connection with the October 2023 breach of its support case management system. "The threat actor downloaded the names and email addresses of all Okta customer support system users," the company sa...

DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software

A variant of a ransomware strain known as DJVU has been observed to be distributed in the form of cracked software. "While this attack pattern is not new, incidents involving a DJVU variant that appends the .xaro extension to affected files and demanding ransom for a decryptor have been observed...

GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts. The attacks involve th...

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D...

Transform Your Data Security Posture – Learn from SoFi's DSPM Success

As cloud technology evolves, so does the challenge of securing sensitive data. In a world where data duplication and sprawl are common, organizations face increased risks of non-compliance and unauthorized data breaches. Sentra's DSPM Data Security Posture Management emerges as a comprehensive...

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access

Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation DWD feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges. "Such exploitation...

How Hackers Phish for Your Users' Credentials and Sell Them

Account credentials, a popular initial access vector, have become a valuable commodity in cybercrime. As a result, a single set of stolen credentials can put your organization's entire network at risk. According to the 2023 Verizon Data Breach Investigation Report, external parties were responsib...

Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine

A coordinated law enforcement operation has led to the arrest of key individuals in Ukraine who are alleged to be a part of several ransomware schemes. "On 21 November, 30 properties were searched in the regions of Kyiv, Cherkasy, Rivne, and Vinnytsia, resulting in the arrest of the 32-year-old...

Stop Identity Attacks: Discover the Key to Early Threat Detection

Identity and Access Management IAM systems are a staple to ensure only authorized individuals or entities have access to specific resources in order to protect sensitive information and secure business assets. But did you know that today over 80% of attacks now involve identity, compromised...

Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens

Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager NTLM tokens by tricking a victim into opening a specially crafted Microsoft Access file. The attack takes advantage of a legitimate feature in the database...

N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection

The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN. The findings come from cybersecurity firm SentinelOne,...

How to Handle Retail SaaS Security on Cyber Monday

If forecasters are right, over the course of today, consumers will spend $13.7 billion. Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages...

Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections

A new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established. The Secure Shell SSH protocol is a method for...

U.S., U.K., and Global Partners Release Secure AI System Development Guidelines

The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence AI systems. "The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and accountability, an...

New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government

An unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what's suspected to be an advanced persistent threat APT attack. The web shell, a dynamic-link library DLL named "hrserv.dll," exhibits "sophisticated features such as custom...

Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief description of the vulnerabilities is as follows - CVE-2023-49103 CVSS score: 10.0 - Disclosure of...

Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale

More details have emerged about a malicious Telegram bot called Telekopye that's used by threat actors to pull off large-scale phishing scams. "Telekopye can craft phishing websites, emails, SMS messages, and more," ESET security researcher Radek Jizba said in a new analysis. The threat actors...

Tell Me Your Secrets Without Telling Me Your Secrets

The title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian's engineers had to solve in implementing the mechanisms for their new HasMySecretLeaked service. They wanted to help developers find out if their secrets passwords, API keys, priva...

Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel

Cybersecurity researchers have shed light on a Rust version of a cross-platform backdoor called SysJoker, which is assessed to have been used by a Hamas-affiliated threat actor to target Israel amid the ongoing war in the region. "Among the most prominent changes is the shift to Rust language,...

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks. "These encoded Kubernetes configuration secrets were uploaded to public repositories," Aqua security researchers Yakir Kadkoda and Assaf Morag...

Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks

A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The activity has been attributed to a threat actor called Konni, which is assessed to share overlaps with a...

Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab. "The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often...

6 Steps to Accelerate Cybersecurity Incident Response

Modern security tools continue to improve in their ability to defend organizations' networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That's why it's...

Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks

An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution RCE functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service DDoS botnet. "The payload targets routers and network video recorder NVR devices with default adm...