Cyber Security Informer

Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users

The Hacker News

APRIL 15, 2024

Cybersecurity researchers have discovered a "renewed" cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy.

Spyware

Spyware Cybersecurity

Anxun and Chinese APT Activity

Digital Shadows

MARCH 5, 2024

Discover how Anxun's leak exposed ties to Chinese government cyber ops, APT groups, and the ShadowPad malware from our ReliaQuest Threat Research team.

Government

Government Malware

Choosing an MDR provider: Boutique or Big Brand (Part 3)

Jane Frankland

JANUARY 23, 2024

I wove in many data points, including some from Managed Threat Detection and Response firm, e2e-assure, who I’m partnering with, and their latest report, Rejuvenating Cyber Defence Strategies. This week, I’m considering the third feature, the workforce and specifically team diversity. Core Feature #3. For example, Byrnes et al.

Threat Detection

Threat Detection Risk Social Engineering Cybersecurity

Hackers Employ Advanced Fileless Attack to Implant AgentTesla Malware

Penetration Testing

APRIL 25, 2024

SonicWall Capture Labs threat research team has recently uncovered sophisticated.NET managed code injection methods employed by the notorious AgentTesla malware, marking a significant advancement in malware delivery tactics.

Malware

Malware Penetration Testing Spyware

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

Security Affairs

APRIL 19, 2024

In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. The security team at the organization promptly launched an investigation, logged out the threat actor, and engaged third-party forensics Incident Response teams to conduct independent analysis in collaboration with internal experts.

Cyber Attacks

Cyber Attacks VPN Authentication Hacking

Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox

The Hacker News

APRIL 8, 2024

Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023.

Malware

Malware Phishing

China-linked Threats to Operational Technology

Digital Shadows

MARCH 21, 2024

The ReliaQuest Threat Research team has analyzed four key cyber attacks, all of which showcase the threat posed by Chinese advanced persistent threat (APT) groups on OperationalTechnology (OT)

Technology

Technology Cyber Attacks

Watch Out for Latrodectus: New Malware from Suspected IcedID Developers Targeting Businesses

Penetration Testing

APRIL 7, 2024

In a joint report by Proofpoint’s Threat Research team and Team Cymru, a potent new malware dubbed “Latrodectus” has been exposed.

Penetration Testing

Penetration Testing Malware

2024 Cyber-threat Predictions: Scanning the Horizon

Digital Shadows

DECEMBER 14, 2023

The ReliaQuest Threat Research Team reveals predictions about prominent cyber threats in 2024, to help cybersecurity professionals prioritize and assign resources.

Cyber threats

Cyber threats Cybersecurity Artificial Intelligence Ransomware

Leading the charge against GuptiMiner

Security Boulevard

APRIL 23, 2024

Our Threat Labs recently exposed a highly sophisticated malware operation known as “GuptiMiner ”, which targets corporate networks specifically. Our team of experts got into research mode right away! The post Leading the charge against GuptiMiner appeared first on Security Boulevard.

Malware

New SSH-Snake Worm-Like Tool Threatens Network Security

Security Boulevard

MARCH 7, 2024

The Sysdig Threat Research Team (TRT) discovered that a threat actor is leveraging an open-source network mapping tool called SSH-Snake for malicious activities. This tool utilizes SSH credentials found on the compromised systems to propagate itself across networks.

Network Security

Network Security Engineering Cyber threats Malware

Combined SOC Webinar Q&A: From EDR to ITDR and ASO … and ChatGPT

Anton on Security

DECEMBER 15, 2022

Q: If not called SOC, would you like to share what you have named the team? Please don’t say “XDR team”, if at all possible :-) Q: The “modern SOC” looks great on paper, but it’s harder to find analysts who have necessary skills to focus on threats when you have to deal with attrition.

Engineering

Engineering Risk Technology Information Security

The Fake Browser Update Scam Gets a Makeover

Krebs on Security

OCTOBER 18, 2023

New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain. Previously, the group had stored its malicious update files on Cloudflare, Guard.io

Scams

Scams Malware Cryptocurrency Hacking

Behind the Breach: Pass-The-Cookie Beyond IdPs

Security Boulevard

JANUARY 19, 2024

Pass-The-Cookie (PTC), also known as token compromise, is a common attack technique employed by threat actors in SaaS environments. In the past, Obsidian’s Threat Research team noted a pattern where most PTC attacks focused on stealing the identity provider (IdP) primary authentication cookie.

