EXFILTRATION Archives - Page 3 of 108 - Cybersecurity News Everyday

How an Exposed Jenkins Instance Led to a Full-Scale Infrastructure Compromise

This article discusses the risks associated with misconfigured Jenkins instances in CI/CD pipelines, highlighting a specific case where an exposed Jenkins service led to unauthorized access and severe security vulnerabilities. The findings from CloudSEK’s BeVigil underscore the potential consequences of such misconfigurations, including remote code execution, credential theft, and regulatory risks.…

Cyber Security News

PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps

March 28, 2025 CybersecurityNews

Summary: A new campaign utilizing the PJobRAT Android malware has been detected, targeting users in Taiwan under the guise of chat applications. This malware, previously aimed at Indian military personnel, has evolved to harvest sensitive information while masquerading as messaging apps. Security researchers indicate its operation spanned nearly two years before pausing in October 2024.…

Threat Research

I Am Not A Robot

March 28, 2025March 28, 2025 Securonix

Recent social engineering tactics have evolved to include a variant of the SectopRAT malware, which is disguised as a Cloudflare verification challenge. This Remote Access Trojan employs extensive techniques for data exfiltration and uses various evasion methods to avoid detection. Affected: Users, Browsers, Cryptocurrency Holders

Keypoints :

ClickFix-style social engineering techniques are becoming more prevalent among threat groups.…

Cyber Security News

Russian Espionage Group Using Ransomware in Attacks

March 28, 2025 CybersecurityNews

Summary: RedCurl, a Russian-speaking threat actor, has shifted tactics by deploying a new ransomware called QWCrypt, primarily targeting virtual machines. This marks a notable change from its previous focus on corporate espionage since 2018. The group uses phishing methods for initial access while maintaining a low profile and avoiding public ransom demands.…

Threat Research

How SVigil Prevented a Massive Supply Chain Breach in Banking Infrastructure?

March 28, 2025 CloudSek

This article highlights the cybersecurity vulnerabilities that arise when financial institutions rely on third-party vendors. It details how CloudSEK’s SVigil platform discovered exposed credentials of a key communication service provider, which led to a significant data breach affecting a major banking entity. The timely detection helped prevent potential misuse of sensitive data and loss of customer trust.…

0Trash

INDOHAXSEC Indonesian Hacking Collective | Arctic Wolf

March 27, 2025March 28, 2025 Securonix

INDOHAXSEC, a recent Indonesian hacktivist group, has conducted various cyberattacks including DDoS and ransomware targeting government entities and companies, motivated primarily by political agendas related to pro-Palestinian sentiments. They use a combination of custom and off-the-shelf tools, and maintain a notable presence on platforms like GitHub and Telegram.…

Cyber Attack

634 Targets, 6 Million Records at Stake—Inside the UAE’s Cybersecurity Showdown

March 27, 2025 LeakNews

Summary: The UAE government successfully thwarted a major cyberattack aimed at 634 government and private entities, attributed to a hacker known as “rose87168.” The breach, potentially exposing around six million customer records, raises significant concerns about ongoing cyber threats to the UAE, highlighting the necessity for robust cybersecurity measures.…

Threat Research

Weaver Ant: Tracking a China-Nexus Cyber Espionage Operation

March 27, 2025March 27, 2025 Securonix

A major telecommunication company in Asia has been targeted by a persistent threat actor identified as Weaver Ant, linked to China. The group has used stealthy techniques like web shells to maintain access and facilitate cyber espionage. This highlights the need for organizations to develop robust defense strategies against state-sponsored threats.…

Threat Research

Shifting the sands of RansomHub’s EDRKillShifter

March 27, 2025 ESET-welivesecurity

ESET researchers examine the ransomware landscape in 2024, highlighting the emergence of RansomHub, a prominent ransomware-as-a-service (RaaS) group linked to established gangs like Play, Medusa, and BianLian. The article discusses the rise of EDR killers, particularly EDRKillShifter, developed by RansomHub, and reflects on the shifting dynamics of ransomware payments and victim statistics.…

Defense contractor to pay .6 million over third-party provider’s security weakness

Cyber Security News

Defense contractor to pay $4.6 million over third-party provider’s security weakness

March 26, 2025 CybersecurityNews

Summary: MORSE Corp, a defense contractor based in Cambridge, Massachusetts, has settled with the U.S. government for .6 million due to violations of federal cybersecurity requirements. The settlement stems from allegations that the company misrepresented its cybersecurity posture and failed to comply with standards set by the National Institute of Standards and Technology.…

