APT

New Open Source Tool Hunts for APT Activity in the Cloud

APT, cloud security, open source /

New Open Source Tool Hunts for APT Activity in the Cloud 2024-03-11 at 12:47 By Ionut Arghire The CloudGrappler open source tool can detect the presence of known threat actors in cloud environments. The post New Open Source Tool Hunts for APT Activity in the Cloud appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

New Open Source Tool Hunts for APT Activity in the Cloud Read More »

Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails

APT, Incident Response, Malware & Threats, Microsoft, Midnight Blizzard, Nation-State, SolarWinds /

Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails 2024-03-08 at 21:34 By Ryan Naraine Microsoft says the Midnight Blizzard APT group may still be poking around its internal network after stealing source code, spying on emails. The post Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive

React to this headline:

Loading spinner

Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails Read More »

Cybercriminals harness AI for new era of malware development

APT, Artificial Intelligence, cybercriminals, cybersecurity, dark web, Data leak, Group-IB, Malware, News, Ransomware, report, social engineering /

Cybercriminals harness AI for new era of malware development 2024-03-01 at 08:31 By Help Net Security The alliance between ransomware groups and initial access brokers (IABs) is still the powerful engine for cybercriminal industry, as evidenced by the 74% year-on-year increase in the number of companies that had their data uploaded on dedicated leak sites

React to this headline:

Loading spinner

Cybercriminals harness AI for new era of malware development Read More »

JCDC’s strategic shift: Prioritizing cyber hardening

APT, Artificial Intelligence, CISA, critical infrastructure, cybersecurity, Don't miss, Features, Government, Hot stuff, NCSC, News, opinion, Ransomware, strategy, Xage Security /

JCDC’s strategic shift: Prioritizing cyber hardening 2024-03-01 at 08:01 By Mirko Zorz In this Help Net Security interview, Geoffrey Mattson, CEO of Xage Security, discusses the evolution of the Joint Cyber Defense Collaborative (JCDC) since its 2021 inception and tackles its 2024 strategic priorities in response to escalating cyber threats. He elaborates on JCDC’s strategies

React to this headline:

Loading spinner

JCDC’s strategic shift: Prioritizing cyber hardening Read More »

APT29 revamps its techniques to breach cloud environments

APT, CISA, cloud security, cybercrime, Don't miss, FBI, Hot stuff, NCSC, News, NSA, threat /

APT29 revamps its techniques to breach cloud environments 2024-02-27 at 14:16 By Helga Labus Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned. About APT29 APT29 (aka Midnight Blizzard, aka Cozy Bear) is a cyber espionage group believed to

React to this headline:

Loading spinner

APT29 revamps its techniques to breach cloud environments Read More »

How are state-sponsored threat actors leveraging AI?

APT, Artificial Intelligence, Don't miss, generative AI, government-backed attacks, Hot stuff, LLMs, Microsoft, News, OpenAI, threats /

How are state-sponsored threat actors leveraging AI? 2024-02-14 at 18:31 By Helga Labus Microsoft and OpenAI have identified attempts by various state-affiliated threat actors to use large language models (LLMs) to enhance their cyber operations. Threat actors use LLMs for various tasks Just as defenders do, threat actors are leveraging AI (more specifically: LLMs) to

React to this headline:

Loading spinner

How are state-sponsored threat actors leveraging AI? Read More »

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)

0-day, APT, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, MS Office, News, Tenable, Trend Micro, vulnerability /

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) 2024-02-13 at 22:01 By Zeljka Zorz On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen

React to this headline:

Loading spinner

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) Read More »

Russian hackers breached Microsoft, HPE corporate maliboxes

APT, cyber espionage, data breach, Don't miss, Hot stuff, HPE, Microsoft, News /

Russian hackers breached Microsoft, HPE corporate maliboxes 2024-01-25 at 15:31 By Helga Labus Cozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microsoft breach Last Friday, Microsoft revealed

React to this headline:

Loading spinner

Russian hackers breached Microsoft, HPE corporate maliboxes Read More »

1,700 Ivanti VPN devices compromised. Are yours among them?

