Tracked as NewsPenguin, the adversary has been observed sending phishing emails that use the upcoming Pakistan International Maritime Expo & Conference (PIMEC-2023) as bait and which carry weaponized documents to deliver an advanced espionage tool.
Australia’s Defence Department removed all Chinese-manufactured surveillance cameras after an audit detailed the number of Hikvision and Dahua devices installed in various government facilities.
Researchers from Broadcom Symantec took the wraps off of an information-stealing malware known as Graphiron. Russia-affiliated ATP group Nodaria is using it in operations against Ukraine. Written in the Go programming language, the malware enables operators to gather a variety of data from the infected systems, including screenshots, files, system information, and login passwords.
Security experts at Avast Threat Labs uncovered four malicious Dota 2 game mods that cyber adversaries are using to backdoor players’ systems. The game mods were named Overdog no annoying heroes (id 2776998052), Custom Hero Brawl (id 2780728794), and Overthrow RTZ Edition X10 XP (id 2780559339). These programs could be used for logging, creating coroutines, […]
An alert from the CERT-UA revealed that threat actors conducted a phishing campaign against Ukrainian government agencies to deploy the Remcos RAT on their computers. The email contained a file reminding recipients to pay for services availed from Ukrtelecom. This latest Remcos version leverages the Dynamic Imports technique to evade detection by static analysis tools.
SentinelLabs claimed to have observed the first Linux variant of Cl0p ransomware. The ELF variant of the ransomware uses the same encryption method and similar process logic as it does for Windows. Given that some Windows-only capabilities are missing from this new Linux version, it appears to still be in the early stages of development. […]
The EFF has been tracking Dark Caracal since 2015. In 2020, Quintin and EFF’s director of cybersecurity Eva Galperin published a report about a hacking campaign focused on Lebanese targets.
If a cybercriminal doesn’t name their strain themselves, a cybersecurity researcher creates the name. The primary researcher of the strain will usually come up with the name, and they sometimes assign one that seems random but usually is not.
Several California medical groups have sent security breach notification letters to more than three million patients alerting them that crooks may have stolen a ton of their sensitive health and personal information during a ransomware infection.
Microsoft has tracked down a sophisticated authentication bypass for Active Directory Federated Services (AD FS), pioneered by the Russia-linked Nobelium threat actor group.