News

0 Comments
An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it’s typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that
0 Comments
A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891,
0 Comments
In what’s yet another act of sabotage, the developer behind the popular “node-ipc” NPM package shipped a new version to protest Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting
0 Comments
Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It’s, however, worth noting that the flaws require the targeted developers to handle a malicious package in conjunction with one of
0 Comments
The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. “The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy ransomware
0 Comments
Threat actors have been observed abusing a high-impact reflection/amplification method to stage sustained distributed denial-of-service (DDoS) attacks for up to 14 hours with a record-breaking amplification ratio of 4,294,967,296 to 1. The attack vector – dubbed TP240PhoneHome (CVE-2022-26143) – has been weaponized to launch significant DDoS attacks targeting broadband access ISPs, financial institutions, logistics companies,
0 Comments
Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed TLStorm, the flaws “allow for complete remote takeover of Smart-UPS devices and the ability to carry out extreme cyber-physical attacks,” Ben Seri
0 Comments
Cyber-attacks keep increasing and evolving but, regardless of the degree of complexity used by hackers to gain access, get a foothold, cloak their malware, execute their payload or exfiltrate data, their attack will begin with reconnaissance. They will do their utmost to uncover exposed assets and probe their target’s attack surface for gaps that can
0 Comments
Cybersecurity company Imperva on Friday said it recently mitigated a ransom distributed denial-of-service (DDoS) attack targeting an unnamed website that peaked at 2.5 million requests per second (RPS). “While ransom DDoS attacks are not new, they appear to be evolving and becoming more interesting with time and with each new phase,” Nelli Klepfish, security analyst
0 Comments
Cyber criminals and hacktivist groups are increasingly using the Telegram messaging app for their activities, as the Russia-Ukraine conflict enters its eighth day. A new analysis by Israeli cybersecurity company Check Point Research has found that “user volume grew a hundred folds daily on Telegram related groups, peaking at 200,000 per group.” Prominent among the
0 Comments
Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what’s seen as an attempt to obtain intelligence on refugee and supply movement in the region. Enterprise security company Proofpoint, which detected the malicious emails for the first time on February 24, 2022, dubbed the social
0 Comments
A group of academics from Tel Aviv University have disclosed details of now-patched “severe” design flaws affecting about 100 million Android-based Samsung smartphones that could have resulted in the extraction of secret cryptographic keys. The shortcomings are the result of an analysis of the cryptographic design and implementation of Android’s hardware-backed Keystore in Samsung’s Galaxy
0 Comments
Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of Belarusian state-sponsored hackers targeting its military personnel and related individuals as part of a phishing campaign mounted amidst Russia’s military invasion of the country. “Mass phishing emails have recently been observed targeting private ‘i.ua’ and ‘meta.ua’ accounts of Ukrainian military personnel and related individuals,” the CERT-UA
0 Comments
A new malware capable of controlling social media accounts is being distributed through Microsoft’s official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware “Electron Bot,” in reference to a command-and-control (C2) domain used
0 Comments
Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide. “MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber
0 Comments
Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name. “The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designed to find and obfuscate commands (API
0 Comments
Researchers have detailed what they call the “first successful attempt” at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. “We were able to recover the master key for generating the file encryption key without the attacker’s private key, by using a cryptographic vulnerability identified
0 Comments
The U.S. Department of Justice (DoJ) earlier this week appointed Eun Young Choi to serve as the first Director of the National Cryptocurrency Enforcement Team (NCET) it established last year. The NCET was created to tackle the criminal misuse of cryptocurrencies and digital assets,” with a focus on illegal activities in virtual currency exchanges, mixing
0 Comments
Microsoft has warned of emerging threats in the Web3 landscape, including “ice phishing” campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it’s still in its early stages. The company’s Microsoft 365 Defender Research Team called out various new avenues through which