90% of threats are social engineering 2024-06-06 at 06:32 By Help Net Security In this Help Net Security video, Jakub Kroustek, Malware Research Director at Gen, discusses the Avast Q1 2024 Threat Report. The report highlights significant trends and incidents in cybersecurity. Key findings include: Surge in social engineering attacks: Nearly 90% of threats blocked […]
React to this headline:
90% of threats are social engineering Read More »
UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence 2024-06-04 at 15:31 By neetha871ad236bd Key Takeaways Overview Mandiant Threat Intelligence has uncovered a persistent information operation called “Ghostwriter/UNC1151,” which is part of a larger influence campaign supporting Russian security interests and promoting narratives critical of NATO. Active since at least March 2017, this
React to this headline:
UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence Read More »
Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection 2024-05-20 at 13:46 By neetha871ad236bd Key Takeaways Overview CRIL identified a campaign utilizing malicious .LNK files masquerading as a PDF document. Upon execution, the .LNK file loads and displays a human rights seminar invitation as a lure document, suggesting that the threat actor
React to this headline:
Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection Read More »
The Overlapping Cyber Strategies of Transparent Tribe and SideCopy Against India 2024-05-14 at 19:46 By neetha871ad236bd Key Takeaways Overview During the first week of May, CRIL identified a malicious website created or utilized by the SideCopy APT group, as shown in the figure below. Figure 1 – SideCopy’s malicious website Upon investigation, it was found
React to this headline:
The Overlapping Cyber Strategies of Transparent Tribe and SideCopy Against India Read More »
MITRE breach details reveal attackers’ successes and failures 2024-05-08 at 14:16 By Zeljka Zorz MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect
React to this headline:
MITRE breach details reveal attackers’ successes and failures Read More »
US Says North Korean Hackers Exploiting Weak DMARC Settings 2024-05-03 at 19:16 By Ionut Arghire The US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks. The post US Says North Korean Hackers Exploiting Weak DMARC Settings appeared first on SecurityWeek. This article is an excerpt from
React to this headline:
US Says North Korean Hackers Exploiting Weak DMARC Settings Read More »
Threat Actor profile: SideCopy 2024-04-29 at 16:01 By rohansinhacyblecom Since early 2019, Operation SideCopy has remained active, exclusively targeting Indian defense forces and armed forces personnel. The malware modules associated with this Threat Actor are continually evolving, with updated versions released following reconnaissance of victim data. Threat Actors behind Operation SideCopy closely monitor malware detections
React to this headline:
Threat Actor profile: SideCopy Read More »
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) 2024-04-23 at 17:01 By Zeljka Zorz For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a
React to this headline:
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) Read More »
A “cascade” of errors let Chinese hackers into US government inboxes 2024-04-03 at 16:46 By Zeljka Zorz Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The stolen 2016 MSA key in
React to this headline:
A “cascade” of errors let Chinese hackers into US government inboxes Read More »
Zero-day exploitation surged in 2023, Google finds 2024-03-28 at 17:17 By Zeljka Zorz 2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack. Another interesting conclusion from
React to this headline:
Zero-day exploitation surged in 2023, Google finds Read More »
Cyberespionage Campaign Targets Government, Energy Entities in India 2024-03-28 at 17:17 By Ionut Arghire Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India. The post Cyberespionage Campaign Targets Government, Energy Entities in India appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS
React to this headline:
Cyberespionage Campaign Targets Government, Energy Entities in India Read More »
Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon 2024-03-20 at 15:01 By Ionut Arghire Government agencies in the Five Eyes countries warn critical infrastructure entities of Chinese state-sponsored hacking group Volt Typhoon. The post Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon appeared first on SecurityWeek. This article is
React to this headline:
Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon Read More »
Microsoft: Russian hackers accessed internal systems, code repositories 2024-03-11 at 14:14 By Zeljka Zorz Midnight Blizzard (aka APT29), a group of Russian hackers tied to the country’s Foreign Intelligence Service (SVR), has leveraged information stolen from Microsoft corporate email systems to burrow into the company’s source code repositories and internal systems. “It is apparent that
React to this headline:
Microsoft: Russian hackers accessed internal systems, code repositories Read More »
New Open Source Tool Hunts for APT Activity in the Cloud 2024-03-11 at 12:47 By Ionut Arghire The CloudGrappler open source tool can detect the presence of known threat actors in cloud environments. The post New Open Source Tool Hunts for APT Activity in the Cloud appeared first on SecurityWeek. This article is an excerpt
React to this headline:
New Open Source Tool Hunts for APT Activity in the Cloud Read More »
Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails 2024-03-08 at 21:34 By Ryan Naraine Microsoft says the Midnight Blizzard APT group may still be poking around its internal network after stealing source code, spying on emails. The post Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive
React to this headline:
Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails Read More »
Cybercriminals harness AI for new era of malware development 2024-03-01 at 08:31 By Help Net Security The alliance between ransomware groups and initial access brokers (IABs) is still the powerful engine for cybercriminal industry, as evidenced by the 74% year-on-year increase in the number of companies that had their data uploaded on dedicated leak sites
React to this headline:
Cybercriminals harness AI for new era of malware development Read More »
JCDC’s strategic shift: Prioritizing cyber hardening 2024-03-01 at 08:01 By Mirko Zorz In this Help Net Security interview, Geoffrey Mattson, CEO of Xage Security, discusses the evolution of the Joint Cyber Defense Collaborative (JCDC) since its 2021 inception and tackles its 2024 strategic priorities in response to escalating cyber threats. He elaborates on JCDC’s strategies
React to this headline:
JCDC’s strategic shift: Prioritizing cyber hardening Read More »
APT29 revamps its techniques to breach cloud environments 2024-02-27 at 14:16 By Helga Labus Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned. About APT29 APT29 (aka Midnight Blizzard, aka Cozy Bear) is a cyber espionage group believed to
React to this headline:
APT29 revamps its techniques to breach cloud environments Read More »
How are state-sponsored threat actors leveraging AI? 2024-02-14 at 18:31 By Helga Labus Microsoft and OpenAI have identified attempts by various state-affiliated threat actors to use large language models (LLMs) to enhance their cyber operations. Threat actors use LLMs for various tasks Just as defenders do, threat actors are leveraging AI (more specifically: LLMs) to
React to this headline:
How are state-sponsored threat actors leveraging AI? Read More »
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) 2024-02-13 at 22:01 By Zeljka Zorz On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen
React to this headline:
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) Read More »