BLOG 2024  AI blog  APT blog  Attack blog  BigBrother blog  BotNet blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  ICS blog  Incident blog  IoT blog  Malware blog  OS Blog  Phishing blog  Ransom blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog  2024  2023

H January(21) February(46) March(44) April(33) May(35) June(36) July(0) August(0) September(0) October(0) November(0) December(0) 

DATE

NAME

Info

CATEG.

WEB

15.6.24Microsoft Incident Response tips for managing a mass password resetWhen an active incident leaves systems vulnerable, a mass password reset may be the right tool to restore security. This post explores the necessity and risk associated with mass password resets.Security blogMicrosoft Blog
15.6.24How to achieve cloud-native endpoint management with Microsoft Intune In this post, we’re focusing on what it really takes for organizations to become fully cloud-native in endpoint management—from the strategic leadership to the tactical execution.Security blogMicrosoft Blog
15.6.24The four stages of creating a trust fabric with identity and network security The trust fabric journey has four stages of maturity for organizations working to evaluate, improve, and evolve their identity and network access security posture.Security blogMicrosoft Blog
15.6.24Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by different nation-backed actors, including attacks by IRGC-affiliated “CyberAv3ngers” in November 2023, as […]Hacking blogMicrosoft Blog
15.6.24Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking GroupsThis blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.Malware blogTrend Micro
15.6.24Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API ServersWe analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project.Exploit blogTrend Micro
15.6.24TargetCompany’s Linux Variant Targets ESXi EnvironmentsIn this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution.Ransom blogTrend Micro
15.6.24SANS's 2024 Threat-Hunting Survey ReviewIn its ninth year, the annual SANS Threat Hunting Survey delves into global organizational practices in threat hunting, shedding light on the challenges and adaptations in the landscape over the past year.Security blogTrend Micro
15.6.24It's Time to Up-Level Your EDR SolutionYou may have EDR, but did you know you can add threat detection and response to improve a SecOps team’s efficiency and outcomes - read more.Security blogTrend Micro
15.6.24Explore AI-Driven Cybersecurity with Trend Micro, Using NVIDIA NIMDiscover Trend Micro's integration of NVIDIA NIM to deliver an AI-driven cybersecurity solution for next-generation data centers. Engage with experts, explore demos, and learn strategies for securing AI data centers and optimizing cloud performance.AI blogTrend Micro
15.6.24The Lifecycle of a Threat: The Inner Workings of the Security Operations CenterSee how SonicWall’s SOC handles a threat from discovery all the way to resolution in this detailed blog.Security blogSonicWall
15.6.24Microsoft Security Bulletin Coverage for June 2024Microsoft’s June 2024 Patch Tuesday has 49 vulnerabilities, 24 of which are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2024 and has produced coverage for seven of the reported vulnerabilities. Vulnerebility blogSonicWall
15.6.24Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot DataSonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks.Exploit blogSonicWall
15.6.24Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919)The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears.Vulnerebility blogSonicWall
15.6.24Driving forward in Android driversAndroid's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases carry the potential to compromise a significant segment of Android phonesOS BlogProject Zero
15.6.24DarkGate again but... Improved?DarkGate is back, if it ever left, with the latest version, the number 6, which includes new distribution methods, anti-analysis techniques and features.Malware blogTrelix
15.6.24Operation Celestial Force employs mobile and desktop malware to target Indian entitiesCisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.”Malware blogCisco Blog
15.6.24Only one critical issue disclosed as part of Microsoft Patch TuesdayThe lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing.Vulnerebility blogCisco Blog
15.6.24How Arid Viper spies on Android users in the Middle East – Week in security with Tony AnscombeThe spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry appMalware blogEset
15.6.24ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023APT blogEset
15.6.24Arid Viper poisons Android apps with AridSpyESET researchers discovered Arid Viper espionage campaigns spreading trojanized apps to Android users in Egypt and PalestineOS BlogEset
15.6.24560 million Ticketmaster customer data for sale? – Week in security with Tony AnscombeTicketmaster seems to have experienced a data breach, with the ShinyHunters hacker group claiming to have exfiltrated 560 million customer dataIncident blogEset
8.6.24Router Roulette: Cybercriminals and Nation-States Sharing Compromised NetworksCybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult. This shared interest results in malicious internet traffic blending financial and espionage motives. APT blogTrend Micro
8.6.24INC Ransomware Behind Linux ThreatThis week, the SonicWall Capture Labs Research team analyzed a sample of Linux ransomware. The group behind this ransomware, called INC Ransomware, has been active since it was first reported a year ago. Ransom blogSonicWall
8.6.24Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919)The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appearsVulnerebility blogSonicWall
8.6.24Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot DataSonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks.BotNet blogSonicWall
8.6.24INSIDE THE BOX: MALWARE’S NEW PLAYGROUNDOver the past few months, we have been monitoring the increasing abuse of BoxedApp products in the wild. BoxedApp products are commercial packers that provide advanced features such as Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking). Hacking blogCheckpoint
8.6.24The job hunter’s guide: Separating genuine offers from scams$90,000/year, full home office, and 30 days of paid leave, and all for a job as a junior data analyst – unbelievable, right? This and many other job offers are fake though – made just to ensnare unsuspecting victims into giving up their data.Spam blogEset
8.6.24The murky world of password leaks – and how to check if you’ve been hitPassword leaks are increasingly common and figuring out whether the keys to your own kingdom have been exposed might be tricky – unless you know where to lookIncident blogEset
8.6.24What happens when facial recognition gets it wrong – Week in security with Tony AnscombeA facial recognition system misidentifies a woman in London as a shoplifter, igniting fresh concerns over the technology's accuracy and reliabilitySecurity blogEset

