Although there was no evidence of data theft or lateral movement, the agency’s investigation revealed that unauthorized access to various sensitive information, including security plans and user accounts, may have occurred.
Zeek is an open-source network analysis framework. Unlike an active security device such as a firewall, Zeek operates on a versatile ‘sensor’ that can be a hardware, software, virtual, or cloud platform.
Cyble Research and Intelligence Labs (CRIL) researchers have discovered that a Russia-linked threat group known as UAC-0184 is targeting Ukraine using the XWorm remote access trojan (RAT).
Cybersecurity threats are utilizing cloud services, such as AWS and DriveHQ, to store, distribute, and control malicious activities. This poses challenges for detection and prevention, as cloud services offer scalability and anonymity.
According to the Thales 2024 Cloud Security Study, 44% of organizations have experienced a cloud data breach, with 14% reporting incidents in the past year. Human error and misconfigurations were the top root causes, affecting 31% of cases.
The FBI has issued a warning about cybercriminals pretending to be law firms and lawyers offering cryptocurrency recovery services. These scammers target victims of investment scams, stealing funds and personal information.
Ta Van Tai, Nguyen Viet Quoc, Nguyen Trang Xuyen, and Nguyen Van Truong are accused of conducting phishing campaigns and supply chain compromises to orchestrate cyberattacks and steal millions of dollars.
SpyMax does not require the targeted device to be rooted, making it easier for threat actors to cause damage. Once installed, SpyMax gathers personal information from the infected device without user consent and sends it to a remote threat actor.
P2PInfect, a previously dormant peer-to-peer malware botnet, has recently become active and is now targeting Redis servers. The botnet has introduced new features like cron-based persistence mechanisms and SSH lockout.
Unlike previous methods, SnailLoad doesn’t require a person-in-the-middle attack or hacking the target’s Wi-Fi. Instead, it lets a remote attacker infer websites and content viewed by a user without accessing their network traffic directly.