Cisco Talos is aware of the recent reporting around a new modular malware family, Cyclops Blink, that targets small and home office (SOHO) devices, similar to previously observed threats like VPNFilter.
Ukraine calls for volunteer hackers to protect its critical infrastructure and spy on Russian forces
The government of Ukraine is calling on the hacking community to volunteer its expertise and capabilities, following the invasion of the country by Russian forces.
The options reportedly included tampering with trains, electric service and internet connectivity, hampering Russia’s military operations in Ukraine.
Unit 42 has been tracking an APT campaign we name TiltedTemple, which we first identified in connection with its use of the Zoho ManageEngine ADSelfService Plus vulnerability CVE-2021-40539 and ServiceDesk Plus vulnerability CVE-2021-44077.
President Joe Biden has been presented with a menu of options for the U.S. to carry out massive cyberattacks designed to disrupt Russia’s ability to sustain its military operations in Ukraine, four people familiar with the deliberations tell NBC News. Two U.S.
Executive Summary On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations.
The ASEC analysis team has recently discovered the distribution of Cobalt Strike targeting MS-SQL servers that are vulnerable to malware attacks. MS-SQL server is a typical database server of the Windows environment, and it has consistently been a target of attack from the past.
In 2021, Mandiant observed some threat actors deploying ransomware increasingly shift to exploiting vulnerabilities as an initial infection vector. UNC2596, a threat actor that deploys COLDDRAW ransomware, publicly known as Cuba Ransomware, exemplifies this trend.
A new form of disk-wiping malware (Trojan.Killdisk) was used to attack organizations in Ukraine shortly before the launch of a Russian invasion this morning (February 24). Symantec, a division of Broadcom Software, has also found evidence of wiper attacks against an organization in Lithuania.
Full Report Download: The Bvp47 Technical Paper (PDF) In a certain month of 2013, during an in-depth forensic investigation of a host in a key domestic department, researchers from the Pangu Lab extracted a set of advanced backdoors on the Linux platform, which used advanced covert channel behavior
In a previous blogpost, I wrote about a security bug I found in GitHub, which would have allowed an attacker to get write access to almost any public repository. As a quick recap: This post describes a different security bug I found in GitHub, using a similar attack strategy.
Steal credentials and bypass 2FA by giving users remote access to your server via an HTML5 VNC client that has a browser running in kiosk mode. Recently I was on an engagement where all the users had 2FA enabled on their email. I quickly setup the great Evilginx2 as I usually would.
A Good Old Equation Editor Vulnerability Delivering MalwareA Good Old Equation Editor Vulnerability Delivering Malware, Author
Here is another sample demonstrating how attackers still rely on good old vulnerabilities… In 2017, Microsoft Office suffered from a critical vulnerability that affected its Equation Editor tool, known as CVE-2017-11882.
Taiwanese security firm links APT10 Chinese espionage group to attacks on local financial sector. Attacks targeted a vulnerability in a security product used by roughly 80% of the Taiwanese financial sector.
It should be noted that the site e4ppgzueqjiam3qvhzffwraakvcgzrjp5dzl3xzv24w6q5rjr7kq.b32.i2p:4545 can only be accessed through I2P. We looked for other similar samples in VirusTotal and our sample collection using TLSH, Yara, and other tools.
I want to start this post by calling out to @NotMedic and telling the world he is a wizard who knows so much about protocol attacks. This post takes the work he has done on NetNTLMtoSilverTicket and adds in a different initial vector of Petit Potam.
Ukraine Says Chernobyl Radiation Has Exceeded Safe Levels, Staff Held Hostage, Fears ‘Planetary Environmental Disaster’
Russia has seized control over the nuclear and radiation facilities at Chernobyl, a move that Ukrainian officials told Motherboard constitutes a war crime and has already kicked up radioactive dust.
The government of Ukraine is asking for volunteers from the country’s hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops, according two people involved in the project.
Moxie Marlinspike, the founder of encrypted comms app Signal Moxie Marlinspike, has warned about the use of Telegram as a form of secure communications, as Ukraine makes heavy use of the app in the midst of war with Russia.
Netflix is testing Fast Laughs, a stream of comedy clips hand-picked by Netflix, on its TV app.