APT

APT29 revamps its techniques to breach cloud environments

APT, CISA, cloud security, cybercrime, Don't miss, FBI, Hot stuff, NCSC, News, NSA, threat /

APT29 revamps its techniques to breach cloud environments 2024-02-27 at 14:16 By Helga Labus Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned. About APT29 APT29 (aka Midnight Blizzard, aka Cozy Bear) is a cyber espionage group believed to […]

React to this headline:

Loading spinner

APT29 revamps its techniques to breach cloud environments Read More »

How are state-sponsored threat actors leveraging AI?

APT, Artificial Intelligence, Don't miss, generative AI, government-backed attacks, Hot stuff, LLMs, Microsoft, News, OpenAI, threats /

How are state-sponsored threat actors leveraging AI? 2024-02-14 at 18:31 By Helga Labus Microsoft and OpenAI have identified attempts by various state-affiliated threat actors to use large language models (LLMs) to enhance their cyber operations. Threat actors use LLMs for various tasks Just as defenders do, threat actors are leveraging AI (more specifically: LLMs) to

React to this headline:

Loading spinner

How are state-sponsored threat actors leveraging AI? Read More »

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)

0-day, APT, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, MS Office, News, Tenable, Trend Micro, vulnerability /

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) 2024-02-13 at 22:01 By Zeljka Zorz On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen

React to this headline:

Loading spinner

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) Read More »

Russian hackers breached Microsoft, HPE corporate maliboxes

APT, cyber espionage, data breach, Don't miss, Hot stuff, HPE, Microsoft, News /

Russian hackers breached Microsoft, HPE corporate maliboxes 2024-01-25 at 15:31 By Helga Labus Cozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microsoft breach Last Friday, Microsoft revealed

React to this headline:

Loading spinner

Russian hackers breached Microsoft, HPE corporate maliboxes Read More »

1,700 Ivanti VPN devices compromised. Are yours among them?

0-day, APT, Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, News, SMBs, threat hunting, Volexity, VPN, web shell /

1,700 Ivanti VPN devices compromised. Are yours among them? 2024-01-16 at 17:16 By Zeljka Zorz Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit

React to this headline:

Loading spinner

1,700 Ivanti VPN devices compromised. Are yours among them? Read More »

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)

0-day, APT, backdoor, Don't miss, enterprise, Hot stuff, Ivanti, News, Volexity, VPN, web shell /

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) 2024-01-11 at 13:46 By Zeljka Zorz Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk of exploitation can be mitigated by importing mitigation.release.20240107.1.xml

React to this headline:

Loading spinner

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) Read More »

Russian hackers target unpatched JetBrains TeamCity servers

APT, CISA, cyber espionage, Don't miss, enterprise, exploit, Fortinet, Hot stuff, JetBrains, National Cyber Security Centre, News, Shadowserver, vulnerability /

Russian hackers target unpatched JetBrains TeamCity servers 14/12/2023 at 16:04 By Helga Labus Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. The targets APT 29 (aka CozyBear, aka Midnight Blizzard), believed to be associated with

React to this headline:

Loading spinner

Russian hackers target unpatched JetBrains TeamCity servers Read More »

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)

APT, cyber espionage, Don't miss, Email, EU, Hot stuff, Microsoft, Microsoft Exchange, News, Outlook, vulnerability /

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) 05/12/2023 at 17:47 By Helga Labus Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining

React to this headline:

Loading spinner

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) Read More »

Sandworm hackers incapacitated Ukrainian power grid amid missile strike

APT, critical infrastructure, Don't miss, Hot stuff, ICS/SCADA, Malware, Mandiant, News, Russian Federation /

Sandworm hackers incapacitated Ukrainian power grid amid missile strike 09/11/2023 at 19:17 By Helga Labus Russia-backed ATP group Sandworm is behind the cyberattack that caused disruption of parts of the Ukrainian power grid in late 2022, according to Mandiant. About Sandworm “Sandworm is a threat actor that has carried out cyber operations in support of

React to this headline:

Loading spinner

Sandworm hackers incapacitated Ukrainian power grid amid missile strike Read More »

DoNot APT expands its arsenal to spy on victim’s VoIP calls

Android, APT, DoNot, Kashmir, spyware /

DoNot APT expands its arsenal to spy on victim’s VoIP calls 01/11/2023 at 17:17 By cybleinc Cyble analyzes the latest version of Android malware used by the DoNot APT group in their espionage campaign. The post DoNot APT expands its arsenal to spy on victim’s VoIP calls appeared first on Cyble. This article is an

React to this headline:

Loading spinner

DoNot APT expands its arsenal to spy on victim’s VoIP calls Read More »