1.6.24

STATIC UNPACKING FOR THE WIDESPREAD NSIS-BASED MALICIOUS PACKER FAMILYPackers or crypters are widely used to protect malicious software from detection and static analysis.Malware blogCheckpoint

1.6.24

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoaderCisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.” Multiple TTPs utilized in this campaign bear some overlap with North Korean APT groups.APT blogCisco Blog

1.6.24

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privilegesAcrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.Vulnerebility blogCisco Blog

1.6.24

AI in HR: Is artificial intelligence changing how we hire employees forever?Much digital ink has been spilled on artificial intelligence taking over jobs, but what about AI shaking up the hiring process in the meantime?AI blogEset

1.6.24

ESET World 2024: Big on prevention, even bigger on AIWhat is the state of artificial intelligence in 2024 and how can AI level up your cybersecurity game? These hot topics and pressing questions surrounding AI were front and center at the annual conference.AI blogEset

1.6.24

Beyond the buzz: Understanding AI and its role in cybersecurityA new white paper from ESET uncovers the risks and opportunities of artificial intelligence for cyber-defendersCyber blogEset

25.5.24

Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and AsiaA Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter. This campaign has been targeting political entities in the Middle East, Africa and Asia since at least late 2022. APT blogPalo Alto

25.5.24

BAD KARMA, NO JUSTICE: VOID MANTICORE DESTRUCTIVE ACTIVITIES IN ISRAELVoid Manticore is an Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS). They carry out destructive wiping attacks combined with influence operations.APT blogCheckpoint

25.5.24

SHARP DRAGON EXPANDS TOWARDS AFRICA AND THE CARIBBEANSharp Dragon’s (Formerly referred to as Sharp Panda) operations continue, expanding their focus now to new regions – Africa and the Caribbean.APT blogCheckpoint

25.5.24

From trust to trickery: Brand impersonation over the email attack vectorCisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation.Hacking blogCisco Blog

25.5.24

Mandatory reporting for ransomware attacks? – Week in security with Tony AnscombeAs the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond?Ransom blogEset

25.5.24

Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binariesAvailable as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to stringsMalware blogEset

25.5.24

What happens when AI goes rogue (and how to stop it)As AI gets closer to the ability to cause physical harm and impact the real world, “it’s complicated” is no longer a satisfying responseAI blogEset

25.5.24

Untangling the hiring dilemma: How security solutions free up HR processesThe prerequisites for becoming a security elite create a skills ceiling that is tough to break through – especially when it comes to hiring skilled EDR or XDR operators. How can businesses crack this conundrum?Security blogEset

18.5.24

Payload Trends in Malicious OneNote SamplesIn this post, we look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. Our analysis of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme where attackers use one or more images to lure people into clicking or interacting with OneNote files. Malware blogPalo Alto

18.5.24

Leveraging DNS Tunneling for Tracking and ScanningThis article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes. Hacking blogPalo Alto

18.5.24

FOXIT PDF “FLAWED DESIGN” EXPLOITATIONPDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform for sharing documents across diverse computing environmentsExploit blogCheckpoint

18.5.24

Talos releases new macOS open-source fuzzerCompared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties.OS BlogCisco Blog

18.5.24

Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN CoreThe lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server.Vulnerebility blogCisco Blog

18.5.24

Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communitiesCommercial spyware tools can threaten democratic values by enabling governments to conduct covert surveillance on citizens, undermining privacy rights and freedom of expression.BigBrother blogCisco Blog

18.5.24

Rounding up some of the major headlines from RSAHere’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference.Cyber blogCisco Blog

18.5.24

A new alert system from CISA seems to be effective — now we just need companies to sign upUnder a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog.Vulnerebility blogCisco Blog

