APT

A “cascade” of errors let Chinese hackers into US government inboxes

APT, CISA, cloud security, CSP, Don't miss, Government, government-backed attacks, Hot stuff, Microsoft, News, UK, USA /

A “cascade” of errors let Chinese hackers into US government inboxes 2024-04-03 at 16:46 By Zeljka Zorz Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The stolen 2016 MSA key in […]

React to this headline:

Loading spinner

A “cascade” of errors let Chinese hackers into US government inboxes Read More »

Zero-day exploitation surged in 2023, Google finds

0-day, APT, cybercrime, Don't miss, exploit, Google, Hot stuff, Mandiant, News, spyware /

Zero-day exploitation surged in 2023, Google finds 2024-03-28 at 17:17 By Zeljka Zorz 2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack. Another interesting conclusion from

React to this headline:

Loading spinner

Zero-day exploitation surged in 2023, Google finds Read More »

Cyberespionage Campaign Targets Government, Energy Entities in India

APT, Cyberwarfare, India, Malware & Threats, Nation-State, phishing, spear-phishing /

Cyberespionage Campaign Targets Government, Energy Entities in India 2024-03-28 at 17:17 By Ionut Arghire Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India. The post Cyberespionage Campaign Targets Government, Energy Entities in India appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Cyberespionage Campaign Targets Government, Energy Entities in India Read More »

Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon

APT, China APT, Five Eyes, Government, Nation-State, Volt Typhoon /

Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon 2024-03-20 at 15:01 By Ionut Arghire Government agencies in the Five Eyes countries warn critical infrastructure entities of Chinese state-sponsored hacking group Volt Typhoon. The post Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon Read More »

New Open Source Tool Hunts for APT Activity in the Cloud

APT, cloud security, open source /

New Open Source Tool Hunts for APT Activity in the Cloud 2024-03-11 at 12:47 By Ionut Arghire The CloudGrappler open source tool can detect the presence of known threat actors in cloud environments. The post New Open Source Tool Hunts for APT Activity in the Cloud appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

New Open Source Tool Hunts for APT Activity in the Cloud Read More »

Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails

APT, Incident Response, Malware & Threats, Microsoft, Midnight Blizzard, Nation-State, SolarWinds /

Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails 2024-03-08 at 21:34 By Ryan Naraine Microsoft says the Midnight Blizzard APT group may still be poking around its internal network after stealing source code, spying on emails. The post Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive

React to this headline:

Loading spinner

Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails Read More »

Cybercriminals harness AI for new era of malware development

APT, Artificial Intelligence, cybercriminals, cybersecurity, dark web, Data leak, Group-IB, Malware, News, Ransomware, report, social engineering /

Cybercriminals harness AI for new era of malware development 2024-03-01 at 08:31 By Help Net Security The alliance between ransomware groups and initial access brokers (IABs) is still the powerful engine for cybercriminal industry, as evidenced by the 74% year-on-year increase in the number of companies that had their data uploaded on dedicated leak sites

React to this headline:

Loading spinner

Cybercriminals harness AI for new era of malware development Read More »

JCDC’s strategic shift: Prioritizing cyber hardening

APT, Artificial Intelligence, CISA, critical infrastructure, cybersecurity, Don't miss, Features, Government, Hot stuff, NCSC, News, opinion, Ransomware, strategy, Xage Security /

JCDC’s strategic shift: Prioritizing cyber hardening 2024-03-01 at 08:01 By Mirko Zorz In this Help Net Security interview, Geoffrey Mattson, CEO of Xage Security, discusses the evolution of the Joint Cyber Defense Collaborative (JCDC) since its 2021 inception and tackles its 2024 strategic priorities in response to escalating cyber threats. He elaborates on JCDC’s strategies

React to this headline:

Loading spinner

JCDC’s strategic shift: Prioritizing cyber hardening Read More »

APT29 revamps its techniques to breach cloud environments

APT, CISA, cloud security, cybercrime, Don't miss, FBI, Hot stuff, NCSC, News, NSA, threat /

APT29 revamps its techniques to breach cloud environments 2024-02-27 at 14:16 By Helga Labus Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned. About APT29 APT29 (aka Midnight Blizzard, aka Cozy Bear) is a cyber espionage group believed to

React to this headline:

Loading spinner

APT29 revamps its techniques to breach cloud environments Read More »

How are state-sponsored threat actors leveraging AI?

