BLOG 2024  AI blog  APT blog  Attack blog  BigBrother blog  BotNet blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  ICS blog  Incident blog  IoT blog  Malware blog  OS Blog  Phishing blog  Ransom blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog  2024  2023

DATE

NAME

Info

CATEG.

WEB

18.2.24A pictorial representation of threat actor Volt TyphoonThreat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon)Insidious Taurus (aka Volt Typhoon) is identified by U.S. government agencies and international government partners as People’s Republic of China (PRC) state-sponsored cyber actors.APT blogPalo Alto
18.2.24A pictorial representation of a vulnerability like CVE-2023-50358. A laptop screen displays lines of text. A magnifying glass examining the screen has within it a warning icon.New Vulnerability in QNAP QTS Firmware: CVE-2023-50358This article provides technical analysis on a zero-day vulnerability affecting QNAP Network Attached Storage (NAS) devices.Vulnerebility blogPalo Alto
18.2.24THE RISKS OF THE #MONIKERLINK BUG IN MICROSOFT OUTLOOK AND THE BIG PICTURERecently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. Attack blogCheckpoint
18.2.24TinyTurla Next Generation - Turla APT spies on Polish NGOsThis new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.APT blogCisco Blog
18.2.24How are attackers using QR codes in phishing emails and lure documents?QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after.Attack blogCisco Blog
18.2.24Grandoreiro banking malware disrupted – Week in security with Tony AnscombeCyber-insurance and vulnerability scanning – Week in security with Tony AnscombeHere's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signalsVulnerebility blogEset
18.2.24All eyes on AI | Unlocked 403: A cybersecurity podcastAll eyes on AI | Unlocked 403: A cybersecurity podcastArtificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack the basics and examine AI's broader implications.AI blogEset
18.2.24The art of digital sleuthing: How digital forensics unlocks the truthThe art of digital sleuthing: How digital forensics unlocks the truthLearn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tellSecurity blogEset
18.2.24Deepfakes in the global election year of 2024: A weapon of mass deception?Deepfakes in the global election year of 2024: A weapon of mass deception?As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concernBigBrother blogEset
10.2.24Ransomware Retrospective 2024: Unit 42 Leak Site AnalysisThe ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups. Ransom blogPalo Alto
10.2.24RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYSTwo new 1-day LPE exploits were used by the Raspberry Robin worm before they were publicly disclosed, which means that Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time.Malware blogCheckpoint
10.2.24New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organizationTalos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”Malware blogCisco Blog
10.2.24How are user credentials stolen and used by threat actors?You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can 'log on' with valid account details, and outline our recommendations for defense.Cyber blogCisco Blog
10.2.24OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privilegesOpen Automation Software recently released patches for multiple vulnerabilities in their OAS Engine.  Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with VeVulnerebility blogCisco Blog
10.2.24Grandoreiro banking malware disrupted – Week in security with Tony AnscombeRansomware payments hit a record high in 2023 – Week in security with Tony AnscombeCalled a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous yearRansom blogEset
10.2.24The buck stops here: Why the stakes are high for CISOsHeavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses?Security blogEset
10.2.24Left to their own devices: Security for employees using personal devices for workAs personal devices within corporate networks make for a potentially combustible mix, a cavalier approach to BYOD security won’t cut itSecurity blogEset
10.2.24Could your Valentine be a scammer? How to avoid getting caught in a bad romanceWith Valentine’s Day almost upon us, here’s some timely advice on how to prevent scammers from stealing more than your heartSecurity blogEset
4.2.24Exploring the Latest Mispadu Stealer VariantUnit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019. We found this activity as part of the Unit 42 Managed Threat Hunting offering. We discovered this threat activity while hunting for the SmartScreen CVE-2023-36025 vulnerability. Malware blogPalo Alto
4.2.24ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery CampaignUnit 42 researchers discovered a large-scale campaign we call ApateWeb that uses a network of over 130,000 domains to deliver scareware, potentially unwanted programs (PUPs) and other scam pages. Among these PUPs, we have identified several adware programs including a rogue browser and different browser extensions. Spam blogPalo Alto
4.2.24Threat Assessment: BianLianUnit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most active groups based on leak site data we’ve gathered. From that leak site data, we’ve primarily observed activity affecting the healthcare and manufacturing sectors and industries, and impacting organizations mainly in the United States (US) and Europe (EU). BigBrother blogPalo Alto
4.2.24Financial Fraud APK CampaignDuring our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. Our research revealed a family of malicious APKs targeting Chinese users that steals victim information and conducts financial fraud. OS BlogPalo Alto
4.2.24Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectorsTalos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter.Ransom blogCisco Blog
4.2.24OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privilegesOpen Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with VeVulnerebility blogCisco Blog
4.2.24Exploring malicious Windows drivers (Part 1): Introduction to the kernel and driversMalicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.Malware blogCisco Blog
4.2.24Grandoreiro banking malware disrupted – Week in security with Tony AnscombeGrandoreiro banking malware disrupted – Week in security with Tony AnscombeThe banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windowsMalware blogEset
4.2.24VajraSpy: A Patchwork of espionage appsVajraSpy: A Patchwork of espionage appsESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT groupAPT blogEset
4.2.24ESET Research Podcast: ChatGPT, the MOVEit hack, and PandoraESET Research Podcast: ChatGPT, the MOVEit hack, and PandoraAn AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxesCyber blogEset
4.2.24ESET takes part in global operation to disrupt the Grandoreiro banking trojanESET takes part in global operation to disrupt the Grandoreiro banking trojanESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimologyMalware blogEset
4.2.24Cyber: The Swiss army knife of tradecraftCyber: The Swiss army knife of tradecraftIn today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alikeCyber blogEset
4.2.24Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony AnscombeBlackwood hijacks software updates to deploy NSPX30 – Week in security with Tony AnscombeThe previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UKAPT blogEset
4.2.24Assessing and mitigating supply chain cybersecurity risksAssessing and mitigating supply chain cybersecurity risksBlindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk managementCyber blogEset
4.2.24NSPX30: A sophisticated AitM-enabled implant evolving since 2005NSPX30: A sophisticated AitM-enabled implant evolving since 2005ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named BlackwoodAPT blogEset
4.2.24Break the fake: The race is on to stop AI voice cloning scamsBreak the fake: The race is on to stop AI voice cloning scamsAs AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detectionAI blogEset