18.5.24

The who, where, and how of APT attacks – Week in security with Tony AnscombeThis week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscapeAPT blogEset

18.5.24

To the Moon and back(doors): Lunar landing in diplomatic missionsESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairsAPT blogEset

18.5.24

Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gainOne of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theftCryptocurrency blogEset

18.5.24

ESET APT Activity Report Q4 2023–Q1 2024An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024APT blogEset

11.5.24

Talos discloses multiple zero-day vulnerabilities, two of which could lead to code executionTwo vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10.Vulnerebility blogCisco Blog

11.5.24

How to talk about climate change – and what motivates people to action: An interview with Katharine HayhoeWe spoke to climate scientist Katharine Hayhoe about intersections between climate action, human psychology and spirituality, and how to channel anxiety about the state of our planet into meaningful actionSecurity blogEset

11.5.24

In it to win it! WeLiveSecurity shortlisted for European Security Blogger AwardsWe’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024Security blogEset

11.5.24

It's a wrap! RSA Conference 2024 highlights – Week in security with Tony AnscombeMore than 40,000 security experts descended on San Francisco this week. Let's now look back on some of the event's highlights – including the CISA-led 'Secure by Design' pledge also signed by ESETCyber blogEset

11.5.24

RSA Conference 2024: AI hype overloadCan AI effortlessly thwart all sorts of cyberattacks? Let’s cut through the hyperbole surrounding the tech and look at its actual strengths and limitations.AI blogEset

11.5.24

How to inspire the next generation of scientists | Unlocked 403: Cybersecurity podcastAs Starmus Earth draws near, we caught up with Dr. Garik Israelian to celebrate the fusion of science and creativity and venture where imagination flourishes and groundbreaking ideas take flightSecurity blogEset

