Threat Intelligence

Malicious Tools in the Underground: Investigating their Propagation

AES, apple, Atomic, Binance, C, Chrome, Chromium, Coinbase, Coinomi, Cryptocurrency, darkweb, DDoS, Delphi, DMG, Exodus, Keplr, Keylogging, Linux, LummaC2 Stealer, MaaS, macOS, Malware, Martian, Meduza, MetaMask, Mozilla, Phantom, PKG, RaaS, RSA, Russian, SaaS, ShadowVault, Telegram, Threat Intelligence, Trigona, Tron Link, Trust, Windows /

Malicious Tools in the Underground: Investigating their Propagation 16/06/2023 at 19:04 By cybleinc Cyble Research & Intelligence Labs investigates the recent promulgation of Malicious Tools in underground forums. The post Malicious Tools in the Underground: Investigating their Propagation appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this […]

React to this headline:

Loading spinner

Malicious Tools in the Underground: Investigating their Propagation Read More »

Introducing the book: Visual Threat Intelligence

books, Don't miss, Hot stuff, Microsoft, Threat Intelligence, Video /

Introducing the book: Visual Threat Intelligence 16/06/2023 at 07:02 By Mirko Zorz In this Help Net Security video interview, Thomas Roccia, Senior Security Researcher at Microsoft, discusses his new book – Visual Threat Intelligence. The book covers a wide range of topics, including: Threat intelligence fundamentals and methodologies TTP, Diamond Model of Intrusion, MITRE ATT&CK,

React to this headline:

Loading spinner

Introducing the book: Visual Threat Intelligence Read More »

Cloud Mining Scam Distributes Roamer Banking Trojan

AB Ditizen, ACB One, and NFTS, Android, App store, Banking applications, Banking Trojan, Binance, Cloud Mining, CloudMining.apk, crypto mining, Cryptocurrency, cybercrime, darkweb, data breach, Data leak, ETH, Ethereum, fake app, Google Play, HDFC Bank Mobile Banking App, infostealer, Malware, MB Bank, Monero, MSB mBank, phishing, PV Mobile Banking, Roamer, SCB Mobile Banking, Telegram, Threat Intelligence, VCB Digibank, VietinBank iPay, XMR /

Cloud Mining Scam Distributes Roamer Banking Trojan 14/06/2023 at 16:35 By cybleinc Cyble analyzes a cloud mining scam leveraging phishing to distribute the Roamer banking trojan, targeting Android Crypto wallets and banking applications, aiming to steal sensitive information. The post Cloud Mining Scam Distributes Roamer Banking Trojan appeared first on Cyble. This article is an

React to this headline:

Loading spinner

Cloud Mining Scam Distributes Roamer Banking Trojan Read More »

Threat Actor Targets Russian Gaming Community With WannaCry-Imitator

Crypter Ransomware, cybercrime, Darkflow Software, data breach, Data leak, Discord, Encryption, Enlisted, Gaijin Entertainment, GitHub, GitLab, GUI, JSON, Malware, Mutex, phishing, Python, Ransomware, Russia, Threat Intelligence, WannaCry 3.0, WannaCry 3.0 Crypter, Windows /

Threat Actor Targets Russian Gaming Community With WannaCry-Imitator 13/06/2023 at 19:21 By cybleinc CRIL analyzes WannaCry-Imitator Ransomware, a phishing gaming site targeting the Russian Gaming community The post Threat Actor Targets Russian Gaming Community With WannaCry-Imitator appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

Threat Actor Targets Russian Gaming Community With WannaCry-Imitator Read More »

Over 45 thousand Users Fell Victim to Malicious PyPI Packages

All, Creal Stealer, Credit card, darkweb, Discord Webhook, Evilpip, GitHub, Google Chrome, Hazard Token Grabber, HTTP GET, infostealer, KEKW, Malware, phishing, PyPI, Python Package Index, Python Packages, Reaquests, Requests, Third party software, Threat Actors, Threat Intelligence, Tikcock Grabber, W4SP Stealer /