Threat Research

Consequences of INPS-themed Smishing: Stolen Documents for Sale Online

March 26, 2025 Italy-Cert-agid

The article discusses the ongoing smishing campaigns targeting the Italian public, particularly focusing on scams related to the INPS (National Social Security Institute). The scams involve the theft of identity documents, mostly selfies where the document is displayed next to the victim’s face. Despite continuous monitoring and takedown efforts by CERT-AGID, these fraudulent activities continue to proliferate, leading to an increase in victims and the illegal sale of personal documents on the dark web.…

Cyber Attack

RedCurl cyberspies create ransomware to encrypt Hyper-V servers

March 26, 2025 BleepingComputer

Summary: The threat actor group RedCurl has evolved from corporate espionage to deploying a ransomware encryptor, QWCrypt, targeting Hyper-V virtual machines. Their tactics now include sophisticated phishing schemes and stealthy methods for lateral movement within networks. This strategic shift raises questions about their motives and operational goals, as they blend espionage with ransomware attacks.…

Cyber Attack

AI-Powered Productivity or Security Nightmare? The Risks of Enterprise AI

March 26, 2025 LeakNews

Summary: The integration of Generative AI (GenAI) in enterprise environments has surged, paving the way for significant security worries, particularly concerning the sharing of sensitive data. A recent report emphasizes the implications of “shadow AI,” where employees utilize personal accounts for GenAI applications, heightening the risk of data exfiltration.…

Threat Research

SnakeKeylogger: A Multistage Info Stealer Malware Campaign

March 26, 2025 Seqrite

The SnakeKeylogger campaign illustrates a sophisticated credential-stealing threat targeting both individuals and businesses. Utilizing multi-stage infection techniques, it cleverly evades detection while harvesting sensitive data from various platforms. Attackers employ malicious spam emails containing disguised executable files to initiate the infection. Affected: Individuals, Businesses, Email Clients, Web Browsers, FTP Clients.…

Threat Research

Inside Kimsuky’s Latest Cyberattack: Analyzing Malicious Scripts and Payloads

March 26, 2025 K7computing

Kimsuky, a North Korean APT group, has been identified as engaging in sophisticated cyber espionage techniques targeting various nations, including South Korea, Japan, and the U.S. Their attack methods involve a series of malware payloads delivered via a ZIP file, leading to data exfiltration and sensitive information theft.…

Threat Research

Detecting and Mitigating IngressNightmare – CVE-2025-1974

March 26, 2025 Sysdig

A set of critical vulnerabilities, including CVE-2025-1974, affecting the Ingress NGINX Controller in Kubernetes was disclosed, posing severe threats such as remote code execution. Organizations are encouraged to mitigate these risks by promptly upgrading to the latest versions of the NGINX Controller and securing admission webhook endpoints.…

Threat Research

New Malicious Wave via PEC: MintsLoader Now Distributes AsyncRat

March 26, 2025 Italy-Cert-agid

A new malicious campaign has been detected, targeting users of certified email (PEC) accounts. The attackers exploit the perceived reliability of these communications to enhance their success rate. The malware used has shifted from Vidar to AsyncRat, a remote access trojan (RAT), indicating a potential escalation in the attack’s objectives.…

Threat Research

YouTube Creators Under Siege Again: Clickflix Technique Fuels Malware Attacks

March 26, 2025 CloudSek

This report reveals a sophisticated malware campaign targeting YouTube creators through spearphishing, utilizing the Clickflix technique to deceive victims into executing malicious scripts. Attackers leverage brand impersonation and exploit interest in professional collaborations to spread malware via meticulously crafted phishing emails. Once activated, the malware steals sensitive data or allows remote access.…

Cyber Security News

Unmasking Kimsuky’s Latest Tactics: A Deep Dive into Malicious Scripts and Payloads

March 26, 2025 CybersecurityNews

Summary: K7 Labs recently analyzed cyber tactics utilized by the North Korean APT group Kimsuky, shedding light on their use of malicious scripts and payloads in recent campaigns. The analysis reveals a sophisticated infection chain designed to exfiltrate sensitive information while evading detection. Key tactics include phishing, malware infections, and the use of dynamic obfuscation techniques to bypass security measures.…

Cyber Security News

Rilide Stealer Disguises as a Browser Extension to Steal Crypto

March 26, 2025 Cyware

Summary: A new threat named “Rilide” has emerged as a malicious browser extension that steals sensitive user information, primarily targeting Chromium-based browsers. Disguised as legitimate extensions like Google Drive, Rilide employs deceptive tactics including phishing campaigns and PowerShell loaders to install itself and capture data such as passwords and cryptocurrency credentials.…

Tag: EXFILTRATION