Tag: EMAIL

Response to CISA Advisory (AA25-093A): Fast Flux: A National Security Threat
This advisory from multiple cybersecurity agencies highlights the ongoing threat of fast flux techniques used by malicious actors, particularly ransomware groups like Hive and Nefilim. These methods complicate detection and disruption, necessitating improved collaboration and enhanced detection mechanisms among organizations. Affected: organizations, Internet service providers, cybersecurity service providers, financial sector, manufacturing sector, transportation sector

Keypoints :

April 3, 2025 advisory published by CISA, NSA, FBI, and other partners.…
Read More
Hackers hit Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
Summary: In March, Ukraine experienced at least three cyberattacks targeting government agencies and critical infrastructure, utilizing a new malware known as Wrecksteel. The attacks involved phishing emails that led to the extraction of sensitive data and screenshots from infected devices. Ukrainian cyber authorities linked these activities to a newly identified hacking group, UAC-0219, while also suggesting potential ties to Russian-backed cyber operations.…
Read More
This advisory addresses the significant threat posed by the “fast flux” technique, used by malicious cyber actors to evade detection and maintain command and control infrastructure. Fast flux enables the rapid alteration of DNS records, complicating tracking and blocking actions. The advisory calls for collaborative efforts from government entities and service providers to enhance detection and mitigation capabilities against fast flux activities.…
Read More
Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks
Summary: Cisco has issued fixes for two high-severity denial-of-service vulnerabilities affecting its Meraki devices and Enterprise Chat and Email (ECE) appliances. The Meraki vulnerability could cause the AnyConnect VPN server to restart, while the ECE flaw could disrupt chat functionalities due to improper input validation. Users are urged to update to patched versions to mitigate potential risks.…
Read More
BeaverTail and Tropidoor Malware Distributed via Recruitment Emails
This article discusses a malware distribution incident involving North Korean attackers who impersonated a recruitment email from Dev.to to deploy BeaverTail malware and a downloader named car.dll. The compromised project revealed malicious content, prompting community disclosure. BeaverTail is primarily used for information theft and is often spread through phishing attacks disguised as job offers.…
Read More
My book on Cyber Threat Intel, that never quite made it as a book, Chapter 1.1
This content explores the significance of Cyber Threat Intelligence (CTI) in improving organizational security and understanding the threat landscape. It delves into the motivations of various types of threat actors, their tactics, and how to effectively mitigate risks. The goal is to provide a comprehensive guide that enhances awareness and proactive measures against cyber threats.…
Read More
Understanding Russian Cognitive Warfare
This article explores Russia’s cognitive warfare tactics, rooted in Soviet KGB doctrines, and their modern adaptations involving disinformation and cyber operations. It presents strategies to counter these tactics, including targeted cyber retaliation and strategic communication, utilizing frameworks such as SWOT and DIMEFIL. A comprehensive analysis is provided on the strategic environment and implications of Russian hacktivist groups, along with methods for dismantling them from within.…
Read More
RedCurl’s Ransomware Debut: A Technical Deep Dive
This research by Bitdefender Labs introduces the QWCrypt ransomware campaign, linked to the RedCurl group, marking a significant shift in their tactics from data exfiltration to ransomware. RedCurl has been operating since 2018 but has historically utilized Living-off-the-Land techniques for corporate espionage. Their targeting of specific infrastructures and the use of hypervisor encryption underscores a sophisticated evolution in their operational strategy, raising questions regarding their motivations and business model.…
Read More
8 Zero-Day Vulnerabilities Uncovered in Netgear WNR854T Router
Summary: Security researcher Dylan has revealed eight critical zero-day vulnerabilities in the Netgear WNR854T router, which has been unsupported since its release in 2017. These vulnerabilities range from buffer overflows to command injection flaws, posing severe risks of remote code execution and unauthorized access. The vendor has declined to address the issues due to the device being classified as end-of-life (EOL).…
Read More

