Security

0 Comments
A new hacking campaign is exploiting the notorious deep field image taken from the James Webb telescope alongside obfuscated Go programming language payloads to infect systems. The malware was spotted by the Securonix Threat research team, who is tracking the campaign as GO#WEBBFUSCATOR. “Initial infection begins with a phishing email containing a Microsoft Office attachment,”
0 Comments
Three connected campaigns delivered a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims between March and June 2022. The association between the three apparently unrelated campaigns was made by security researchers at Cisco Talos, who said the aforementioned threat actors compromised vulnerable web applications to deliver threats via fake Amazon
0 Comments
Nearly half of breaches during the first six months of 2022 involved stolen credentials, Switzerland-based cybersecurity company Acronis reported in its Mid-Year Cyberthreat Report, published on August 24, 2022. It will come as no surprise to learn that the cybercriminals’ prime goal in using these credentials is to launch ransomware attacks, which “continue to be
0 Comments
Security researchers have revealed a new phishing campaign targeting Okta identity credentials and connected two-factor authentication (2FA) codes.  The analysis comes from the Group-IB, who said it was particularly interesting because despite using low-skill methods, the campaign was able to compromise a large number of well-known companies. In fact, attackers sent employees of the targeted companies text
0 Comments
Iran-based threat actor MuddyWater (tracked by Microsoft as MERCURY) has been leveraging the exploitation of Log4j 2 vulnerabilities in SysAid applications to target organizations in Israel. The news comes from a new advisory from Microsoft’s security researchers, who said on Thursday they could assess with high confidence that MERCURY’s observed activity was affiliated with Iran’s Ministry
0 Comments
by Paul Ducklin Recent updates to Apple Safari and Google Chrome made big headlines because they fixed mysterious zero-day exploits that were already being used in the wild. But this week also saw the latest four-weekly Firefox update, which dropped as usual on Tuesday, four weeks after the last scheduled full-version-number-increment release. We haven’t written
0 Comments
Cybersecurity researchers from Microsoft Threat Intelligence Center (MSTIC)  have discovered a new, post-compromise capability allowing a threat actor to maintain persistent access to compromised environments. Dubbed ‘MagicWeb’ by the tech giant, the capability has been attributed to Nobelium, a group commonly associated with the SolarWinds and USAID attacks. “Nobelium remains highly active, executing multiple campaigns in parallel
0 Comments
Apple has released updates to fix security flaws across iPhone, iPad and Mac devices, after admitting the vulnerabilities may have been “actively exploited” by threat actors. The vulnerability reportedly gave hackers the ability to infiltrate WebKit, the engine that powers the Apple web browser Safari. Once gained the initial foothold, threat actors could then take control
0 Comments
Trojanized crypto-currency miners, also known as cryptojackers, continue to spread across computers around the world, while also becoming stealthier and increasingly avoiding detection. The data comes from Microsoft’s 365 Defender Research Team, who published a new analysis of cryptojackers on Thursday on its blog. “In the past several months, Microsoft Defender Antivirus detected cryptojackers on
0 Comments
The Chinese advanced persistent threat (APT) actor known as APT41 (or Barium, Bronze Atlas, Double Dragon and Wicked Panda) has targeted at least 13 organizations across the US, Taiwan, India, Vietnam and China as part of four different campaigns in 2021. The news comes from Group-IB Security researchers, who published an advisory detailing APT41 activities from
0 Comments
Threat actors associated with BazarLoader, TrickBot and IcedID malware are now increasingly deploying the loader known as Bumblebee to breach target networks and subsequently conduct post-exploitation activities. The news comes from the Cybereason Global Security Operations Center (GSOC) team, who published a new advisory about Bumblebee on Thursday. “[We] observed threat actors transitioning from BazarLoader, Trickbot,
0 Comments
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new advisory warning of threat actors actively exploiting five different vulnerabilities in the Zimbra Collaboration Suite (ZCS). The document was compiled in collaboration with the Multi-State Information Sharing & Analysis Center (MS-ISAC) and explains how threat actors may be targeting unpatched ZCS instances in both