Authentication

Multiplying Security Research: How Eclypsium Automates Binary Analysis at Scale

Security Boulevard

APRIL 10, 2024

Today, we’re proud to announce our Eclypsium Automata binary analysis system, which replicates the knowledge and tooling used by our expert human security research team. This blog post describes the reasons why Automata fills a crucial gap in defenses and how it works to detect previously unknown threats and zero-day vulnerabilities.

Valid Account Credential Abuse: Exploiting the Weakest Link

Digital Shadows

JANUARY 18, 2024

Our Threat Research team outlines how valid account compromise can impact your organization, what ReliaQuest is doing, and what steps you can take to keep your organization secure.

Accountability

Accountability Authentication

PlugX malware: The Enigma of Cyber Espionage Unveiled

Penetration Testing

DECEMBER 11, 2023

In the shadowy world of cyber threats, PlugX stands out as a sophisticated and insidious malware, leaving a digital trail of espionage and evasion. Recently, the Splunk Threat Research Team (STRT) unraveled the mystery... The post PlugX malware: The Enigma of Cyber Espionage Unveiled appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Malware Cyber threats

Video game giant Ubisoft investigates reports of a data breach

Security Affairs

DECEMBER 24, 2023

Video game publisher Ubisoft is investigating reports of an alleged data breach after popular researchers shared evidence of the hack. Ubisoft , the popular video game publisher, is examining reports of a potential data breach following the disclosure of evidence by prominent researchers vx-underground.

Data breaches

Data breaches Hacking Mobile Ransomware

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Security Affairs

APRIL 9, 2024

Researchers discovered a sophisticated multi-stage attack that leverages ScrubCrypt to drop VenomRAT along with many malicious plugins. Fortinet researchers observed a threat actor sending out a phishing email containing malicious Scalable Vector Graphics (SVG) files.

Engineering

Engineering Phishing Malware Hacking

Bluetooth Eavesdropping Threat Exposed: New “BlueSpy” Exploit Targets Popular Headsets

Penetration Testing

MARCH 16, 2024

A cybersecurity research team has shaken the Bluetooth world at the RootedCon Madrid 2024 conference.

Penetration Testing

Penetration Testing Cybersecurity

Numbers Don't Lie: Exposing the Harsh Truths of Cyberattacks in New Report

The Hacker News

AUGUST 31, 2023

How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat Research and Intelligence Team recently analyzed 90 days of real-world data to answer these questions. How often do cyberattacks happen?

Cyber Attacks

Cyber Attacks Government

Browser Credential Dumping

Digital Shadows

FEBRUARY 29, 2024

Learn to safeguard against browser credential dumping with effective detection and prevention tips from our ReliaQuest Threat Research team.

Experts analyzed attacks against poorly managed Linux SSH servers

Security Affairs

DECEMBER 27, 2023

Researchers warn of attacks against poorly managed Linux SSH servers that mainly aim at installing DDoS bot and CoinMiner. Researchers at AhnLab Security Emergency Response Center (ASEC) are warning about attacks targeting poorly managed Linux SSH servers, primarily focused on installing DDoS bots and CoinMiners.

DDOS

DDOS Passwords Firewall Accountability

Brazilian Cybercriminals Using LOLBaS and CMD Scripts to Drain Bank Accounts

The Hacker News

JUNE 4, 2023

An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal.

Banking

Banking Accountability Cybercrime

Texas A&M research team suggests how to defend against collective attention threats

Tech Republic Security

APRIL 24, 2017

See how cybercriminals craft collective attention threats--and how university researchers plan to get the word out before attacks start.

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. From July to September, researchers from Trend Micro observed a malicious campaign DarkGate campaign abusing instant messaging platforms to deliver a VBA loader script to victims.

Malware

Malware Cryptocurrency Accountability Cybercrime

Mother of all breaches – a historic data leak reveals 26 billion records: check what’s exposed

Security Affairs

JANUARY 22, 2024

Cybersecurity researcher Bob Dyachenko and CyberNews researchers discovered the largest data leak ever discovered. Our team is working hard to update the tool and provide you with means to check if your data was exposed in the MOAB. While the team identified over 26 billion records, duplicates are also highly likely.

