Author: Admin
Threat actors associated with RansomHub The ransomware group has encrypted and stolen data from at least 210 victims since its inception in February 2024, the US government said. Victims span a variety of sectors, including water and sanitation, information technology, government services and facilities, health and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation and communications. . “RansomHub is a Ransomware-as-a-Service variant formerly known as Cyclops and Knight that has proven to be an efficient and successful service model (recently attracting high-profile affiliates from other prominent variants such as LockBit and ALPHV).” government institutions…
September 2, 2024Hacker newsVulnerability management / Webinar The world of cyber security is in a state of constant change. New vulnerabilities appear daily and attackers are becoming more sophisticated. In this high-stakes game, security executives need every advantage they can get. This is where artificial intelligence (AI) comes in. AI is not just a buzzword; this is a game changer for vulnerability management. AI is poised to revolutionize vulnerability management in the coming years. This allows security services to: Define risks in scale: AI can analyze vast amounts of data to identify weaknesses that humans might miss. Threat Prioritization: AI…
September 2, 2024Hacker newsCybercrime / CISO Insights The FBI and CISA issue joint guidance on emerging threats and ways to stop ransomware Note: On August 29, the FBI and CISA released a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect themselves against ransomware. Last recommendation, АА24-242Аdescribes a new group of cybercriminals and its attack methods. It also outlines three important actions to take today to reduce cyber threats from ransomware – installing updates as soon as they are released, requiring phishing-resistant MFA (ie, no SMS text) and educating users. The rise in the number of…
September 2, 2024Ravi LakshmananSoftware Security / Malware Roblox developers are the target of an ongoing campaign to compromise systems with fake npm packages, once again highlighting how threat actors continue to exploit trust in the open source ecosystem to deliver malware. “By mimicking the popular ‘noblox.js’ library, attackers have published dozens of packages designed to steal sensitive data and compromise systems,” – Checkmarx researcher Yehuda Gelb. said in the technical report. There were details about the company documented for the first time ReversingLabs in August 2023 as part of a company which delivered a heist called the Luna Token Grabber,…
August 31, 2024Ravi LakshmananRootkit / Threat Intelligence A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited by North Korean actors in the FudModule rootkit campaign. This development shows the persistent efforts of the adversary nation-state, which in recent months has made a habit of including many Windows zero-day exploits in its arsenal. Microsoft, which discovered this activity on August 19, 2024, classified it as a threat it monitors as Citrine Slit (formerly DEV-0139 and DEV-1222), which is also known as AppleJeus, Labyrinth Chollima, Nickel Academy, and UNC4736. It is believed to be a subcluster…
August 30, 2024Ravi LakshmananCryptojacking / Vulnerability Threat actors are actively exploiting a patched critical security flaw affecting the Atlassian Confluence data center and Confluence server to conduct illegal cryptocurrency mining on sensitive instances. “Attacks involve threat actors using techniques such as deploying shell scripts and XMRig miners, targeting SSH endpoints, killing competing crypto mining processes, and maintaining security through cron jobs,” Trend Micro researcher Abdelrahman Esmail. said. Exploited security vulnerability CVE-2023-22527a maximum severity bug in older versions of Atlassian Confluence Data Center and Confluence Server that could allow unauthenticated attackers to achieve remote code execution. In mid-January 2024, an Australian…
Cybersecurity researchers have discovered a new malware campaign that uses Google Sheets as a control mechanism (C2). activity, revealed by Proofpoint, starting on August 5, 2024, impersonates the tax authorities of governments in Europe, Asia and the US in order to target more than 70 organizations worldwide with a special tool called Voldemort, which is equipped to collect information and deliver an additional payload . Target sectors include insurance, aerospace, transportation, academia, finance, technology, manufacturing, healthcare, automotive, hospitality, energy, government, media, manufacturing, telecommunications and welfare organizations. The suspected cyber espionage campaign has not been attributed to a specific threat actor.…
August 30, 2024Ravi LakshmananCyber threat / Cyber espionage Cybersecurity researchers have discovered a new network infrastructure created by Iranian threat actors to support activities related to recent attacks on political campaigns in the United States. Insikt group Recorded Future has linked the infrastructure to a threat it tracks as GreenCharlie, an Iran-linked cyber threat group that overlaps with APT42, Charming Kitten, Damselfly, Mint Sandstorm (formerly Phosphorus), TA453 and Yellow Garuda. “The group’s infrastructure is meticulously designed using dynamic DNS (DDNS) providers such as Dynu, DNSEXIT and Vitalwerks to register domains used in phishing attacks,” the cybersecurity firm said in a…
August 30, 2024Ravi LakshmananMalware / Network Security Cyber security researchers have uncovered a new campaign that is potentially targeting users in the Middle East with malware masquerading as Palo Alto Networks GlobalProtect a virtual private network (VPN) tool. “The malware can execute remote PowerShell commands, download and expose files, encrypt communications, and bypass sandboxes, posing a significant threat to targeted organizations,” Trend Micro researcher Mohamed Fahmy. said in the technical report. The sophisticated malware sample was seen using a two-step process and involves establishing connections to a Command and Control (C2) infrastructure that pretends to be the company’s VPN portal,…
The most dangerous vulnerability you’ve never heard of. In the world of cybersecurity, vulnerabilities are discovered so often and at such a high rate that it can be very difficult to keep up. Some vulnerabilities will set off alarm bells in your security tools, while others are much more subtle but still pose an equally dangerous threat. Today we want to discuss one of the Source link