11.5.24

The hacker’s toolkit: 4 gadgets that could spell security troubleTheir innocuous looks and endearing names mask their true power. These gadgets are designed to help identify and prevent security woes, but what if they fall into the wrong hands?Malware blogEset
4.5.24It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the RiseOur telemetry indicates a growing number of threat actors are turning to malware-initiated scanning attacks. This article reviews how attackers use infected hosts for malware-based scans of their targets instead of the more traditional approach using direct scans. Malware blogPalo Alto
4.5.24Muddled Libra’s Evolution to the CloudUnit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. APT blogPalo Alto
4.5.24Vulnerabilities in employee management system could lead to remote code execution, login credential theftTalos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files.Vulnerebility blogCisco Blog
4.5.24James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscapeNutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation.APT blogCisco Blog
4.5.24Pay up, or else? – Week in security with Tony AnscombeOrganizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or notRansom blogEset
4.5.24Adding insult to injury: crypto recovery scamsOnce your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice overSpam blogEset
4.5.24MDR: Unlocking the power of enterprise-grade security for businesses of all sizesWe spoke to Astronomy magazine editor-in-chief David Eicher about key challenges facing our planet, the importance of space exploration for humanity, and the possibility of life beyond Earth Security blogEset
4.5.24How space exploration benefits life on Earth: Q&A with David EicherThe investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details Phishing blogEset
28.4.24Talos IR trends: BEC attacks surge, while weaknesses in MFA persistWithin BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information.Cyber blogCisco Blog
28.4.24ArcaneDoor - New espionage-focused campaign found targeting perimeter network devicesArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns.Malware blogCisco Blog
28.4.24Suspected CoralRaider continues to expand victimology using three information stealersTalos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.Malware blogCisco Blog
28.4.24Major phishing-as-a-service platform disrupted – Week in security with Tony AnscombeThe investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive detailsPhishing blogEset
28.4.24Gripped by Python: 5 reasons why Python is popular among cybersecurity professionalsPython’s versatility and short learning curve are just two factors that explain the language’s 'grip' on cybersecurityCyber blogEset
28.4.24What makes Starmus unique? A Q&A with award-winning filmmaker Todd MillerThe director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges, as well as why he became involved with StarmusSecurity blogEset
28.4.24The vision behind Starmus – A Q&A with the festival’s co-founder Garik IsraelianDr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and a sense of community within the Starmus universeSecurity blogEset
28.4.24Protecting yourself after a medical data breach – Week in security with Tony AnscombeWhat are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?Security blogEset
20.4.24The Windows Registry Adventure #2: A brief history of the featureBefore diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values", used by Windows and applications to store a variety of settings and configuration data.Vulnerebility blogProject Zero
20.4.24The Windows Registry Adventure #1: Introduction and research resultsIn the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs.Vulnerebility blogProject Zero
20.4.24Redline Stealer: A Novel ApproachAuthored by Mohansundaram M and Neil Tyagi A new packed variant of the Redline Stealer trojan was...Malware blogMcafee
20.4.24OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotalThe documents contained malicious VBA code, indicating they may be used as lures to infect organizations.Malware blogCisco Blog
20.4.24Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentialsCisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the identification of these attacks. Cisco Talos is actively monitoring a global increase in bruteAttack blogCisco Blog
20.4.24The many faces of impersonation fraud: Spot an imposter before it’s too lateWhat are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn’t who they claim to be?Security blogEset
20.4.24The ABCs of how online ads can impact children’s well-beingFrom promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children. Here’s how to help them stay safe.Security blogEset
20.4.24Bitcoin scams, hacks and heists – and how to avoid themHere’s how cybercriminals target cryptocurrencies and how you can keep your bitcoin or other crypto safeCryptocurrency blogEset
13.4.24Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400Palo Alto Networks and Unit 42 are engaged in tracking activity related to CVE-2024-3400 and are working with external researchers, partners and customers to share information transparently and rapidly. Vulnerebility blogPalo Alto
13.4.24Muddled Libra’s Evolution to the CloudUnit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. APT blogPalo Alto
13.4.24Starry Addax targets human rights defenders in North Africa with new malwareCisco Talos is disclosing a new threat actor we deemed “Starry Addax” targeting mostly human rights activists, associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware.Malware blogCisco Blog
13.4.24Vulnerability in some TP-Link routers could lead to factory resetThere are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11.Vulnerebility blogCisco Blog
13.4.24eXotic Visit includes XploitSPY malware – Week in security with Tony AnscombeAlmost 400 people in India and Pakistan have fallen victim to an ongoing Android espionage campaign called eXotic VisitMalware blogEset
13.4.24Beyond fun and games: Exploring privacy risks in children’s appsShould children’s apps come with ‘warning labels’? Here's how to make sure your children's digital playgrounds are safe places to play and learn.Security blogEset
13.4.24eXotic Visit campaign: Tracing the footprints of Virtual InvadersESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous appsCyber blogEset
13.4.247 reasons why cybercriminals want your personal dataHere's what drives cybercriminals to relentlessly target the personal information of other people – and why you need to guard your data like your life depends on itCyber blogEset
6.4.24THE ILLUSION OF PRIVACY: GEOLOCATION RISKS IN MODERN DATING APPSDating apps often use location data, to show users nearby and their distances. However, openly sharing distances can lead to security issues. Techniques like trilateration allow attackers to determine user coordinates using distance information.BigBrother blogCheckpoint