APT, Artificial Intelligence, Don't miss, generative AI, government-backed attacks, Hot stuff, LLMs, Microsoft, News, OpenAI, threats /

How are state-sponsored threat actors leveraging AI? 2024-02-14 at 18:31 By Helga Labus Microsoft and OpenAI have identified attempts by various state-affiliated threat actors to use large language models (LLMs) to enhance their cyber operations. Threat actors use LLMs for various tasks Just as defenders do, threat actors are leveraging AI (more specifically: LLMs) to

React to this headline:

Loading spinner

How are state-sponsored threat actors leveraging AI? Read More »

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)

0-day, APT, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, MS Office, News, Tenable, Trend Micro, vulnerability /

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) 2024-02-13 at 22:01 By Zeljka Zorz On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen

React to this headline:

Loading spinner

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) Read More »

Russian hackers breached Microsoft, HPE corporate maliboxes

APT, cyber espionage, data breach, Don't miss, Hot stuff, HPE, Microsoft, News /

Russian hackers breached Microsoft, HPE corporate maliboxes 2024-01-25 at 15:31 By Helga Labus Cozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microsoft breach Last Friday, Microsoft revealed

React to this headline:

Loading spinner

Russian hackers breached Microsoft, HPE corporate maliboxes Read More »

1,700 Ivanti VPN devices compromised. Are yours among them?

0-day, APT, Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, News, SMBs, threat hunting, Volexity, VPN, web shell /

1,700 Ivanti VPN devices compromised. Are yours among them? 2024-01-16 at 17:16 By Zeljka Zorz Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit

React to this headline:

Loading spinner

1,700 Ivanti VPN devices compromised. Are yours among them? Read More »

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)

0-day, APT, backdoor, Don't miss, enterprise, Hot stuff, Ivanti, News, Volexity, VPN, web shell /

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) 2024-01-11 at 13:46 By Zeljka Zorz Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk of exploitation can be mitigated by importing mitigation.release.20240107.1.xml

React to this headline:

Loading spinner

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) Read More »

Russian hackers target unpatched JetBrains TeamCity servers

APT, CISA, cyber espionage, Don't miss, enterprise, exploit, Fortinet, Hot stuff, JetBrains, National Cyber Security Centre, News, Shadowserver, vulnerability /

Russian hackers target unpatched JetBrains TeamCity servers 14/12/2023 at 16:04 By Helga Labus Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. The targets APT 29 (aka CozyBear, aka Midnight Blizzard), believed to be associated with

React to this headline:

Loading spinner

Russian hackers target unpatched JetBrains TeamCity servers Read More »

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)

APT, cyber espionage, Don't miss, Email, EU, Hot stuff, Microsoft, Microsoft Exchange, News, Outlook, vulnerability /

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) 05/12/2023 at 17:47 By Helga Labus Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining

React to this headline:

Loading spinner

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) Read More »

Sandworm hackers incapacitated Ukrainian power grid amid missile strike

APT, critical infrastructure, Don't miss, Hot stuff, ICS/SCADA, Malware, Mandiant, News, Russian Federation /

Sandworm hackers incapacitated Ukrainian power grid amid missile strike 09/11/2023 at 19:17 By Helga Labus Russia-backed ATP group Sandworm is behind the cyberattack that caused disruption of parts of the Ukrainian power grid in late 2022, according to Mandiant. About Sandworm “Sandworm is a threat actor that has carried out cyber operations in support of

React to this headline:

Loading spinner

Sandworm hackers incapacitated Ukrainian power grid amid missile strike Read More »

DoNot APT expands its arsenal to spy on victim’s VoIP calls

Android, APT, DoNot, Kashmir, spyware /

DoNot APT expands its arsenal to spy on victim’s VoIP calls 01/11/2023 at 17:17 By cybleinc Cyble analyzes the latest version of Android malware used by the DoNot APT group in their espionage campaign. The post DoNot APT expands its arsenal to spy on victim’s VoIP calls appeared first on Cyble. This article is an

React to this headline:

Loading spinner

DoNot APT expands its arsenal to spy on victim’s VoIP calls Read More »

Higaisa APT Resurfaces via Phishing Website targeting Chinese Users

APT, China, Higaisa, OpenVPN, phishing /

Higaisa APT Resurfaces via Phishing Website targeting Chinese Users 26/10/2023 at 13:46 By cybleinc CRIL analyzes Higaisa APT targeting Chinese users through phishing websites to deliver a Rust-based Shellcode Loader. The post Higaisa APT Resurfaces via Phishing Website targeting Chinese Users appeared first on Cyble. This article is an excerpt from Cyble View Original Source

React to this headline:

Loading spinner

Higaisa APT Resurfaces via Phishing Website targeting Chinese Users Read More »

Scroll to Top