0-day, APT, Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, News, SMBs, threat hunting, Volexity, VPN, web shell /

1,700 Ivanti VPN devices compromised. Are yours among them? 2024-01-16 at 17:16 By Zeljka Zorz Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit

React to this headline:

Loading spinner

1,700 Ivanti VPN devices compromised. Are yours among them? Read More »

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)

0-day, APT, backdoor, Don't miss, enterprise, Hot stuff, Ivanti, News, Volexity, VPN, web shell /

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) 2024-01-11 at 13:46 By Zeljka Zorz Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk of exploitation can be mitigated by importing mitigation.release.20240107.1.xml

React to this headline:

Loading spinner

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) Read More »

Russian hackers target unpatched JetBrains TeamCity servers

APT, CISA, cyber espionage, Don't miss, enterprise, exploit, Fortinet, Hot stuff, JetBrains, National Cyber Security Centre, News, Shadowserver, vulnerability /

Russian hackers target unpatched JetBrains TeamCity servers 14/12/2023 at 16:04 By Helga Labus Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. The targets APT 29 (aka CozyBear, aka Midnight Blizzard), believed to be associated with

React to this headline:

Loading spinner

Russian hackers target unpatched JetBrains TeamCity servers Read More »

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)

APT, cyber espionage, Don't miss, Email, EU, Hot stuff, Microsoft, Microsoft Exchange, News, Outlook, vulnerability /

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) 05/12/2023 at 17:47 By Helga Labus Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining

React to this headline:

Loading spinner

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) Read More »

Sandworm hackers incapacitated Ukrainian power grid amid missile strike

APT, critical infrastructure, Don't miss, Hot stuff, ICS/SCADA, Malware, Mandiant, News, Russian Federation /

Sandworm hackers incapacitated Ukrainian power grid amid missile strike 09/11/2023 at 19:17 By Helga Labus Russia-backed ATP group Sandworm is behind the cyberattack that caused disruption of parts of the Ukrainian power grid in late 2022, according to Mandiant. About Sandworm “Sandworm is a threat actor that has carried out cyber operations in support of

React to this headline:

Loading spinner

Sandworm hackers incapacitated Ukrainian power grid amid missile strike Read More »

DoNot APT expands its arsenal to spy on victim’s VoIP calls

Android, APT, DoNot, Kashmir, spyware /

DoNot APT expands its arsenal to spy on victim’s VoIP calls 01/11/2023 at 17:17 By cybleinc Cyble analyzes the latest version of Android malware used by the DoNot APT group in their espionage campaign. The post DoNot APT expands its arsenal to spy on victim’s VoIP calls appeared first on Cyble. This article is an

React to this headline:

Loading spinner

DoNot APT expands its arsenal to spy on victim’s VoIP calls Read More »

Higaisa APT Resurfaces via Phishing Website targeting Chinese Users

APT, China, Higaisa, OpenVPN, phishing /

Higaisa APT Resurfaces via Phishing Website targeting Chinese Users 26/10/2023 at 13:46 By cybleinc CRIL analyzes Higaisa APT targeting Chinese users through phishing websites to deliver a Rust-based Shellcode Loader. The post Higaisa APT Resurfaces via Phishing Website targeting Chinese Users appeared first on Cyble. This article is an excerpt from Cyble View Original Source

React to this headline:

Loading spinner

Higaisa APT Resurfaces via Phishing Website targeting Chinese Users Read More »

‘YoroTrooper’ Espionage Group Linked to Kazakhstan

APT, Malware & Threats /

‘YoroTrooper’ Espionage Group Linked to Kazakhstan 25/10/2023 at 23:46 By Ionut Arghire Cisco links the espionage-focused ‘YoroTrooper’ threat actor to Kazakhstan. The post ‘YoroTrooper’ Espionage Group Linked to Kazakhstan appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

‘YoroTrooper’ Espionage Group Linked to Kazakhstan Read More »

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)

0-day, APT, Don't miss, Europe, government-backed attacks, Hot stuff, News, open source, Roundcube /

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) 25/10/2023 at 14:46 By Zeljka Zorz The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation of the XSS vulnerability can

React to this headline:

Loading spinner

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) Read More »

Bracing for AI-enabled ransomware and cyber extortion attacks

APT, Artificial Intelligence, attacks, cybercriminals, cybersecurity, Don't miss, education, Email, Expert analysis, Expert corner, extortion, Hot stuff, Malware, News, opinion, phishing, Ransomware, spear-phishing, Zscaler /

Bracing for AI-enabled ransomware and cyber extortion attacks 24/10/2023 at 07:37 By Help Net Security AI has been the shiniest thing in tech since at least November 2022, when ChatGPT was made available to the masses and unveiled the transformative potential of large language models for all the world to see. As businesses scramble to

React to this headline:

Loading spinner

Bracing for AI-enabled ransomware and cyber extortion attacks Read More »

North Korean hackers are targeting software developers and impersonating IT workers

APT, Don't miss, FBI, Hot stuff, Insider Threat, Microsoft, News, North Korea, software development, supply chain compromise, vulnerability /

North Korean hackers are targeting software developers and impersonating IT workers 20/10/2023 at 13:52 By Helga Labus State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. North Korean hackers targeting developers Microsoft has outlined on Wednesday how

React to this headline:

Loading spinner

North Korean hackers are targeting software developers and impersonating IT workers Read More »

Scroll to Top