6.4.24BEYOND IMAGINING – HOW AI IS ACTIVELY USED IN ELECTION CAMPAIGNS AROUND THE WORLDDeepfake materials (convincing AI-generated audio, video, and images that deceptively fake or alter the appearance, voice, or actions of political candidates) are often disseminated shortly before election dates to limit the opportunity for fact-checkers to respond. Regulations which ban political discussion on mainstream media in the hours leading up to elections, allow unchallenged fake news to dominate the airwaves.AI blogCheckpoint
6.4.24AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIESWhen considering a notoriously famous topic known for quite a long time, it may feel like there is nothing new to add to this area anymore ­­– all paths traced, all words said, all “i”s dotted. Is it worth an investigation to begin with? As it turns out, there are new discoveries with previously hidden information of valuable significance that can be built into the already-painted picture. Malware blogCheckpoint
6.4.24MALWARE SPOTLIGHT: LINODAS AKA DINODASRAT FOR LINUXIn recent months, Check Point Research (CPR) has been closely monitoring the activity of a Chinese-nexus cyber espionage threat actor who is focusing on Southeast Asia, Africa, and South America. Malware blogCheckpoint
6.4.24CoralRaider targets victims’ data and social media accountsCisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries.Social blogCisco Blog
6.4.24Adversaries are leveraging remote access tools now more than ever — here’s how to stop themWhile there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns.Malware blogCisco Blog
6.4.24The devil is in the fine print – Week in security with Tony AnscombeTemu's cash giveaway where people were asked to hand over vast amounts of their personal data to the platform puts the spotlight on the data-slurping practices of online services todaySecurity blogEset
6.4.24How often should you change your passwords?Answering this question is not as straightforward as it seems. Here’s what you should consider when it comes to keeping your accounts safe.Security blogEset
6.4.24Malware hiding in pictures? More likely than you thinkThere is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat.Malware blogEset
31.3.24Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094)On March 28, 2024, Red Hat Linux announced CVE-2024-3094 with a critical CVSS score of 10. This vulnerability is a result of a supply chain compromise impacting the versions 5.6.0 and 5.6.1 of XZ Utils. XZ Utils is data compression software included in major Linux distributions. Vulnerebility blogPalo Alto
31.3.24Exposing a New BOLA Vulnerability in GrafanaUnit 42 researchers have discovered a new Broken Object Level Authorization (BOLA) vulnerability that impacts Grafana versions from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5. Vulnerebility blogPalo Alto
31.3.24RDP remains a security concern – Week in security with Tony AnscombeMuch has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a resultSecurity blogEset
31.3.24Cybercriminals play dirty: A look back at 10 cyber hits on the sporting worldThis rundown of 10 cyberattacks against the sports industry shows why every team needs to keep its eyes on the ball when it comes to cybersecurityCyber blogEset
31.3.24Borrower beware: Common loan scams and how to avoid themPersonal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Here’s how to avoid being scammed when considering a loan.Spam blogEset
31.3.24Cybersecurity starts at home: Help your children stay safe online with open conversationsStruggle to know how to help children and teens stay safe in cyberspace? A good ol’ fashioned chat is enough to put them on the right track.Cyber blogEset
23.3.24Large-Scale StrelaStealer Campaign in Early 2024StrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server. Upon a successful attack, the threat actor would gain access to the victim's email login information, which they can then use to perform further attacks.Malware blogPalo Alto
23.3.24Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and PreventionThis article reviews the recently discovered FalseFont backdoor, which was used by a suspected Iranian-affiliated threat actor that Unit 42 tracks as Curious Serpens. Curious Serpens (aka Peach Sandstorm) is a known espionage group that has previously targeted the aerospace and energy sectors.Malware blogPalo Alto
23.3.24Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader BackdoorThis article announces the publication of our first collaborative effort with the State Cyber Protection Centre of the State Service of Special Communications and Information Protection of Ukraine (SCPC SSSCIP).Malware blogPalo Alto
23.3.24ETHEREUM’S CREATE2: A DOUBLE-EDGED SWORD IN BLOCKCHAIN SECURITYEthereum’s CREATE2 function is being exploited by attackers to compromise the security of digital wallets, bypassing traditional security measures and facilitating unauthorized access to funds.Cryptocurrency blogCheckpoint
23.3.24New details on TinyTurla’s post-compromise activity reveal full kill chainWe now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.APT blogCisco Blog
23.3.24Netgear wireless router open to code execution after buffer overflow vulnerabilityThere is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak.Vulnerebility blogCisco Blog
23.3.24The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptionsTalos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.Ransom blogCisco Blog
23.3.24Threat actors leverage document publishing sites for ongoing credential and session token theftTalos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.Incident blogCisco Blog
23.3.24“Pig butchering” is an evolution of a social engineering tactic we’ve seen for yearsIn the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package.Cyber blogCisco Blog
23.3.24Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro WordResearch conducted by Cisco Talos last year uncovered multiple vulnerabilities rated as low severity despite their ability to allow for full arbitrary code execution.Vulnerebility blogCisco Blog
23.3.24Not everything has to be a massive, global cyber attackThere are a few reasons why we’re so ready to jump to the “it’s a cyber attack!”Attack blogCisco Blog
23.3.24Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by MicrosoftMarch’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.”Vulnerebility blogCisco Blog
23.3.24You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spamIt’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April.Spam blogCisco Blog
23.3.24AceCryptor attacks surge in Europe – Week in security with Tony AnscombeThe second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RATMalware blogEset
23.3.24Rescoms rides waves of AceCryptor spamInsight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countriesMalware blogEset
23.3.24A prescription for privacy protection: Exercise caution when using a mobile health appGiven the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive dataMalware blogEset
17.3.24Inside the Rabbit Hole: BunnyLoader 3.0 UnveiledThis article will focus on the newly released BunnyLoader 3.0, as well as historically observed BunnyLoader infrastructure and an overview of its capabilities. BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims. Malware blogPalo Alto
