0 Comments
Hackers associated with North Korea are using trojanized versions of the PuTTY SSH open-source terminal emulator to install backdoors on victims’ devices. Discovered by Mandiant, the threat actor responsible for this campaign would be ‘UNC4034’ (also known as Temp.Hermit or Labyrinth Chollima). “Mandiant identified several overlaps between UNC4034 and threat clusters we suspect have a North
0 Comments
Have you ever said something you wish you could take back? Maybe it was a comment muttered in the heat of the moment that hurt someone’s feelings. Or maybe you just had a night out full of silly antics that you wouldn’t want your boss or grandma to see.   These are completely normal occurrences that
0 Comments
Cybersecurity researchers have exposed new connections between a widely used pay-per-install (PPI) malware service known as PrivateLoader and another PPI service dubbed ruzki. “The threat actor ruzki (aka les0k, zhigalsz) advertises their PPI service on underground Russian-speaking forums and their Telegram channels under the name ruzki or zhigalsz since at least May 2021,” SEKOIA said.
0 Comments
Cybersecurity agencies in the US, UK, Australia and Canada have warned that Iranian state-sponsored hackers are exploiting Log4j vulnerabilities in ransomware campaigns. An alert published this week said Tehran’s Islamic Revolutionary Guard Corps (IRGC) was behind multiple attacks exploiting VMware Horizon Log4j bugs on unprotected networks to enable disk encryption and data extortion. These include
0 Comments
Gamers looking for cheats on YouTube are being targeted with links to malicious password-protected archive files designed to install the RedLine Stealer malware and crypto miners on compromised machines. “The videos advertise cheats and cracks and provide instructions on hacking popular games and software,” Kaspersky security researcher Oleg Kupreev said in a new report published
0 Comments
The threat actor known as Webworm has been linked to several Windows–based remote access Trojans, suggests a new advisory by Symantec, a subsidiary of Broadcom Software. The group reportedly developed customized versions of three older remote access Trojans (RATs): Trochilus, Gh0st RAT and 9002 RAT.  The first of these tools, first spotted in 2005, is a
0 Comments
Safety has a feeling all its own, and that’s what’s at the heart of McAfee+.  We created McAfee+ so people can not only be safe but feel safe online, particularly in a time when there’s so much concern about identity theft and invasion of our online privacy.    And those concerns have merit. Last year,
0 Comments
The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. “Initial malicious activity originated from a Mitel appliance sitting on the network perimeter,” researchers from cybersecurity firm Arctic Wolf said in a report published
0 Comments
Worok takes aim at various high-profile organizations that operate in multiple sectors and are located primarily in Asia ESET researchers have revealed their findings about a previously unknown cyberespionage group that they named Worok. This APT group takes aim at various high-profile organizations that operate in multiple sectors and are located primarily in Asia, but
0 Comments
Two critical vulnerabilities were found in wireless LAN devices that are allegedly used to provide internet connectivity in airplanes. The flaws were discovered by Thomas Knudsen and Samy Younsi of Necrum Security Labs and affected the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec. “After performing reverse engineering of the firmware, we
0 Comments
by Paul Ducklin Researchers at threat intelligence company Group-IB just wrote an intriguing real-life story about an annoyingly simple but surprisingly effective phishing trick known as BitB, short for browser-in-the-browser. You’ve probably heard of several types of X-in-the-Y attack before, notably MitM and MitB, short for manipulator-in-the-middle and manipulator-in-the-browser. In a MitM attack, the attackers
0 Comments
Summary Pass-through authentication (PTA) is one of the Azure Active Directory (Azure AD) hybrid identity authentication methods. PTA relies on PTA agents installed on one or more on-premises servers. Azure AD uses a certificate-based authentication (CBA) to identify each agent. In May 2022, Secureworks® Counter Threat Unit™ (CTU) researchers analyzed how the protocols used by
0 Comments
Contemporary organizations understand the importance of data and its impact on improving interactions with customers, offering quality products or services, and building loyalty. Data is fundamental to business success. It allows companies to make the right decisions at the right time and deliver the high-quality, personalized products and services that customers expect. There is a
0 Comments
A group of threat actors previously associated with the ShadowPad remote access Trojan (RAT) has adopted a new toolset to conduct campaigns against various government and state–owned organizations across multiple Asian countries.  The news comes from the Threat Hunter Team at Symantec, who published a new advisory about the threats earlier today. According to the document,
0 Comments
China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi’an in June 2022. The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations (TAO) at
0 Comments
A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran’s Islamic Revolutionary Guard Corps (IRGC),
0 Comments
Security researchers have linked multiple ransomware campaigns to DEV–0270 (also known as Nemesis Kitten). The threat actor, widely considered a sub–group of Iranian actor PHOSPHORUS, conducts various malicious network operations on behalf of the Iranian government, according to a new write–up by Microsoft. However, judging from the threat actor’s geographic and sectoral targeting (which often