Identity Theft

Identity Theft Data breaches Accountability Phishing

Nevada Ransomware: A New and Sophisticated Threat Emerges

Penetration Testing

FEBRUARY 5, 2024

Nevada Ransomware, identified by Resecurity’s threat research and intelligence team, is rapidly gaining notoriety for its advanced functionality and enticing affiliate program.

Penetration Testing

Penetration Testing Ransomware Malware

Saudi Ministry exposed sensitive data for 15 months

Security Affairs

JANUARY 8, 2024

The Cybernews research team believes that the sensitive data was accessible for 15 months. Leaving these files open to anyone exposes critical data and provides threat actors with various attack options. According to the team, the first time the env. The team also discovered credentials for MySQL and Redis databases.

Government

Government Identity Theft Social Engineering Encryption

Threat Intelligence Analytics: Making the Most of Your CTI Program

Security Boulevard

SEPTEMBER 6, 2023

The threat landscape has never been more challenging for CISOs and security teams than in 2023. The post Threat Intelligence Analytics: Making the Most of Your CTI Program appeared first on Security Boulevard.

CISO

CISO Cyber threats Ransomware Risk

Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024

The Hacker News

JANUARY 25, 2024

The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team.

Cyber threats

Cyber threats Surveillance

Reopening the Bat Cave: Duo Labs Is Back

Duo's Security Blog

FEBRUARY 21, 2024

For the curious, the original Duo Labs was a team of amazing security researchers, tinkerers, and thinkers that published their findings, experiments, and explorations on the Duo Labs site. Perhaps most famously, the team sent a phone equipped with Duo mobile into space — attempting to complete a Duo push from 90,000 feet.

Authentication

Authentication Engineering Mobile Internet

Valak Malware turns enterprise data stealer

SecureBlitz

FEBRUARY 20, 2024

The news, initially reported by Cybereason's Nocturnus team and confirmed by multiple security researchers, highlights a concerning trend in the ever-evolving landscape of cyber threats.

Malware

Malware Cyber threats Cybersecurity

Raspberry Robin Malware Evolves with Sophisticated Evasion Tactics

SecureWorld News

APRIL 11, 2024

The Raspberry Robin malware, a heavily obfuscated Windows worm first identified in late 2021, has become one of the most prevalent threats facing enterprises today. According to HP's Threat Research Team , threat actors have recently been delivering Raspberry Robin through malicious Windows Script Files (WSF).

Malware

Malware IoT Ransomware Manufacturing

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

FEBRUARY 2, 2024

Teslas have plenty of vulnerabilities, as cybersecurity researchers have recently discovered. While Teslas aren’t the typical business IoT device, their connection to the internet makes them a cyber threat as much as your business’s other IoT technology. But as demonstrated last week, the vehicles are still a hazard.

Hacking

Hacking IoT Firmware Cybersecurity

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

The Hacker News

JANUARY 26, 2024

The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT.

Malware

Malware Phishing

Ransomlooker, a new tool to track and analyze ransomware groups’ activities

Security Affairs

OCTOBER 12, 2023

The researchers have created the tool to help cybersecurity experts in their daily jobs by providing real-time updates and actionable insights. By aggregating and consolidating this data, Ransomlooker provides real-time updates and actionable insights to its users, helping them stay one step ahead of potential threats.”

Ransomware

Ransomware Internet Internet Hacking

Phishing prevention with AI tools for zero-hour threats

Security Boulevard

DECEMBER 19, 2023

New, undetectable attacks called zero-hour threats are the current danger for cybercriminals. Over the past 30 days, the Menlo Labs research team has detected over 11,000 zero-hour phishing threats across our install base, impacting more than half of our customers. On a wider.

Phishing

Phishing Risk Cybersecurity CISO

The Scent of Stealth: Cyber-espionage Intrusion Analysis

Digital Shadows

JUNE 9, 2023

The ReliaQuest Threat Research Team analyzes a recent Chinese APT intrusion into a manufacturing company. Inside, the full story plus mitigations.