Over 45 thousand Users Fell Victim to Malicious PyPI Packages 09/06/2023 at 12:31 By cybleinc Through the analysis of more than 160 malicious Python packages, CRIL reveals insights into the threat landscape associated with Python packages. The post Over 45 thousand Users Fell Victim to Malicious PyPI Packages appeared first on Cyble. This article is

React to this headline:

Loading spinner

Over 45 thousand Users Fell Victim to Malicious PyPI Packages Read More »

Unmasking the Darkrace Ransomware Gang

cybercrime, cybersecurity, Darkrace, Darkrace Ransomware, darkweb, Data leak, Double extortion, Lockbit 3.0, LockBit Ransomware, Malware, Mutex, Ransomware, Threat Actors, Threat Intelligence, Windows /

Unmasking the Darkrace Ransomware Gang 08/06/2023 at 15:02 By cybleinc New Ransomware Holds Similarities with LockBit Ransomware Ransomware continues to pose the most critical cybersecurity threat to organizations’ infrastructure. This malicious software encrypts victims’ files and extorts payment in return for the decryption key. The consequences of ransomware attacks can be severe, including financial losses,

React to this headline:

Loading spinner

Unmasking the Darkrace Ransomware Gang Read More »

 LockBit 2.0 Ransomware Resurfaces

CVE-2017-0199, cybercrime, darkweb, Korea, Lockbit 3.0, LockBit Ransomware 2.0, Malware, phishing, Ransomware, Threat Actor, Threat Intelligence /

 LockBit 2.0 Ransomware Resurfaces 07/06/2023 at 15:15 By cybleinc Cyble analyzes LockBit Ransomware, which is distributed via malicious documents, specifically targeting users in Korea. The post  LockBit 2.0 Ransomware Resurfaces appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

 LockBit 2.0 Ransomware Resurfaces Read More »

 LockBit Ransomware 2.0 Resurfaces

CVE-2017-0199, cybercrime, darkweb, Korea, Lockbit 3.0, LockBit Ransomware 2.0, Malware, phishing, Ransomware, Threat Actor, Threat Intelligence /

 LockBit Ransomware 2.0 Resurfaces 06/06/2023 at 15:02 By cybleinc Cyble Research and Intelligence Labs analyzes LockBit ransomware which uses malicious documents to specifically target users in Korea. The post  LockBit Ransomware 2.0 Resurfaces appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

 LockBit Ransomware 2.0 Resurfaces Read More »

HelloTeacher: New Android Malware Targeting Banking Users In Vietnam

All, Android malware, Banking Trojan, HelloTeacher Malware, Kik Messenger, Malware, MB Bank, spyware, Threat Actor, Threat Intelligence, TPBank Mobile, Viber, VietinBank iPay, Vietnam /

HelloTeacher: New Android Malware Targeting Banking Users In Vietnam 05/06/2023 at 17:23 By cybleinc Cyble analyzes a new malware “HelloTeacher” masquerading as popular messaging app to target banking users from Vietnam and steals sensitive data. The post HelloTeacher: New Android Malware Targeting Banking Users In Vietnam appeared first on Cyble. This article is an excerpt

React to this headline:

Loading spinner

HelloTeacher: New Android Malware Targeting Banking Users In Vietnam Read More »

MOVEit Transfer Vulnerability Actively Exploited

All, Azure SQL, CGSI, Clop ransomware, cybercriminals, darkweb, Germany, Managed File Transfer, MFT, Microsoft SQL, Moveit Transfer, MySQL, Threat Actors, Threat Intelligence, United Kingdom, United States, vulnerability /

MOVEit Transfer Vulnerability Actively Exploited 02/06/2023 at 17:04 By cybleinc Cyble analyzes MOVEit Transfer vulnerability and observes active exploitation in the Cyble Global Intelligence Sensors (CGSI). The post MOVEit Transfer Vulnerability Actively Exploited appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

