-
Apr 25, 2023
North Korea-linked BlueNoroff APT group has been observed by security firm Jamf using a new macOS malware called RustBucket in recent attacks. The RustBucket malware allows operators to download and execute various payloads. The first-stage was contained within an unsigned… read more »
-
Apr 24, 2023
Several years ago, during a SANS course, I discovered TiddlyWiki for the first time. Since then, I have never stopped using it, despite its somewhat dated UI. TiddlyWiki is a highly versatile and customizable personal wiki that allows me to… read more »
-
Apr 21, 2023
Cybercriminals are using a new method called RBAC Buster to create persistent backdoor accounts on Kubernetes clusters and use their resources for Monero crypto-mining. The RBAC (Role-Based Access Control) system is used by admins to define which users or service… read more »
-
Apr 21, 2023
Google has fixed a security flaw called GhostToken that allowed attackers to backdoor Google Cloud Platform (GCP) users’ accounts using malicious OAuth applications installed from the Google Marketplace or third-party providers. According to a research by Astrix Security, after being… read more »
-
Apr 20, 2023
The Lazarus Group, a North Korea-aligned state-sponsored actor, has been attributed to a new campaign called Operation Dream Job that targets Linux users. In a report recently published, analists from cybersecurity firm ESET revealed that this social engineering scheme involves… read more »
-
Apr 19, 2023
AuKill is a new hacking tool used by threat actors to disable Endpoint Detection & Response (EDR) software on victims’ systems before deploying backdoors and ransomware in Bring Your Own Vulnerable Driver (BYOVD) attacks. The malware, first spotted by Sophos… read more »
-
Apr 18, 2023
The China-linked APT41 cyberespionage group (also known as HOODOO) used the open-source red teaming tool GC2 in an attack against an unnamed Taiwanese media organization in October 2022, using as payload an open source red teaming tool called “Google Command… read more »
-
Apr 17, 2023
QBot, a dangerous Windows banking Trojan, is being used in a new series of attacks against corporate targets. Cybercriminals are using new techniques to distribute the malware, including email phishing scams: infiltrating email conversations and tricking users into downloading a… read more »
-
Apr 16, 2023
According to some twitter threads published by cybersecurity researchers vx-underground and MalwareHunterTeam, the major ransomware operation LockBit has created encryptors specifically targeting MacOS for the first time. "locker_Apple_M1_64": 3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79As much as I can tell, this is the first Apple's Mac… read more »
-
Apr 16, 2023
A new Android malware called ‘Goldoson’ has been distributed via Google Play through 60 legitimate apps with 100 million downloads. The malware is part of a third-party library that developers have unwittingly added to their apps. According to a research… read more »
-
Apr 14, 2023
The Vice Society ransomware gang has developed a new PowerShell script to automate data theft from compromised networks, which is fully automated and uses “living off the land” binaries and scripts to remain undetected. The script uses multiple functions to… read more »
-
Apr 13, 2023
A cybercriminal gang called Read The Manual (RTM) Locker has been described in detail by cybersecurity researchers of Trellix . RTM is a private ransomware-as-a-service (RaaS) provider that conducts opportunistic attacks to generate illicit profits. The group operates through affiliates,… read more »
-
Apr 13, 2023
Legion is a new Python-based tool being sold on Telegram by cybercriminals that targets online email services for phishing and spam attacks. According to a reserch from cybersecurity firm Cado, Legion is a modular malware likely based on the AndroxGhOst… read more »
-
Apr 11, 2023
Microsoft and Citizen Lab reported that an Israeli-based company, QuaDream, had used a zero-click exploit named ENDOFDAYS to compromise the iPhones of high-risk individuals. The attackers targeted a zero-day vulnerability affecting iPhones running iOS 1.4 up to 14.4.2 between January… read more »
-
Apr 10, 2023
According to a recent research by security firm Sucuri, a malware campaign called Balada Injector has infected over one million WordPress websites since 2017 by exploiting known vulnerabilities in themes and plugins. The attackers use various methods, including String.fromCharCode obfuscation,… read more »
-
Apr 9, 2023
In a comprehensive analysis published by SentinelOne Labs, researchers dissect the inner workings of AlienFox, a highly versatile and multi-functional malware highlighting its features and the risks it poses. What is AlienFox? AlienFox is a highly adaptable and multi-purpose cyber… read more »
-
Apr 9, 2023
In a recent article published by Securelist, researchers detailed the supply chain attack targeting the 3CX Phone System: the attackers managed to compromise the 3CX update infrastructure and deployed a malicious backdoor, dubbed GOPURAM, to unsuspecting users. The GOPURAM backdoor… read more »
-
Apr 8, 2023
Security researchers at Cyble recently discovered a new ransomware variant with some concerning capabilities. Called “Cylance”, this ransomware has a number of advanced features that allow attackers to customize attacks. The ransomware has many command-line options that allow attackers to specify things like file… read more »
-
Apr 8, 2023
Bitdefender’s Cybersecurity Assessment Report 2023 reveals that almost a third of surveyed companies do not disclose data breaches. The report, which summarizes the results of a survey conducted between December 2022 and January 2023, also shows that 52% of IT… read more »
-
Apr 7, 2023
Researchers have discovered that cybercriminals are using Telegram to sell phishing kits and set up phishing campaigns. Phishers create Telegram channels to promote their wares and educate their audience about phishing techniques. Links to these channels are distributed via YouTube,… read more »