17.3.24Healthcare still a prime target for cybercrime gangs – Week in security with Tony AnscombeHealthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities inRansom blogEset
17.3.24Threat intelligence explained | Unlocked 403: A cybersecurity podcastWe break down the fundamentals of threat intelligence and its role in anticipating and countering emerging threatsCyber blogEset
17.3.24How to share sensitive files securely onlineHere are a few tips for secure file transfers and what else to consider when sharing sensitive documents so that your data remains safeSecurity blogEset
17.3.24Election cybersecurity: Protecting the ballot box and building trust in election integrityWhat cyberthreats could wreak havoc on elections this year and how worried should we as voters be about the integrity of our voting systems?Cyber blogEset
9.3.24Threat Group Assessment: Muddled Libra (Updated)Muddled Libra stands at the intersection of devious social engineering and nimble technology adaptation. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses. APT blogPalo Alto
9.3.24MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIESMagnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector. At least in one case of Ivanti Connect Secure VPN (CVE-2024-21887), the exploit entered the group’s arsenal as fast as within 1 day after a POC for it was published.Vulnerebility blogCheckpoint
9.3.24GhostSec’s joint ransomware operation and evolution of their arsenalCisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.Ransom blogCisco Blog
9.3.24The 3 most common post-compromise tactics on network infrastructureWe discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. These include modifying the device’s firmware, uploading customized/weaponized firmware, and bypassing security measures.Cyber blogCisco Blog
9.3.24Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” musicThe bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand adversaries’ motivation and tactics.Cyber blogCisco Blog
9.3.24APT attacks taking aim at Tibetans – Week in security with Tony AnscombeEvasive Panda has been spotted targeting Tibetans in several countries and territories with payloads that included a previously undocumented backdoor ESET has named NightdoorAPT blogEset
9.3.24Evasive Panda leverages Monlam Festival to target TibetansESET researchers uncover strategic web compromise and supply-chain attacks targeting TibetansAPT blogEset
9.3.24Top 10 scams targeting seniors – and how to keep your money safeThe internet can be a wonderful place. But it’s also awash with fraudsters preying on people who are susceptible to fraud.Spam blogEset
9.3.24Irresistible: Hooks, habits and why you can’t put down your phoneStruggle to part ways with your tech? You’re not alone. Here’s why your devices are your vices.Security blogEset
3.3.24Wireshark Tutorial: Exporting Objects From a PcapPalo Alto Networks customers are better protected from the malware samples in this tutorial through Cortex XDR and XSIAM.Security blogPalo Alto
3.3.24The Art of Domain Deception: Bifrost's New Tactic to Deceive UsersFirst identified in 2004, Bifrost is a remote access Trojan (RAT) that allows an attacker to gather sensitive information, like hostname and IP address. In this article, along with exploring Bifrost, we’ll also showcase a notable spike in Bifrost’s Linux variants during the past few months.Malware blogPalo Alto
3.3.24Navigating the Cloud: Exploring Lateral Movement TechniquesWe explore cloud lateral movement techniques in all three major cloud providers: Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, highlighting their differences compared to similar techniques in on-premises environments. Hacking blogPalo Alto
3.3.24TimbreStealer campaign targets Mexican users with financial luresTalos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023.Malware blogCisco Blog
3.3.24Deceptive AI content and 2024 elections – Week in security with Tony AnscombeAs the specter of AI-generated disinformation looms large, tech giants vow to crack down on fabricated content that could sway voters and disrupt elections taking place around the world this yearAI blogEset
3.3.24Blue Team toolkit: 6 open-source tools to assess and enhance corporate defensesHere’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armorSecurity blogEset
3.3.24Vulnerabilities in business VPNs under the spotlightAs adversaries increasingly set their sights on vulnerable enterprise VPN software to infiltrate corporate networks, concerns mount about VPNs themselves being a source of cyber riskVulnerebility blogEset
3.3.2410 things to avoid posting on social media – and whyDo you often take to social media to broadcast details from your life? Here’s why this habit may put your privacy and security at risk.Social blogEset
25.2.24Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT CampaignsOn Feb. 16, 2024, someone uploaded data to GitHub that included possible internal company communications, sales-related materials and product manuals belonging to the Chinese IT security services company i-Soon, also known as Anxun Information Technology.APT blogPalo Alto
25.2.24Intruders in the Library: Exploring DLL HijackingDynamic-link library (DLL) hijacking is one of the oldest techniques that both threat actors and offensive security professionals continue to use today. Hacking blogPalo Alto
25.2.242024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat TacticsOur annual survey of incident data from more than 250 organizations and more than 600 incidents provides a Unit 42 perspective on the current state of security exposures. Incident blogPalo Alto
25.2.24Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)Feb. 13, 2024, ConnectWise was notified of two vulnerabilities impacting their remote desktop software application ScreenConnect. These vulnerabilities were first reported through their vulnerability disclosure channel in the ConnectWise Trust Center. Vulnerebility blogPalo Alto
25.2.242024’S CYBER BATTLEGROUND UNVEILED: ESCALATING RANSOMWARE EPIDEMIC, THE EVOLUTION OF CYBER WARFARE TACTICS AND STRATEGIC USE OF AI IN DEFENSE – INSIGHTS FROM CHECK POINT’S LATEST SECURITY REPORTRising Threats: Cybersecurity landscape faces an unprecedented surge in ransomware attacks, with 1 in every 10 organizations globally being targeted in 2023.Cyber blogCheckpoint
25.2.24TinyTurla-NG in-depth tooling and command and control analysisCisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed.APT blogCisco Blog
25.2.24How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severityWhile distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context.Vulnerebility blogCisco Blog
25.2.24Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaignsSince September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans.Malware blogCisco Blog
25.2.24PSYOP campaigns targeting Ukraine – Week in security with Tony AnscomberComing in two waves, the campaign sought to demoralize Ukrainians and Ukrainian speakers abroad with disinformation messages about war-related subjectsBigBrother blogEset
