APT

100+ domains seized to stymie Russian Star Blizzard hackers

APT, Don't miss, Hot stuff, Justice Department, Microsoft, News, phishing /

100+ domains seized to stymie Russian Star Blizzard hackers 2024-10-04 at 14:18 By Zeljka Zorz Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor. “Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks, […]

React to this headline:

Loading spinner

100+ domains seized to stymie Russian Star Blizzard hackers Read More »

Private US companies targeted by Stonefly APT

APT, Don't miss, enterprise, extortion, government-backed attacks, Hot stuff, Mandiant, News, North Korea, Symantec, USA /

Private US companies targeted by Stonefly APT 2024-10-03 at 14:01 By Zeljka Zorz Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. About Stonefly Also known as Andariel and OnyxFleet, Stonefly has been linked to

React to this headline:

Loading spinner

Private US companies targeted by Stonefly APT Read More »

Nexe Backdoor Unleashed: Patchwork APT Group’s Sophisticated Evasion of Defenses

APT, cybercrime /

Nexe Backdoor Unleashed: Patchwork APT Group’s Sophisticated Evasion of Defenses 2024-09-26 at 20:16 By rohansinhacyblecom Key takeaways Overview Patchwork, also known as Dropping Elephant, is a highly active advanced persistent threat (APT) group that has been engaged in cyber espionage operations since 2009. Believed to be based in India, this group primarily targets high-profile organizations

React to this headline:

Loading spinner

Nexe Backdoor Unleashed: Patchwork APT Group’s Sophisticated Evasion of Defenses Read More »

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

0-day, APT, Check Point, CVE, Don't miss, Hot stuff, Microsoft, News, security update, Trend Micro, vulnerability, Windows /

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) 2024-09-16 at 15:46 By Zeljka Zorz CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,”

React to this headline:

Loading spinner

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) Read More »

How human-led threat hunting complements automation in detecting cyber threats

APT, Artificial Intelligence, automation, cybersecurity, Don't miss, Features, Hot stuff, MorganFranklin Consulting, News, threat hunting /

How human-led threat hunting complements automation in detecting cyber threats 2024-09-10 at 07:01 By Mirko Zorz In this Help Net Security interview, Shane Cox, Director, Cyber Fusion Center at MorganFranklin Consulting, discusses the evolving methodologies and strategies in threat hunting and explains how human-led approaches complement each other to form a robust defense. Cox also

React to this headline:

Loading spinner

How human-led threat hunting complements automation in detecting cyber threats Read More »

Spear-Phishing in the Battlefield: Gamaredon’s Ongoing Assault on Ukraine’s Military

APT, Cyberwarfare /

Spear-Phishing in the Battlefield: Gamaredon’s Ongoing Assault on Ukraine’s Military 2024-09-06 at 11:46 By rohansinhacyblecom Key Takeaways Executive Summary As the Russia-Ukraine conflict continues to evolve, we remain vigilant in monitoring emerging threats. Previously, we tracked the activities of UNC1151, which targeted Ukraine’s Ministry of Defence with a malicious Excel document designed to compromise sensitive

React to this headline:

Loading spinner

Spear-Phishing in the Battlefield: Gamaredon’s Ongoing Assault on Ukraine’s Military Read More »

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites

APT, Don't miss, exploit, Government, government-backed attacks, Hot stuff, Malware, News, Russian Federation /

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites 2024-08-29 at 16:16 By Zeljka Zorz Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and July 2024, threat actors have repeatedly

React to this headline:

Loading spinner

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites Read More »

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)

APT, CVE, cybercrime, Don't miss, ESET, exploit, Hot stuff, News, Windows /

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) 2024-08-28 at 12:02 By Help Net Security ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East Asian countries. When examining the root cause, ESET discovered another way to

React to this headline:

Loading spinner

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) Read More »

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

0-day, APT, Don't miss, Hot stuff, ISP, Lumen, Malware, misconfiguration, MSP, News, USA, Versa Networks, web shell /

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) 2024-08-27 at 19:01 By Zeljka Zorz Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials enabling the attackers to access the providers’ downstream

React to this headline:

Loading spinner

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) Read More »

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

0-day, APT, Don't miss, drivers, Hot stuff, News, North Korea, rootkits, vulnerability /

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) 2024-08-20 at 16:01 By Zeljka Zorz CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-2024-38193 is a use-after-free

React to this headline:

Loading spinner

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) Read More »

Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign 

APT /

Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign  2024-08-14 at 13:16 By Cyble Key Takeaways  Executive Summary  In May 2024, QiAnXin Threat Intelligence Centre identified a campaign from a financially motivated advanced persistent threat (APT) group from East Asia, which they named UTG-Q-010. According to the researchers, UTG-Q-010’s activities date back to late 2022, and

React to this headline:

Loading spinner

Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign  Read More »

Chinese hackers compromised an ISP to deliver malicious software updates

APT, cyber espionage, DNS, Don't miss, ESET, Hot stuff, ISP, Malware, News, supply chain compromise, Symantec, Volexity /

Chinese hackers compromised an ISP to deliver malicious software updates 2024-08-05 at 13:46 By Zeljka Zorz APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive Panda, aka StormCloud), a Chinese-speaking threat

React to this headline:

Loading spinner

Chinese hackers compromised an ISP to deliver malicious software updates Read More »

Indian APT Targeting Mediterranean Ports and Maritime Facilities

APT, India, Malware & Threats, Maritime /

Indian APT Targeting Mediterranean Ports and Maritime Facilities 2024-07-30 at 17:01 By Ionut Arghire The SideWinder APT has been targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea in recent attacks. The post Indian APT Targeting Mediterranean Ports and Maritime Facilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Indian APT Targeting Mediterranean Ports and Maritime Facilities Read More »

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks

APT, Check Point, CVE, Don't miss, Hot stuff, Internet Explorer, News, spear-phishing, Trend Micro, Windows /

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks 2024-07-16 at 16:46 By Zeljka Zorz The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Trend Micro’s

React to this headline:

Loading spinner

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks Read More »

Chinese APT40 group swifly leverages public PoC exploits

APT, Australia, China, CISA, Don't miss, Hot stuff, News, PoC, web application, web shell /

Chinese APT40 group swifly leverages public PoC exploits 2024-07-09 at 14:46 By Zeljka Zorz Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns. The group, which is also known as Kryptonite Panda

React to this headline:

Loading spinner

Chinese APT40 group swifly leverages public PoC exploits Read More »

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack

APT, data breach, Don't miss, enterprise, Hot stuff, Microsoft, News, TeamViewer /

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack 2024-07-08 at 20:31 By Zeljka Zorz TeamViewer, the company developing the popular remote access/control software with the same name, has finished the investigation into the breach it detected in late June 2024, and has confirmed that it was limited to their internal corporate IT environment. “Neither our separated

React to this headline:

Loading spinner

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack Read More »

Vietnamese Entities Targeted by China-Linked Mustang Panda in Cyber Espionage 

APT /

Vietnamese Entities Targeted by China-Linked Mustang Panda in Cyber Espionage  2024-06-10 at 15:16 By neetha871ad236bd Key Takeaways:  Overview    In April 2017, researchers at CrowdStrike Falcon Intelligence identified a previously unattributed TA group targeting a U.S.-based think tank with ties to China. Further investigation uncovered a broader campaign exhibiting distinctive tactics, techniques, and procedures (TTPs). This

React to this headline:

Loading spinner

Vietnamese Entities Targeted by China-Linked Mustang Panda in Cyber Espionage  Read More »

90% of threats are social engineering

APT, Avast, cybersecurity, Don't miss, Gen, Hot stuff, Malware, phishing, Ransomware, scams, social engineering, threats, Video /

90% of threats are social engineering 2024-06-06 at 06:32 By Help Net Security In this Help Net Security video, Jakub Kroustek, Malware Research Director at Gen, discusses the Avast Q1 2024 Threat Report. The report highlights significant trends and incidents in cybersecurity. Key findings include: Surge in social engineering attacks: Nearly 90% of threats blocked

React to this headline:

Loading spinner

90% of threats are social engineering Read More »

UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence

APT, cyberespionage /

UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence 2024-06-04 at 15:31 By neetha871ad236bd Key Takeaways  Overview  Mandiant Threat Intelligence has uncovered a persistent information operation called “Ghostwriter/UNC1151,” which is part of a larger influence campaign supporting Russian security interests and promoting narratives critical of NATO. Active since at least March 2017, this

React to this headline:

Loading spinner

UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence Read More »

Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection 

APT /

Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection  2024-05-20 at 13:46 By neetha871ad236bd Key Takeaways  Overview  CRIL identified a campaign utilizing malicious .LNK files masquerading as a PDF document. Upon execution, the .LNK file loads and displays a human rights seminar invitation as a lure document, suggesting that the threat actor

React to this headline:

Loading spinner

Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection  Read More »

Scroll to Top