Manufacturing

‘In the Wild’ Attacks Target Critical Vulnerability (CVE-2024-1212) in Progress Kemp Loadmaster

Penetration Testing

MARCH 28, 2024

SonicWall’s Capture Labs threat research team warns that hackers are actively exploiting a severe security flaw in the popular Progress Kemp Loadmaster application delivery controller.

Penetration Testing

LOLBAS in the Wild: 11 Living-Off-The-Land Binaries That Could Be Used for Malicious Purposes

The Hacker News

AUGUST 8, 2023

Cybersecurity researchers have discovered a set of 11 living-off-the-land binaries-and-scripts (LOLBAS) that could be maliciously abused by threat actors to conduct post-exploitation activities. This makes it hard for security teams

Cybersecurity

WiHD leak exposes details of all torrent users

Security Affairs

OCTOBER 31, 2023

WiHD, a popular torrent tracker specializing in HD movies, inadvertently exposed tens of thousands of its users, the Cybernews research team has recently discovered. However, the Cybernews team discovered a publicly exposed Elasticsearch cluster on WiHD that lacked any password protection. What data was exposed?

Passwords

Passwords Accountability Phishing Internet

Clop Leaks: First Wave of Victims Named

Digital Shadows

JUNE 14, 2023

The ReliaQuest Threat Research Team continues to monitor the site for more updates. On June 14, 2023, Clop named its first batch of victims.

Behind the Breach: Cross-tenant Impersonation in Okta

Security Boulevard

OCTOBER 20, 2023

In recent investigations, the Obsidian Threat Research team has observed multiple instances of cross-tenant impersonation used to establish persistence and escalate user privileges within Okta environments.

Risk

Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users

Anxun and Chinese APT Activity

Trending Sources

Choosing an MDR provider: Boutique or Big Brand (Part 3)

Hackers Employ Advanced Fileless Attack to Implant AgentTesla Malware

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox

China-linked Threats to Operational Technology

Watch Out for Latrodectus: New Malware from Suspected IcedID Developers Targeting Businesses

2024 Cyber-threat Predictions: Scanning the Horizon

Leading the charge against GuptiMiner

New SSH-Snake Worm-Like Tool Threatens Network Security

Combined SOC Webinar Q&A: From EDR to ITDR and ASO … and ChatGPT

The Fake Browser Update Scam Gets a Makeover

Behind the Breach: Pass-The-Cookie Beyond IdPs

Multiplying Security Research: How Eclypsium Automates Binary Analysis at Scale

Valid Account Credential Abuse: Exploiting the Weakest Link

PlugX malware: The Enigma of Cyber Espionage Unveiled

Video game giant Ubisoft investigates reports of a data breach

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Bluetooth Eavesdropping Threat Exposed: New “BlueSpy” Exploit Targets Popular Headsets

Numbers Don't Lie: Exposing the Harsh Truths of Cyberattacks in New Report

Browser Credential Dumping

Experts analyzed attacks against poorly managed Linux SSH servers

Brazilian Cybercriminals Using LOLBaS and CMD Scripts to Drain Bank Accounts

Texas A&M research team suggests how to defend against collective attention threats

DarkGate malware campaign abuses Skype and Teams

Mother of all breaches – a historic data leak reveals 26 billion records: check what’s exposed

Nevada Ransomware: A New and Sophisticated Threat Emerges

Saudi Ministry exposed sensitive data for 15 months

Threat Intelligence Analytics: Making the Most of Your CTI Program

Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024

Reopening the Bat Cave: Duo Labs Is Back

Valak Malware turns enterprise data stealer

Raspberry Robin Malware Evolves with Sophisticated Evasion Tactics

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

Ransomlooker, a new tool to track and analyze ransomware groups’ activities

Phishing prevention with AI tools for zero-hour threats

The Scent of Stealth: Cyber-espionage Intrusion Analysis

‘In the Wild’ Attacks Target Critical Vulnerability (CVE-2024-1212) in Progress Kemp Loadmaster

LOLBAS in the Wild: 11 Living-Off-The-Land Binaries That Could Be Used for Malicious Purposes

WiHD leak exposes details of all torrent users

Clop Leaks: First Wave of Victims Named

Behind the Breach: Cross-tenant Impersonation in Okta

Stay Connected