Feb 22nd, 2024 - reports that several countries across Latin America have been subjected to high-volume attacks deploying the Astaroth, Ousaban, and Mekotio banking trojans that involved the exploitation of the Google Cloud Run service since September. Intrusions commenced with the distribution of phishing emails using financial and tax documents, as well as local government communications, as lures, which contain links to Google Cloud Run, a report from Cisco Talos showed. Attackers then use MSI files to ... [Read More]
Feb 22nd, 2024 - By Dylan Duncan Cofense Intelligence is tracking an advanced campaign that is successfully reaching intended targets in the Oil and Gas industry . The campaign delivers an uncommon, but advanced, Malware-as-a-Service information stealer, the Rhadamanthys Stealer . This new and advanced phishing campaign employs a recently updated Malware-as-a-Service (MaaS) within days of law enforcement's takedown of LockBit ransomware group , one of the most active Ransomware-as-a-Service (RaaS). Based on a ... [Read More]
Feb 22nd, 2024 - Android , ChromeOS, and Linux devices are being impacted by a pair of authentication bypass vulnerabilities within open-source Wi-Fi management software wpa_supplicant and the iNet Wireless Daemon of Intel, which could be leveraged to facilitate connections to spoofed versions of legitimate networks or trusted networks without a password, The Hacker News reports. Researchers from Top10VPN discovered that wpa_supplicant versions 2.10 and earlier are impacted by the more severe flaw, tracked as ... [Read More]
Feb 20th, 2024 - Attackers behind the Migo malware target exposed Redis servers and change key configuration settings to install the cryptominer and gain persistence. Cloud attackers are stepping up their game in a new cryptojacking campaign that targets exposed Redis deployments, researchers warn. Compared to previous attacks against the in-memory data store, the perpetrators make use of certain system weakening commands before installing their cryptocurrency mining malware. Researchers from Cado Security have ... [Read More]
Feb 20th, 2024 - Security researchers have identified a concerning uptick in malicious activities infiltrating open-source platforms and code repositories. This trend encompasses a wide array of malicious activities, including hosting command-and-control (C2) infrastructure, storing stolen data and disseminating various forms of malware. In a recent discovery, ReversingLabs reverse engineer Karlo Zanki uncovered two suspicious packages on the Python Package Index (PyPI), named NP6HelperHttptest and ... [Read More]
Feb 20th, 2024 - Cybersecurity threat experts have recently discovered a new variant of the malware named XLoader, commonly known as MoqHao, that has the ability to automatically infect devices without any user interaction. Being termed the MoqHao evolution , this is a new version of the infamous android malware that has been long linked with Roaming Mantis, a financially motivated group of hackers based in China. In this article, we will explore the background of MoqHao Evolution in detail and see how it ... [Read More]
Feb 20th, 2024 - Security researchers have uncovered a sophisticated malware campaign targeting Redis, a popular data store system. This campaign, dubbed "Migo," employs novel tactics to compromise Redis servers, with the ultimate goal of mining cryptocurrency on Linux hosts. In particular, Cado Security Labs researchers observed that Migo utilizes new Redis system weakening commands to exploit the data store for cryptojacking purposes. Unlike previous attacks targeting Redis, this campaign introduces unique ... [Read More]
Feb 17th, 2024 - For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs , on the other hand, had a record-breaking year in earnings, if recent reports are anything to go by. It's hardly surprising when you look at the state of the ransomware landscape. Last year saw hackers continue to evolve their tactics to become scrappier and more extreme in efforts to pressure victims into paying ... [Read More]
Feb 16th, 2024 - New variants of the QBot malware, also known as Qakbot, have emerged since mid-December despite having been disrupted in August, suggesting continuous testing by the malware developer, reports. Sophos X-Ops researchers discovered that QBot samples deployed in December and January were distributed via a Microsoft Software Installer executable. Improved obfuscation techniques have also been integrated into the new iterations of the malware, which have been using sophisticated AES-256 encryption ... [Read More]
Feb 16th, 2024 - GRU Hackers Commandeered 'Moobot' for Cyberespionage The U.S. federal government says it disrupted a criminal botnet that Russian military intelligence had converted into a platform for global cyberespionage. Law enforcement obtained a warrant to modify hundreds of routers made by Ubiquity that had been infected with "Moobot" malware - one of many variations of the Mirai wormable botnet found in the wild after an anonymous coder leaked source code online in 2017. The malware targets Linux-based ... [Read More]
You May Also Like…
The Case for Outsourcing Your Vendor Risk Management Program The business ecosystem's increasing interconnectivity with third-party suppliers and service providers amplifies the importance of...
Navigating GDPR Compliance and Vendor Risk Management In today's digital age, our personal data is being collected, stored, and processed at an unprecedented rate. This has raised a myriad of...
The SolarWinds breach was one of the most significant cyberattacks in recent history, affecting thousands of organizations and compromising sensitive data and systems. The 2020 breach against...