-
May 23, 2023
In a recent report, Trend Micro researchers uncovered a significant incident involving ALPHV/BlackCat ransomware, occured on February 2023. The attackers behind this operation employed a cunning tactic by utilizing signed malicious Windows kernel drivers, which allowed them to evade detection.… read more »
-
May 22, 2023
Most image recognition systems use what is known as Probabilistic Image Recognition, a technique used by computer systems to identify objects or patterns in images based on statistical probabilities. Rather than providing a definitive answer, the system assigns a probability… read more »
-
May 19, 2023
The FIN7 cybercrime group has added the Clop ransomware to its arsenal after a period of inactivity. They are known for previously using ransomware variants like REvil and Maze. According to a series of tweets from the Microsoft Security Intelligence… read more »
-
May 18, 2023
A cybercrime group called Lemon Group is using millions of pre-infected Android smartphones globally to carry out malicious activities, such as stealing and selling SMS messages, social media and online messaging accounts, as well as generating revenue through advertisements and… read more »
-
May 13, 2023
A new version of the Linux malware BPFDoor has been discovered, which is more stealthy and has stronger encryption and reverse shell communications. BPFDoor is a backdoor malware that was first discovered by security researchers about a year ago but… read more »
-
May 11, 2023
The leak of the Babuk ransomware code in September 2021 has led to the development of multiple ransomware families capable of targeting VMware ESXi systems. Several cybercrime groups have used the leaked source code to create new variants, indicating a… read more »
-
May 9, 2023
I am a big fan of to-do lists: having a to-do list always at hand relaxes me :-). But I’m also a big fan of command line interfaces: so on all my Linux boxes I started using a simple modification… read more »
-
May 5, 2023
Researchers from the Technical University of Berlin have discovered an exploit called faultTPM that can bypass security protections like BitLocker by exploiting a hardware bug in the firmware TPM (fTPM) of AMD Ryzen processors based on Zen 2 and 3… read more »
-
May 4, 2023
Check Point Research has discovered a new strain of malware, FluHorse, that is highly effective in infiltrating Android apps. The campaign is currently active in East Asia and has affected over 100,000 users. FluHorse is designed to steal sensitive information… read more »
-
May 4, 2023
According to a research by cybersecurity from Sophos, the APT group Dragon Breath (also known as Golden Eye Dog) is using complex variations of the classic DLL sideloading technique to evade detection. The group uses trojanized versions of Telegram, LetsVPN,… read more »
-
May 2, 2023
A new malware called LOBSHOT is being distributed through Google Ads by impersonating a legitimate remote management software, AnyDesk. The malware, analyzed by cybersecurity experts from Elastic Security Labs. is a remote access trojan that allows threat actors to take… read more »
-
Apr 29, 2023
In March and April 2023, cybersecurity firm TrendMicro discovered a new type of ransomware called Rapture that targets its victims using a minimalistic approach with tools that leave only a minimal footprint behind. This malware was found to have similarities… read more »
-
Apr 29, 2023
A new information stealer for Apple macOS, called Atomic macOS Stealer (AMOS), is being advertised on Telegram for $1,000 per month. According to a recent research from Cyble, the malware can steal various types of information from the victim’s machine,… read more »
-
Apr 26, 2023
Alloy Taurus, a Chinese nation-state group known for attacking telecom companies since at least 2012, has been found to be using a Linux variant of the PingPull backdoor and a new tool called Sword2033, according to cybersecurity company Palo Alto… read more »
-
Apr 25, 2023
North Korea-linked BlueNoroff APT group has been observed by security firm Jamf using a new macOS malware called RustBucket in recent attacks. The RustBucket malware allows operators to download and execute various payloads. The first-stage was contained within an unsigned… read more »
-
Apr 24, 2023
Several years ago, during a SANS course, I discovered TiddlyWiki for the first time. Since then, I have never stopped using it, despite its somewhat dated UI. TiddlyWiki is a highly versatile and customizable personal wiki that allows me to… read more »
-
Apr 21, 2023
Cybercriminals are using a new method called RBAC Buster to create persistent backdoor accounts on Kubernetes clusters and use their resources for Monero crypto-mining. The RBAC (Role-Based Access Control) system is used by admins to define which users or service… read more »
-
Apr 21, 2023
Google has fixed a security flaw called GhostToken that allowed attackers to backdoor Google Cloud Platform (GCP) users’ accounts using malicious OAuth applications installed from the Google Marketplace or third-party providers. According to a research by Astrix Security, after being… read more »
-
Apr 20, 2023
The Lazarus Group, a North Korea-aligned state-sponsored actor, has been attributed to a new campaign called Operation Dream Job that targets Linux users. In a report recently published, analists from cybersecurity firm ESET revealed that this social engineering scheme involves… read more »
-
Apr 19, 2023
AuKill is a new hacking tool used by threat actors to disable Endpoint Detection & Response (EDR) software on victims’ systems before deploying backdoors and ransomware in Bring Your Own Vulnerable Driver (BYOVD) attacks. The malware, first spotted by Sophos… read more »