Month: March 2024

0 Comments
Reported data breach incidents rose by 34.5% in 2023, with over 17 billion personal records compromised throughout the year, according to Flashpoint’s 2024 Global Threat Intelligence Report. The firm recorded 6077 publicly reported data breaches last year, which included sensitive information such as names, social security numbers and financial data. Over 70% of these incidents
0 Comments
Mar 30, 2024NewsroomLinux / Supply Chain Attack RedHat on Friday released an “urgent security alert” warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score
0 Comments
Mar 30, 2024NewsroomMalware / Cryptocurrency Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims’ Macs, but operate with the end goal of stealing sensitive data, Jamf
0 Comments
Mar 29, 2024NewsroomReverse Engineering / RFID Security Security vulnerabilities discovered in Dormakaba’s Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana.
0 Comments
Mar 28, 2024NewsroomLinux / Network Security A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised
0 Comments
Mar 27, 2024NewsroomCyber Espionage / Data Breach Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). “The information stealer was delivered via
0 Comments
In today’s digital age, the internet plays a major role in young people’s lives, influencing how they further grow and develop into fully-fledged adults venturing out into the real world: From educational resources to social connections, discovering the latest viral dance trends, or watching how-to videos on how to cook pasta, the online world offers
0 Comments
Mar 26, 2024NewsroomIndustrial Espionage / Threat Intelligence Threat hunters have identified a suspicious package in the NuGet package manager that’s likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which ReversingLabs said was first published on January
0 Comments
A new phishing kit dubbed Tycoon 2FA has raised significant concerns in the cybersecurity community.  Discovered by the Sekoia Threat Detection & Research (TDR) team in October 2023 and discussed in an advisory published today, the kit is associated with the Adversary-in-The-Middle (AiTM) technique and allegedly utilized by multiple threat actors to orchestrate widespread and
0 Comments
Last year ESET published a blogpost about AceCryptor – one of the most popular and prevalent cryptors-as-a-service (CaaS) operating since 2016. For H1 2023 we published statistics from our telemetry, according to which trends from previous periods continued without drastic changes. However, in H2 2023 we registered a significant change in how AceCryptor is used.
0 Comments
Mar 25, 2024NewsroomSupply Chain Attack / Cryptocurrency Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. “The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with
0 Comments
In a bipartisan effort, the US House of Representatives has approved legislation to curtail the sharing of Americans’ sensitive data with foreign entities.  The bill, known as the Protecting Americans’ Data from Foreign Adversaries Act (HR 7520), spearheaded by Congresswoman Cathy McMorris Rodgers (R-WA) and Frank Pallone (D-NJ), secured an overwhelming vote of 414-0. This legislative move
0 Comments
Mar 24, 2024NewsroomArtificial Intelligence / Cyber Espionage The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging Compiled HTML Help (CHM) files as vectors to deliver malware for harvesting sensitive data. Kimsuky, active since at least 2012, is known to target entities located
0 Comments
The US government has published new distributed denial-of-service (DDoS) attack guidance for public sector entities to help prevent disruption to critical services. The document is designed to serve as a comprehensive resource to address the specific needs and challenges faced by federal, state and local government agencies in defending against DDoS attacks. The advisory noted
0 Comments
Mar 23, 2024NewsroomCyber Espionage / Cyber Warfare The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia’s Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft. The findings come from Mandiant, which said
0 Comments
A new variant of the wiper malware AcidRain, known as AcidPour, has been discovered by SentinelOne’s threat intelligence team, SentinelLabs. AcidRain is destructive wiper malware attributed to Russian military intelligence. In May 2022, AcidRain was used in a broad-scale cyber-attack against Viasat’s KA-SAT satellites in Ukraine. The malware rendered KA-SAT modems inoperative in Ukraine and
0 Comments
Mar 21, 2024NewsroomThreat Intelligence / Malware The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG. “The attackers compromised the first system, established persistence and added exclusions to antivirus products running on these endpoints as part of their preliminary
0 Comments
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a stark warning yesterday to leaders of critical infrastructure organizations regarding the imminent threat posed by People’s Republic of China (PRC) state-sponsored cyber actors known as “Volt Typhoon.” In collaboration with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and other US government and