Higaisa APT Resurfaces via Phishing Website targeting Chinese Users

APT, China, Higaisa, OpenVPN, phishing /

Higaisa APT Resurfaces via Phishing Website targeting Chinese Users 26/10/2023 at 13:46 By cybleinc CRIL analyzes Higaisa APT targeting Chinese users through phishing websites to deliver a Rust-based Shellcode Loader. The post Higaisa APT Resurfaces via Phishing Website targeting Chinese Users appeared first on Cyble. This article is an excerpt from Cyble View Original Source

React to this headline:

Loading spinner

Higaisa APT Resurfaces via Phishing Website targeting Chinese Users Read More »

‘YoroTrooper’ Espionage Group Linked to Kazakhstan

APT, Malware & Threats /

‘YoroTrooper’ Espionage Group Linked to Kazakhstan 25/10/2023 at 23:46 By Ionut Arghire Cisco links the espionage-focused ‘YoroTrooper’ threat actor to Kazakhstan. The post ‘YoroTrooper’ Espionage Group Linked to Kazakhstan appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

‘YoroTrooper’ Espionage Group Linked to Kazakhstan Read More »

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)

0-day, APT, Don't miss, Europe, government-backed attacks, Hot stuff, News, open source, Roundcube /

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) 25/10/2023 at 14:46 By Zeljka Zorz The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation of the XSS vulnerability can

React to this headline:

Loading spinner

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) Read More »

Bracing for AI-enabled ransomware and cyber extortion attacks

APT, Artificial Intelligence, attacks, cybercriminals, cybersecurity, Don't miss, education, Email, Expert analysis, Expert corner, extortion, Hot stuff, Malware, News, opinion, phishing, Ransomware, spear-phishing, Zscaler /

Bracing for AI-enabled ransomware and cyber extortion attacks 24/10/2023 at 07:37 By Help Net Security AI has been the shiniest thing in tech since at least November 2022, when ChatGPT was made available to the masses and unveiled the transformative potential of large language models for all the world to see. As businesses scramble to

React to this headline:

Loading spinner

Bracing for AI-enabled ransomware and cyber extortion attacks Read More »

North Korean hackers are targeting software developers and impersonating IT workers

APT, Don't miss, FBI, Hot stuff, Insider Threat, Microsoft, News, North Korea, software development, supply chain compromise, vulnerability /

North Korean hackers are targeting software developers and impersonating IT workers 20/10/2023 at 13:52 By Helga Labus State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. North Korean hackers targeting developers Microsoft has outlined on Wednesday how

React to this headline:

Loading spinner

North Korean hackers are targeting software developers and impersonating IT workers Read More »

Aptos resumes operation after 5-hour outage that ‘impacted’ transactions

APT, Aptos, blockchain, network, outage, Theta Network /

Aptos resumes operation after 5-hour outage that ‘impacted’ transactions 19/10/2023 at 09:01 By Cointelegraph By Martin Young Aptos suffered a five-hour outage, coincidentally in the same week that the network launched this time last year. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Aptos resumes operation after 5-hour outage that ‘impacted’ transactions Read More »

State-sponsored APTs are leveraging WinRAR bug

APT, Don't miss, DuskRise, exploit, Google, government-backed attacks, Hot stuff, News, phishing, spear-phishing, WinRAR /

State-sponsored APTs are leveraging WinRAR bug 18/10/2023 at 18:21 By Zeljka Zorz A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals

React to this headline:

Loading spinner

State-sponsored APTs are leveraging WinRAR bug Read More »

Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers

APT, Athena Agent, Beacon Object Files, CVE-2023-38831, Malware, Mythic Agent, phishing, Russia, Semiconductors, spear-phishing, WhiteSnake, WinRAR /

Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers 10/10/2023 at 17:03 By cybleinc CRIL analyzes Mythic’s Athena Agent targeting Russian Semiconductor suppliers via spear-phishing emails. The post Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers appeared first on Cyble. This article is an excerpt from Cyble View Original Source

React to this headline:

Loading spinner

Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers Read More »

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm

APT, backdoor, cyber espionage, ESET, News, spear-phishing /

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm 02/10/2023 at 11:48 By Help Net Security Operators of the North Korea-linked Lazarus APT obtained initial access to the network of an aerospace company in Spain last year after a successful spearphishing campaign, by masquerading as a recruiter for Meta — the company behind Facebook, Instagram,

React to this headline:

Loading spinner

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm Read More »

Crypto exchange Upbit stems fake APT token flood, resumes services

APT, ClaimAPTGift.com, deposits, Fake Token, Refund, System Maintenance, Upbit, withdrawals /

Crypto exchange Upbit stems fake APT token flood, resumes services 25/09/2023 at 06:03 By Cointelegraph By Brayden Lindrea The newly created fake APT token called “ClaimAPTGift.com” made its way to 400,000 Aptos wallets, and users found they were able to deposit and sell it on the exchange. This article is an excerpt from Cointelegraph.com News

React to this headline:

Loading spinner

Crypto exchange Upbit stems fake APT token flood, resumes services Read More »

Scroll to Top