20.1.24

A visual representation of Parrot TDS landing scripts. Icons representing warning signs, links, malicious emails, phishing and threat actors. The Palo Alto Networks and Unit 42 logos.Parrot TDS: A Persistent and Evolving Malware CampaignThis campaign is unique in its methodology, employing a source spoofing technique to target a broad spectrum of token holders. It specifically focuses on more than 100 highly popular projects, aiming its attacks at token holders. Malware blogPalo Alto

20.1.24

CHECK POINT RESEARCH ALERTS ON A NEW NFT AIRDROP CAMPAIGNA traffic direction system (TDS) nicknamed Parrot TDS has been publicly reported as active since October 2021. Websites with Parrot TDS have malicious scripts injected into existing JavaScript code hosted on the server. This TDS is easily identifiable by keywords found in the injected JavaScript that we will explore to show the evolution of this threat. OS BlogCheckpoint

20.1.24

Why many CISOs consider quitting – Week in security with Tony AnscombeWhy many CISOs consider quitting – Week in security with Tony AnscombeThe job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failingsSecurity blogEset

20.1.24

Virtual kidnapping: How to see through this terrifying scamVirtual kidnapping: How to see through this terrifying scamPhone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victimsSpam blogEset

20.1.24

Is Temu safe? What to know before you ‘shop like a billionaire’Is Temu safe? What to know before you ‘shop like a billionaire’Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible dealSpam blogEset

20.1.24

The 7 deadly cloud security sins and how SMBs can do things betterThe 7 deadly cloud security sins and how SMBs can do things betterBy eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-riskSecurity blogEset

14.1.24

A pictorial representation of a financial fraud campaign. A male criminal with a beard and wearing a mask opens a door on a laptop screen.Financial Fraud APK CampaignDuring our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. Hacking blogPalo Alto

14.1.24

A pictorial representation of the Medusa ransomware gang. A hand offers money to another hand holding keys. In the background is a computer screen with the biohazard symbol on it.Medusa Ransomware Turning Your Files into StoneUnit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. Ransom blogPalo Alto

14.1.24

A pictorial representation of malware analyzed via configuration extractors. An open laptop against a dark background is flanked by exclamation points. On the laptop screen are overlapping windows with a bug icon representing the malware.Tackling Anti-Analysis Techniques of GuLoader and RedLine StealerMalware, like many complex software systems, relies on the concept of software configuration. Configurations establish guidelines for malware behavior and they are a common feature among the various malware families we examine.Malware blogPalo Alto

14.1.24

.NET HOOKING – HARMONIZING MANAGED TERRITORYFor a malware researcher, analyst, or reverse engineer, the ability to alter the functionality of certain parts of code is a crucial step, often necessary to reach a meaningful result during the analysis process. Malware blogCheckpoint

14.1.24

New decryptor for Babuk Tortilla ransomware variant releasedCisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor.Ransom blogCisco Blog

14.1.24

Lessons from SEC's X account hack – Week in security with Tony AnscombeLessons from SEC's X account hack – Week in security with Tony AnscombeThe cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC's X account right ahead of the much-anticipated decision about Bitcoin ETFsCryptocurrency blogEset

14.1.24

A peek behind the curtain: How are sock puppet accounts used in OSINT?A peek behind the curtain: How are sock puppet accounts used in OSINT?How wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risksSecurity blogEset

14.1.24

Attack of the copycats: How fake messaging apps and app mods could bite youAttack of the copycats: How fake messaging apps and app mods could bite youWhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don’t get taken for a ride.Social blogEset

14.1.24

Love is in the AI: Finding love online takes on a whole new meaningLove is in the AI: Finding love online takes on a whole new meaningIs AI companionship the future of not-so-human connection – and even the cure for loneliness?AI blogEset

14.1.24

Cracking the 2023 SANS Holiday Hack ChallengeCracking the 2023 SANS Holiday Hack ChallengeFrom ChatNPT to Game Boys and space apps, this year’s challenge took us to the Geese Islands for another rollicking romp of funHacking blogEset

14.1.24

Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony AnscombeCybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony AnscombeWhat are some of the key cybersecurity trends that people and organizations should have on their radars this year?Security blogEset

14.1.24

Lost and found: How to locate your missing devices and moreLost and found: How to locate your missing devices and moreLosing your keys, your wallet – or anything else, really – can be a pain, but there is a wide world of trackers that can help you locate your missing things – with awesome accuracySecurity blogEset

14.1.24

Say what you will? Your favorite speech-to-text app may be a privacy riskSay what you will? Your favorite speech-to-text app may be a privacy riskTyping with your voice? It should go without saying that you need to take some precautions and avoid spilling your secrets.Security blogEset