25.2.24Everything you need to know about IP grabbersYou would never give your personal ID to random strangers, right? So why provide the ID of your computer? Unsuspecting users beware, IP grabbers do not ask for your permission.Security blogEset
25.2.24Operation Texonto: Information operation targeting Ukrainian speakers in the context of the warA mix of PSYOPs, espionage and … fake Canadian pharmacies!Cyber blogEset
25.2.24Watching out for the fakes: How to spot online disinformationWhy and how are we subjected to so much disinformation nowadays, and is there a way to spot the fakes?Security blogEset
18.2.24Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon)Insidious Taurus (aka Volt Typhoon) is identified by U.S. government agencies and international government partners as People’s Republic of China (PRC) state-sponsored cyber actors.APT blogPalo Alto
18.2.24New Vulnerability in QNAP QTS Firmware: CVE-2023-50358This article provides technical analysis on a zero-day vulnerability affecting QNAP Network Attached Storage (NAS) devices.Vulnerebility blogPalo Alto
18.2.24THE RISKS OF THE #MONIKERLINK BUG IN MICROSOFT OUTLOOK AND THE BIG PICTURERecently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. Attack blogCheckpoint
18.2.24TinyTurla Next Generation - Turla APT spies on Polish NGOsThis new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.APT blogCisco Blog
18.2.24How are attackers using QR codes in phishing emails and lure documents?QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after.Attack blogCisco Blog
18.2.24Cyber-insurance and vulnerability scanning – Week in security with Tony AnscombeHere's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signalsVulnerebility blogEset
18.2.24All eyes on AI | Unlocked 403: A cybersecurity podcastArtificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack the basics and examine AI's broader implications.AI blogEset
18.2.24The art of digital sleuthing: How digital forensics unlocks the truthLearn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tellSecurity blogEset
18.2.24Deepfakes in the global election year of 2024: A weapon of mass deception?As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concernBigBrother blogEset
10.2.24Ransomware Retrospective 2024: Unit 42 Leak Site AnalysisThe ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups. Ransom blogPalo Alto
10.2.24RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYSTwo new 1-day LPE exploits were used by the Raspberry Robin worm before they were publicly disclosed, which means that Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time.Malware blogCheckpoint
10.2.24New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organizationTalos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”Malware blogCisco Blog
10.2.24How are user credentials stolen and used by threat actors?You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can 'log on' with valid account details, and outline our recommendations for defense.Cyber blogCisco Blog
10.2.24OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privilegesOpen Automation Software recently released patches for multiple vulnerabilities in their OAS Engine.  Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with VeVulnerebility blogCisco Blog
10.2.24Ransomware payments hit a record high in 2023 – Week in security with Tony AnscombeCalled a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous yearRansom blogEset
10.2.24The buck stops here: Why the stakes are high for CISOsHeavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses?Security blogEset
10.2.24Left to their own devices: Security for employees using personal devices for workAs personal devices within corporate networks make for a potentially combustible mix, a cavalier approach to BYOD security won’t cut itSecurity blogEset
10.2.24Could your Valentine be a scammer? How to avoid getting caught in a bad romanceWith Valentine’s Day almost upon us, here’s some timely advice on how to prevent scammers from stealing more than your heartSecurity blogEset
4.2.24Exploring the Latest Mispadu Stealer VariantUnit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019. We found this activity as part of the Unit 42 Managed Threat Hunting offering. We discovered this threat activity while hunting for the SmartScreen CVE-2023-36025 vulnerability. Malware blogPalo Alto
4.2.24ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery CampaignUnit 42 researchers discovered a large-scale campaign we call ApateWeb that uses a network of over 130,000 domains to deliver scareware, potentially unwanted programs (PUPs) and other scam pages. Among these PUPs, we have identified several adware programs including a rogue browser and different browser extensions. Spam blogPalo Alto
4.2.24Threat Assessment: BianLianUnit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most active groups based on leak site data we’ve gathered. From that leak site data, we’ve primarily observed activity affecting the healthcare and manufacturing sectors and industries, and impacting organizations mainly in the United States (US) and Europe (EU). BigBrother blogPalo Alto
4.2.24Financial Fraud APK CampaignDuring our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. Our research revealed a family of malicious APKs targeting Chinese users that steals victim information and conducts financial fraud. OS BlogPalo Alto
4.2.24Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectorsTalos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter.Ransom blogCisco Blog
4.2.24OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privilegesOpen Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with VeVulnerebility blogCisco Blog
4.2.24Exploring malicious Windows drivers (Part 1): Introduction to the kernel and driversMalicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.Malware blogCisco Blog
4.2.24Grandoreiro banking malware disrupted – Week in security with Tony AnscombeThe banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windowsMalware blogEset
4.2.24VajraSpy: A Patchwork of espionage appsESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT groupAPT blogEset
4.2.24ESET Research Podcast: ChatGPT, the MOVEit hack, and PandoraAn AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxesCyber blogEset
4.2.24ESET takes part in global operation to disrupt the Grandoreiro banking trojanESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimologyMalware blogEset
4.2.24Cyber: The Swiss army knife of tradecraftIn today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alikeCyber blogEset
4.2.24Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony AnscombeThe previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UKAPT blogEset
4.2.24Assessing and mitigating supply chain cybersecurity risksBlindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk managementCyber blogEset
4.2.24NSPX30: A sophisticated AitM-enabled implant evolving since 2005ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named BlackwoodAPT blogEset
4.2.24Break the fake: The race is on to stop AI voice cloning scamsAs AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detectionAI blogEset