MOVEit Transfer Vulnerability Actively Exploited Read More »

‘NoEscape’ Ransomware-as-a-Service (RaaS)

C, ChaCha20, CIS, Commonwealth of Independent States, cybercrime, darkweb, data breach, Data leak, Malware, NoEscape, RaaS, Ransomware, Ransomware Affiliate, Russia, Safe Mode, Server Message Block, Threat Intelligence, Triple-Extortion, Windows, Windows NT 10.0 /

‘NoEscape’ Ransomware-as-a-Service (RaaS) 01/06/2023 at 18:32 By cybleinc CRIL analyzes the newly advertised ‘NoEscape’ Ransomware-as-a-Service (RaaS) program that claims to facilitate sophisticated extortion operations using an advanced, indigenously developed ransomware strain. The post ‘NoEscape’ Ransomware-as-a-Service (RaaS) appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

‘NoEscape’ Ransomware-as-a-Service (RaaS) Read More »

SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations

APT, Argentina, Australia, backdoor, Brazil, Canada, China, CVE-2017-11882, CVE-2018-0798, CVE-2018-0802, cyberattack, cybercrime, data breach, Data leak, DLL Downloader, Equation Editor, France, G20, G7, Germany, Hiroshima, India, Indonesia, Initial access, Italy, Japan, Malware, Microsoft Office, RTF, Saudi Arabia, SharpPanda, South Africa, South Korea, Threat Intelligence, Turkey, United Kingdom, United States, Vulnerabilities /

SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations 01/06/2023 at 08:36 By cybleinc Cyble analyzes SharpPanda, a highly sophisticated APT group utilizing spear-phishing tactics to launch cyberattacks on G20 Nation officials. The post SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations appeared first on Cyble. This article is an excerpt from Cyble View

React to this headline:

Loading spinner

SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations Read More »

Evolving Threat Landscape of Hacktivism in Colombia

#OpColombia, Berghof, Berghof Web Panel, critical infrastructure, cybercrime, darkweb, data breach, Data leak, DDoS Attack, Fueling Systems, GhostSec, GNSS, Government, Hacktivism, HMI, Human Machine Interface, Industrial Control Systems, Israel, Malware, National Critical Infrastructure, OpIsrael, OSINT, Power Supply Controllers, Radio Broadcast, Satellite Receivers, SiegedSec, Threat Intelligence, Zero-Day /

Evolving Threat Landscape of Hacktivism in Colombia 31/05/2023 at 11:22 By cybleinc CRIL investigates the evolving threat landscape of hacktivism leading to cyberattacks on Colombian Critical Infrastructure and Zero-day Sales by Hacktivists. The post Evolving Threat Landscape of Hacktivism in Colombia appeared first on Cyble. This article is an excerpt from Cyble View Original Source

React to this headline:

Loading spinner

Evolving Threat Landscape of Hacktivism in Colombia Read More »

Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability

APT, Bl00dy, Bl00dy ransomware, CISA, Conti, CSA, CVE-2023-27350, cybercrime, darkweb, data breach, Data leak, ERP, Helpdesk, Lockbit 3.0, Malware, Moodle, PaperCut, PaperCut MF, PaperCut NG, Port 9191, Port 9192, Ransomware, RDP, Remote Desktop Protocol, Shodan, Telegram, Threat Intelligence, Twitter /

Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability 30/05/2023 at 14:46 By cybleinc CRIL analyzes Bl00dy Ransomware’s recent targeting of an Indian University via exploitation of the PaperCut vulnerability. The post Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability appeared first on Cyble. This article is an excerpt from Cyble View Original Source

React to this headline:

Loading spinner

Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability Read More »

