Document, Information Security and Security Intelligence

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

FEBRUARY 12, 2025

Recently, researchers from AhnLab Security Intelligence Center (ASEC) observed North Koreas Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. LNK shortcut files, disguised as Office documents.

Phishing

Phishing Malware Security Intelligence Hacking

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Security Affairs

FEBRUARY 8, 2025

Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. LNK shortcut files, disguised as Office documents. ” concludes the report.

Phishing

Phishing Malware Security Intelligence Hacking

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Security Affairs

APRIL 21, 2025

While investigating a security breach, the AhnLab SEcurity intelligence Center (ASEC) researchers discovered a North Korea-linked group Kimsuky ‘s campaign, tracked as Larva-24005. LNK shortcut files, disguised as Office documents. The state-sponsored hackers sent spear-phishing messages to distribute malicious *.LNK

Phishing

Phishing Malware Security Intelligence Hacking

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

Microsoft 365 Defender data shows that the SEO poisoning technique is effective, given that Microsoft Defender Antivirus has detected and blocked thousands of these PDF documents in numerous environments. — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. ” state Microsoft.

Antivirus

Antivirus Security Intelligence Malware Insurance

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. pic.twitter.com/mGow2sJupN — Microsoft Security Intelligence (@MsftSecIntel) May 19, 2021. STRRAT RAT was first spotted in June 2020 by G DATA who documented its features.

Ransomware

Ransomware Malware Encryption Security Intelligence

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020.

Government

Government Banking Advertising Malware

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents.

Malware

Malware Passwords Advertising Ransomware

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Security Affairs

JUNE 10, 2019

Spam messages are carrying weaponized RTF documents that could infect users with malware without any user interaction, just opening the RTF documents. pic.twitter.com/Ac6dYG9vvw — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019. Windows Defender ATP detects the documents as Exploit:O97M/CVE-2017-11882.AD

Security Intelligence

Security Intelligence Advertising Malware Information Security

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Security Affairs

JUNE 24, 2019

The macro included in the documents executes the legitimate msiexec.exe tool that downloads an MSI archive. pic.twitter.com/PQ2g7rvDQm — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019.

Security Intelligence

Security Intelligence Advertising Malware Banking

RevengeRAT and AysncRAT target aerospace and travel sectors

SC Magazine

MAY 14, 2021

Microsoft Security Intelligence earlier this week tweeted out that it has been tracking a campaign of remote access trojans (RATs) targeting the aerospace and travel industries with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AysncRAT. Photo by Joe Raedle/Getty Images).

Phishing

Phishing Scams Security Awareness Security Intelligence

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. pic.twitter.com/1qnx3NmwiB — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. When opened, the HTML leads to the download Dudear, a malicious macro-laden Excel file that drops the payload.

Malware

Malware Security Intelligence Banking Phishing

10 Reasons to Trust Your Enterprise APIs

Cisco Security

AUGUST 30, 2021

This list was originally compiled as a standard awareness document for developers and web application security practitioners. It represents a broad consensus about the most critical security risks to APIs. This plan document is the perfect addition to an existing governance policy. Maps to API1,API2,API5, and API6.

Software

Software Authentication Risk Encryption

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022.

Security Intelligence

Security Intelligence Malware Backups Architecture

Cybersecurity Checklist for Political Campaigns

Lenny Zeltser

MAY 3, 2019

To understand the basis for these recommendations, read the documents mentioned at the end of the post. Attackers stole sensitive documents. Adversaries have routinely pursued sensitive campaign documents. Consider when to send attachments and when to share links to documents in cloud storage. campaigns from around 2016.

Cybersecurity

Cybersecurity Social Engineering Authentication Software

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

Over the past year, Microsoft Threat Intelligence Center (MSTIC) has observed an evolution of the tools, techniques, and procedures employed by Iranian nation-state actors. Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021.

VPN

VPN Accountability Social Engineering Media

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

Our researchers are closely monitoring the campaign and will share additional info and investigation guidance through Microsoft 365 security center and Microsoft Threat Experts. — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021.

Malware

Malware Phishing DNS Cybercrime

Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?

Security Affairs

MARCH 19, 2021

According to its documentation , Kubernetes comes with load balancing features that help to distribute high network traffic and keep the deployment stable. The guidance provided above can help admins ensure container runtime security in Amazon EKS. For more information about other aspects of Amazon EKS security, click here.

Information Security

Information Security Security Intelligence Hacking Accountability

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Security Affairs

OCTOBER 30, 2020

It will then provide recommendations on how organizations can secure each of these components. Per Kubernetes’ documentation , kube-apiserver is the front end for the Kubernetes control plane. For information on how to secure that part of a Kubernetes cluster, click here. kube-apiserver. What it is.

Advertising

Advertising Internet Internet Backups

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks.”. Symantec has been protecting its customers from Longhorn’s tools for the past three years and has continued to track the group in order to learn more about its tools, tactics, and procedures.”

Malware

Malware Hacking Government Telecommunications

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Security Affairs

NOVEMBER 11, 2019

Read our latest blog w/ assist from @GossiTheDog & @MalwareTechBlog [link] — Microsoft Security Intelligence (@MsftSecIntel) November 7, 2019. While we currently see only coin miners being dropped, we agree w/ the research community that CVE-2019-0708 (BlueKeep) exploitation can be big. ” Noble added.

Small Business

Small Business Malware Cryptocurrency Advertising

Top Cybersecurity Websites and Blogs for Compliance in 2024

Centraleyes

JULY 8, 2024

With a focus on threat intelligence and incident response, CISA’s resources empower compliance professionals to mitigate cyber threats and strengthen their security posture. Research Sites Ponemon Institute Ponemon Institute conducts independent research on privacy, data protection, and information security issues.

Cybersecurity

Cybersecurity Data breaches Data privacy Technology

Emotet operators are running Halloween-themed campaigns

Security Affairs

OCTOBER 31, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. doc) attachments or include links to download the bait document. Source Bleeping Computer.

Banking

Banking Malware Security Intelligence Advertising

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

More details + TTPs in this MSTIC blog: [link] — Microsoft Security Intelligence (@MsftSecIntel) August 15, 2022. The phishing messages used PDF attachments and in some cases, they included links to file or document hosting services, or to OneDrive accounts hosting the PDF documents.

Phishing

Phishing Accountability Hacking Surveillance

Cyber Security Informer

North Korea-linked APT Emerald Sleet is using a new tactic

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Trending Sources

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

SEO poisoning campaign aims at delivering RAT, Microsoft warns

STRRAT RAT spreads masquerading as ransomware

CISA alert warns of Emotet attacks on US govt entities

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

RevengeRAT and AysncRAT target aerospace and travel sectors

Microsoft warns TA505 changed tactic in an ongoing malware campaign

10 Reasons to Trust Your Enterprise APIs

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Cybersecurity Checklist for Political Campaigns

Iran-linked APT groups continue to evolve

Threat actor has been targeting the aviation industry since at least 2018

Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Purple Lambert, a new malware of CIA-linked Lambert APT group

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Top Cybersecurity Websites and Blogs for Compliance in 2024

Emotet operators are running Halloween-themed campaigns

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Stay Connected