Security

0 Comments
Hackers associated with North Korea are using trojanized versions of the PuTTY SSH open-source terminal emulator to install backdoors on victims’ devices. Discovered by Mandiant, the threat actor responsible for this campaign would be ‘UNC4034’ (also known as Temp.Hermit or Labyrinth Chollima). “Mandiant identified several overlaps between UNC4034 and threat clusters we suspect have a North
0 Comments
Cybersecurity agencies in the US, UK, Australia and Canada have warned that Iranian state-sponsored hackers are exploiting Log4j vulnerabilities in ransomware campaigns. An alert published this week said Tehran’s Islamic Revolutionary Guard Corps (IRGC) was behind multiple attacks exploiting VMware Horizon Log4j bugs on unprotected networks to enable disk encryption and data extortion. These include
0 Comments
The threat actor known as Webworm has been linked to several Windows–based remote access Trojans, suggests a new advisory by Symantec, a subsidiary of Broadcom Software. The group reportedly developed customized versions of three older remote access Trojans (RATs): Trochilus, Gh0st RAT and 9002 RAT.  The first of these tools, first spotted in 2005, is a
0 Comments
Two critical vulnerabilities were found in wireless LAN devices that are allegedly used to provide internet connectivity in airplanes. The flaws were discovered by Thomas Knudsen and Samy Younsi of Necrum Security Labs and affected the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec. “After performing reverse engineering of the firmware, we
0 Comments
by Paul Ducklin Researchers at threat intelligence company Group-IB just wrote an intriguing real-life story about an annoyingly simple but surprisingly effective phishing trick known as BitB, short for browser-in-the-browser. You’ve probably heard of several types of X-in-the-Y attack before, notably MitM and MitB, short for manipulator-in-the-middle and manipulator-in-the-browser. In a MitM attack, the attackers
0 Comments
A group of threat actors previously associated with the ShadowPad remote access Trojan (RAT) has adopted a new toolset to conduct campaigns against various government and state–owned organizations across multiple Asian countries.  The news comes from the Threat Hunter Team at Symantec, who published a new advisory about the threats earlier today. According to the document,
0 Comments
Security researchers have linked multiple ransomware campaigns to DEV–0270 (also known as Nemesis Kitten). The threat actor, widely considered a sub–group of Iranian actor PHOSPHORUS, conducts various malicious network operations on behalf of the Iranian government, according to a new write–up by Microsoft. However, judging from the threat actor’s geographic and sectoral targeting (which often
0 Comments
More than 10% of enterprise IT assets are missing endpoint protection and roughly 5% are not covered by enterprise patch management solutions.  The figures come from new research by Sevco Security, which the company has compiled in the State of the Cybersecurity Attack Surface report. “Attackers are very adept at exploiting enterprise vulnerabilities. Security and IT
0 Comments
On April 20, 2022, Rapid7 discovered vulnerabilities in two TCP/IP–enabled medical devices produced by Baxter Healthcare. The flaws, four in total, affected the company’s SIGMA Spectrum Infusion Pump and SIGMA WiFi Battery. Almost five months after Rapid7 first reported the issues to Baxter, the companies are now revealing they have worked together to discuss the
0 Comments
A persistent cyber–attack campaign has emerged targeting major financial institutions in French–speaking African countries and has been active over the last two years. The campaign was discovered by Check Point Research (CPR) and dubbed ‘DangerousSavanna.’ It relied on spear phishing techniques to initiate infection chains. The threat actors reportedly sent malicious attachment emails in French
0 Comments
Over half (52%) of global organizations know a partner that has been compromised by ransomware, yet few are doing anything to improve the security of their supply chain, according to Trend Micro. The security vendor polled nearly 3000 IT decision makers across 26 countries to produce its latest report, Everything is connected: Uncovering the ransomware
0 Comments
Various law enforcement agencies in Southern California and North Carolina have deployed an obscure cellphone tracking tool dubbed ‘Fog Reveal,’ sometimes without search warrants, a new investigation by the Associated Press (AP) has revealed. The tool gave police offers the ability to search billions of records from 250 million mobile devices and harness the ensuing data