The threat actor, formed in 2023, specializes in ransomware attacks targeting Russian government organizations. It encrypts and deletes victim data, exfiltrates sensitive information, and aims to inflict maximum damage on critical assets. The threat actor likely scans IP address ranges…
Category: EN
Google Warns Of North Korean IT Workers Have Infiltrated The U.S. Workforce
North Korean IT workers, disguised as non-North Koreans, infiltrate various industries to generate revenue for their regime, evading sanctions and funding WMD programs by exploiting privileged access to enable cyber intrusions. Facilitators, often non-North Koreans, assist these workers by laundering…
Beware Of Fake Verify You Are A Human Request That Delivers Malware
Researchers observed two distinct instances where users were inadvertently led to malicious websites after conducting Google searches for video streaming services. These victims were redirected to malicious URLs that employed a deceptive tactic while attempting to access sports or movie…
New Mallox Ransomware Linux Variant Attacking Enterprise Linux Servers
Kryptina RaaS, a free and open-source RaaS platform for Linux, initially struggled to attract attention. Still, after a Mallox affiliate’s staging server was leaked in May 2024, Kryptina’s modified version, branded Mallox v1.0, gained prominence. The research examines the data…
BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell
We break down the full infection chain of the Brazilian-targeted threat BBTok and demonstrate how to deobfuscate the loader DLL using PowerShell, Python, and dnlib. This article has been indexed from Security Blog G Data Software AG Read the original…
Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
Gartner® names Microsoft a Leader in Endpoint Protection Platforms—a reflection, we believe, of our continued progress in helping organizations protect their endpoints against even the most sophisticated attacks, while driving continued efficiency for security operations center teams. The post Microsoft…
New MIT protocol protects sensitive data during cloud-based computation
Deep-learning models have found applications across various industries, from healthcare diagnostics to financial forecasting. However, their high computational demands often require powerful cloud-based servers. This dependency on cloud computing raises notable security concerns, particularly in sensitive sectors like healthcare. Hospitals,…
Navigating the NIS2 Directive: Key insights for cybersecurity compliance and how Sekoia.io can help
To read the French version the article, click here. The European Union (EU) adopted a fundamental directive at the end of 2022 aimed at protecting critical sectors of the European economy from cyber threats. Directive (EU) 2022/2555, better known as…
TeamTNT Hackers Attacking VPS Servers Running CentOS
TeamTNT is targeting CentOS VPS clouds with SSH brute force attacks. It has uploaded a malicious script that disables security, deletes logs, and modifies system files to kill existing miners, remove Docker containers, and redirect DNS to Google servers. The…
UK government’s bank data sharing plan slammed as ‘financial snoopers’ charter’
Access to account info needed to tackle benefit fraud, latest bill claims Privacy campaigners are criticizing UK proposals to force banks to share data from the accounts of government benefit claimants, saying the ploy amounts to “a financial snoopers’ charter…
Threat landscape for industrial automation systems, Q2 2024
In this report, we share statistics on threats to industrial control systems in Q2 2024, including statistics by region, industry, malware and other threat types. This article has been indexed from Securelist Read the original article: Threat landscape for industrial…
Malicious Ads Hide Infostealer in League of Legends ‘Download’
Bitdefender is warning League of Legends fans not to fall for a phishing campaign designed to spread Lumma Stealer malware This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious Ads Hide Infostealer in League of Legends ‘Download’
Open Source C3 Frameworks Used In Red Teaming Assessments Vulnerable To RCE Attacks
C2 frameworks, crucial for post-exploitation operations, offer open-source alternatives to Cobalt Strike. They streamline the management of compromised systems, enable efficient collaboration, and evade detection by providing customizable behaviors. It is a toolset attackers use to control and manage compromised…
Microsoft Warns Of Vanilla Tempest Hackers Attacking Healthcare Sector
Microsoft has identified a new attack vector employed by the financially motivated threat actor Vanilla Tempest. This actor has been observed leveraging the INC ransomware to target healthcare organizations within the United States. Specifically, Vanilla Tempest is exploiting vulnerabilities in…
Beware Of Fake Captcha Attacks That Delivers Lumma Stealer Malware
In the past four weeks, a significant increase in malware distribution attempts via fake Captcha campaigns has been observed, targeting over 1.4 million users. Lumma Stealer, a hazardous malware designed for data theft, is the primary payload being distributed. Cybercriminals…
Russian Hackers Registering Domains Targeting US Tech Brands
Researchers are tracking a Russian threat actor deploying domains involved in crypto scams targeting the US Presidential Election and tech brands. The scams offer double crypto returns for deposits and are designed to deceive users into sending coins to attacker-controlled…
5 obscure web browsers that will finally break your Chrome addiction
Give one of these alternative browsers just a few minutes of your time and you’ll never go back. They’re all free, so what have you got to lose? This article has been indexed from Latest stories for ZDNET in Security…
Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities
An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which…
Critical Arc Browser Vulnerability Let Attackers Execute Remote Code
Arc’s Boosts feature lets users customize websites with CSS and JavaScript. While JavaScript Boosts are not shareable to protect security, they are synced across devices for personal use. Misconfigured Firebase ACLs enabled unauthorized users to modify the creatorID of Boosts,…
Flax Typhoon’s Botnet Actively Exploiting 66 Vulnerabilities In Various Devices
The Five Eyes agencies recently released a joint cybersecurity advisory detailing a new botnet, Flax Typhoon, linked to Chinese state-sponsored actors. The advisory highlights the actors’ use of compromised routers and IoT devices to establish a vast botnet capable of…