PixBankBot: New ATS-Based Malware Poses Threat to the Brazilian Banking Sector

Android, Android Banking trojan, ATS, ATS Framework, Banco Central do Brasil, Banco Itaú, Bank fraud, Banking Sector, Banking Trojan, BFSI, Brazil, C6 Bank, cybercrime, darkweb, Data leak, fake app, fraud, GoatRAT, Malware, Mercado Pago, NUBank, Nubank: conta, PagBank Banco, PasteBin, PicPay, PIX, PixBankBot, PixPirate, R$, Threat Actors, Threat Intelligence /

PixBankBot: New ATS-Based Malware Poses Threat to the Brazilian Banking Sector 30/05/2023 at 12:36 By cybleinc Cyble analyzes PixBankBot, a new ATS-based malware that targets Brazilian banks through the popular Pix instant payment platform. The post PixBankBot: New ATS-Based Malware Poses Threat to the Brazilian Banking Sector appeared first on Cyble. This article is an

React to this headline:

Loading spinner

PixBankBot: New ATS-Based Malware Poses Threat to the Brazilian Banking Sector Read More »

Invicta Stealer Spreading Through Phony GoDaddy Refund Invoices

Blisk, BraveSoftware, ChromePlus, CocCoc Browser, Coowon, cybercrime, darkweb, Epic Privacy Browser, GoDaddy, Invicta, Iridium, Malware, QIP Surf, Sleipnir, Slimjet, Stealer, Steam, Threat Intelligence /

Invicta Stealer Spreading Through Phony GoDaddy Refund Invoices 25/05/2023 at 19:16 By cybleinc Cyble Research & Intelligence Labs analyzes Invicta, a new stealer that spreads via fake GoDaddy Refund invoices to infect users. The post Invicta Stealer Spreading Through Phony GoDaddy Refund Invoices appeared first on Cyble. This article is an excerpt from Cyble View

React to this headline:

Loading spinner

Invicta Stealer Spreading Through Phony GoDaddy Refund Invoices Read More »

Security Pros: Before You Do Anything, Understand Your Threat Landscape

Incident Response, Threat Intelligence /

Security Pros: Before You Do Anything, Understand Your Threat Landscape 25/05/2023 at 17:48 By Marc Solomon Regardless of the use case your security organization is focused on, you’ll likely waste time and resources and make poor decisions if you don’t start with understanding your threat landscape. The post Security Pros: Before You Do Anything, Understand

React to this headline:

Loading spinner

Security Pros: Before You Do Anything, Understand Your Threat Landscape Read More »

European Cybersecurity Firm Sekoia.io Raises $37.5 Million

Cybersecurity Funding, funding, Threat Intelligence, XDR /

European Cybersecurity Firm Sekoia.io Raises $37.5 Million 25/05/2023 at 16:03 By Ionut Arghire European XDR and threat intelligence provider Sekoia.io has raised €35 million ($37.5 million) in Series A funding. The post European Cybersecurity Firm Sekoia.io Raises $37.5 Million appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

European Cybersecurity Firm Sekoia.io Raises $37.5 Million Read More »

Obsidian ORB Ransomware Demands Gift Cards as Payment

AES Cryptographic Provider, All, BlackSnake, Chaos Ransomware, cybercrime, darkweb, data breach, Data leak, Gift Card, Malware, Microsoft Enhanced RSA, Obsidian ORB, Obsidian ORB Ransomware, Onyx, Payday, Paysafe, Ransomware, Steam, Threat Intelligence /

Obsidian ORB Ransomware Demands Gift Cards as Payment 25/05/2023 at 09:16 By cybleinc Cyble Research & Intelligence Labs analyzes Obsidian ORB, a ransomware hybrid that demands ransom payments in the form of gift cards. The post Obsidian ORB Ransomware Demands Gift Cards as Payment appeared first on Cyble. This article is an excerpt from Cyble

React to this headline:

Loading spinner

Obsidian ORB Ransomware Demands Gift Cards as Payment Read More »

Scroll to Top