20.1.24

Parrot TDS: A Persistent and Evolving Malware CampaignThis campaign is unique in its methodology, employing a source spoofing technique to target a broad spectrum of token holders. It specifically focuses on more than 100 highly popular projects, aiming its attacks at token holders. Malware blogPalo Alto

20.1.24

CHECK POINT RESEARCH ALERTS ON A NEW NFT AIRDROP CAMPAIGNA traffic direction system (TDS) nicknamed Parrot TDS has been publicly reported as active since October 2021. Websites with Parrot TDS have malicious scripts injected into existing JavaScript code hosted on the server. This TDS is easily identifiable by keywords found in the injected JavaScript that we will explore to show the evolution of this threat. OS BlogCheckpoint

20.1.24

Why many CISOs consider quitting – Week in security with Tony AnscombeThe job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failingsSecurity blogEset

20.1.24

Virtual kidnapping: How to see through this terrifying scamPhone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victimsSpam blogEset

20.1.24

Is Temu safe? What to know before you ‘shop like a billionaire’Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible dealSpam blogEset

20.1.24

The 7 deadly cloud security sins and how SMBs can do things betterBy eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-riskSecurity blogEset

14.1.24

Financial Fraud APK CampaignDuring our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. Hacking blogPalo Alto

14.1.24

Medusa Ransomware Turning Your Files into StoneUnit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. Ransom blogPalo Alto

14.1.24

Tackling Anti-Analysis Techniques of GuLoader and RedLine StealerMalware, like many complex software systems, relies on the concept of software configuration. Configurations establish guidelines for malware behavior and they are a common feature among the various malware families we examine.Malware blogPalo Alto

14.1.24

.NET HOOKING – HARMONIZING MANAGED TERRITORYFor a malware researcher, analyst, or reverse engineer, the ability to alter the functionality of certain parts of code is a crucial step, often necessary to reach a meaningful result during the analysis process. Malware blogCheckpoint

14.1.24

New decryptor for Babuk Tortilla ransomware variant releasedCisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor.Ransom blogCisco Blog

14.1.24

Lessons from SEC's X account hack – Week in security with Tony AnscombeThe cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC's X account right ahead of the much-anticipated decision about Bitcoin ETFsCryptocurrency blogEset

14.1.24

A peek behind the curtain: How are sock puppet accounts used in OSINT?How wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risksSecurity blogEset

14.1.24

Attack of the copycats: How fake messaging apps and app mods could bite youWhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don’t get taken for a ride.Social blogEset

14.1.24

Love is in the AI: Finding love online takes on a whole new meaningIs AI companionship the future of not-so-human connection – and even the cure for loneliness?AI blogEset

14.1.24

Cracking the 2023 SANS Holiday Hack ChallengeFrom ChatNPT to Game Boys and space apps, this year’s challenge took us to the Geese Islands for another rollicking romp of funHacking blogEset

14.1.24

Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony AnscombeWhat are some of the key cybersecurity trends that people and organizations should have on their radars this year?Security blogEset

14.1.24

Lost and found: How to locate your missing devices and moreLosing your keys, your wallet – or anything else, really – can be a pain, but there is a wide world of trackers that can help you locate your missing things – with awesome accuracySecurity blogEset

14.1.24

Say what you will? Your favorite speech-to-text app may be a privacy riskTyping with your voice? It should go without saying that you need to take some precautions and avoid spilling your secrets.Security blogEset