Author: Admin
November 22, 2024Ravi LakshmananCyber espionage / malware A Chinese-linked nation-state group called TAG-112 has compromised Tibetan media and university websites as part of a new cyberespionage campaign designed to facilitate the delivery of post-exploitation Cobalt Strike toolkits for later intelligence gathering. “The attackers embedded malicious JavaScript into these sites that falsified a TLS certificate error to force visitors to download a disguised security certificate,” Recorded Future’s Insikt Group said. “This malware, which is often used by threat actors for remote access and post-exploitation, highlights the continued focus of cyber espionage on Tibetan organizations.” The compromises were attributed to a state-sponsored…
November 22, 2024Ravi LakshmananCyber attack / malware A threat actor known as The mysterious elephant observed the use of an advanced version of the malware called Asynshell. The attack campaign is said to have used Hajj-themed decoys to trick victims into executing a malicious payload disguised as a Microsoft Compiled HTML Help (CHM) file, Knownsec 404 command said in an analysis published today. Mysterious Elephant, which is also known as APT-K-47, is a threat actor of South Asian origin that has been active since at least 2022, primarily against Pakistani organizations. The group’s tactics and tools were found to share…
November 22, 2024Ravi LakshmananCyber espionage / malware Threat actors linked to Russia have been linked to a cyber espionage campaign targeting organizations in Central Asia, East Asia and Europe. Insikt Group Recorded Future, which named the cluster of activity as TAG-110, said it matched a threat group tracked by Ukraine’s Emergency Response Team (CERT-UA) as UAC-0063, which in turn matched APT28. The hacking team has been active since at least 2021. “Using the custom tools of the HATVIBE and CHERRYSPY malware, TAG-110 primarily attacks government organizations, human rights groups, and educational institutions,” the cybersecurity firm reported. said in a report…
Meta Platforms, Microsoft and the US Department of Justice (DoJ) have announced independent actions to combat cybercrime and shut down services that enable scams, fraud and phishing attacks. This was announced by Microsoft’s Digital Crime Unit (DCU). 240 fraudulent websites were seized linked to an Egyptian cybercrime facilitator named Abanoub Nadi (aka MRxC0DER and mrxc0derii) who advertised a phishing kit called ONNX. Nadia’s criminal operation was launched back in 2017. “Many cybercriminals and online threat actors have purchased these kits and used them in widespread phishing campaigns to bypass additional security measures and compromise Microsoft customer accounts,” said Steven Masada…
November 22, 2024Ravi LakshmananArtificial Intelligence / Malware Cybersecurity researchers discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that mimicked popular artificial intelligence (AI) models such as OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer. Packages, no gptplus and claudeai-engwere uploaded by a user named “Xeraline” in November 2023, attracting 1748 and 1826 downloads respectively. Both libraries are no longer available for download from PyPI. “The malicious packages were uploaded to the repository by the same author and essentially differed from each other only in name and description,” – Kaspersky said in the…
November 21, 2024Ravi LakshmananCyber espionage / malware A Chinese Advanced Persistent Threat (APT) actor known as Gelsemium A new Linux backdoor called WolfsBane has been spotted being used in cyberattacks likely targeting East and Southeast Asia. That’s it findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023. WolfsBane was rated as a Linux version of the threat Gelsevirin backdoor, a Windows malware that was first introduced back in 2014. The company also discovered another previously undocumented implant called FireWood, which is linked to another malware…
November 21, 2024Ravi LakshmananVulnerability / Cyber attack As many as 2,000 Palo Alto Networks devices is evaluated was compromised as part of a campaign to exploit recently discovered security flaws that were widely exploited in the wild. According to statistics In association with the Shadowserver Foundation, the majority of infections were reported in the US (554) and India (461), followed by Thailand (80), Mexico (48), Indonesia (43), Turkey (41), the United Kingdom (39), Peru ( 36) and South Africa (35). Earlier this week Censys revealed that it identified 13,324 open next-generation firewall (NGFW) management interfaces, of which 34% are in…
As a relatively new security category, many security operators and executives I’ve met have asked us, “What are Automated Security Verification (ASV) tools?” We’ve covered this quite extensively in the past, so today, instead of looking at “What is ASV?” I wanted to address “Why ASV?” question. In this article, we’ll go over some common use cases and misconceptions about how people misuse and misunderstand ASV tools on a daily basis (because it’s a lot more fun). To start a business, there is nothing to start with, as in the beginning. Automated security audit tools are designed to provide a…
Privileged Access Management (PAM) plays a key role in building a strong security strategy. PAM allows you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team. As a known supplier a The PAM solutionwe have witnessed firsthand how PAM is transforming organizational security. In this article, we aim to show you how PAM can protect your company in real and effective ways. 1. Implementation of the principle of least privilege Giving users sufficient access to perform their duties is fundamental to maintaining robust security. PAM solutions allow…
November 21, 2024Ravi LakshmananMalware / Cyber Fraud Threat actors linked to the Democratic People’s Republic of Korea (DPRK) impersonate US-based software and technology consulting companies to achieve their financial targets as part of a broader information technology (IT) worker scheme. “Shock companies, often based in China, Russia, Southeast Asia and Africa, play a key role in masking the true origins of workers and managing payments,” SentinelOne security researchers Tom Hegel and Dakota Carey said in a report shared with The Hacker News. North Korea’s network of IT workers, both individually and under the guise of front companies, is seen as…