Victim: Polizia italia mail access Country : IT Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/62fb4410d877de37af265a67e06d9aede52773ae9e949b381f0e89b4a4f337ec/ Discovered: 2025-04-03 03:20:43.528510 Published: 2025-04-03 03:19:37.234277 Description : In a significant cybersecurity incident, the Babuk2 ransomware group has targeted the Polizia Italia, gaining unauthorized access to their email systems. This breach, which took place in Italy, poses serious implications for the country’s law enforcement integrity and data security, as sensitive information may have been compromised.…
Read More
Emulating the Sophisticated Russian Adversary Seashell Blizzard
Seashell Blizzard, also known as APT44, is a highly sophisticated Russian adversary linked to military intelligence, targeting various critical sectors to conduct espionage through persistent access and custom tools. The AttackIQ assessment template helps organizations validate their security against this threat. Affected: energy, telecommunications, government, military, transportation, manufacturing, retail sectors.…
Read More
BYOVD Reloaded: Abusing a New Driver to Kill EDR
The article discusses a sophisticated ransomware attack involving Qilin ransomware, which utilizes the technique of bring-your-own-vulnerable-driver (BYOVD) to bypass traditional Endpoint Detection and Response (EDR) measures. The analysis uncovers the exploitation of a lesser-known driver, TPwSav.sys, in the context of a ransomware-as-a-service model. It emphasizes the vulnerabilities exploited, the attack chain, and the retaliation measures taken by Blackpoint’s Security Operations Center (SOC).…
Read More
RolandSkimmer: Silent Credit Card Thief Uncovered
The “RolandSkimmer” campaign utilizes malicious browser extensions and LNK files to execute persistent credit card skimming attacks, primarily targeting users in Bulgaria. The malware collects sensitive data through deceptive mechanisms while maintaining stealth and adaptation to its victims’ environments. Affected: Microsoft Windows, Chrome, Edge, Firefox

Keypoints :

The “RolandSkimmer” campaign targets Microsoft Windows users through malicious LNK files and browser extensions.…
Read More
Malicious PyPI Package Targets WooCommerce Stores with Automated Carding Attacks
The Socket research team uncovered a malicious Python package named disgrasya on PyPI, designed to automate carding attacks against WooCommerce stores using CyberSource as a payment gateway. This openly malicious tool facilitates the testing of stolen credit card numbers, allowing low-skilled fraudsters to simulate transactions without raising fraud detection alarms.…
Read More
A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware
Ransomware attacks, specifically the so-called Babuk Locker 2.0, have resurfaced in 2025, attributed to groups named Skywave and Bjorka. Investigations reveal that Babuk Locker 2.0 is essentially a rebranding of LockBit 3.0, utilizing similar techniques and targeting high-profile organizations across various sectors. Affected: organizations, government agencies, cybercriminal sectors

Keypoints :

Ransomware threat persists, causing significant organizational disruption.…
Read More
Serial Entrepreneurs Raise M to Counter AI Deepfakes, Social Engineering
Summary: Adaptive Security, a startup combating deepfake social engineering and AI threats, has secured million in early-stage funding led by Andreessen Horowitz and the OpenAI Startup Fund. Founded by Brian Long and Andrew Jones, the company aims to develop a platform for simulating AI-generated attacks, enhancing employee training and real-time threat triaging.…
Read More
SmokeLoader Malware Deployed in Stealthy Campaign Targeting Major Banks
Summary: G DATA security researchers have uncovered a sophisticated malware infection chain targeting First Ukrainian International Bank, centering on the enhanced SmokeLoader and its intermediary, Emmenhtal Loader. The attack utilizes social engineering, living off the land binaries, and advanced evasion techniques to deploy multiple malware stages stealthily without detection.…
Read More
Cybercriminals Expand Use of Lookalike Domains in Email Attacks
Summary: A recent report by BlueVoyant reveals that cybercriminals are increasingly using lookalike domains for targeted email scams, making detection difficult. These attacks affect various sectors, employing tactics such as impersonation and phishing to deceive victims into providing sensitive information. The report emphasizes the importance of monitoring and educating clients to mitigate these risks.…
Read More