Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Published On : 2023-12-15
EXECUTIVE SUMMARYAt CYFIRMA, our mission is to empower you with the latest insights into the dynamic landscape of cybersecurity threats, addressing risks that impact both organizations and individuals. This report details a sophisticated cyber threat involving a malicious Word file with an embedded macro that, upon opening, prompts victims to enable macros.…
ESET Research has discovered a cluster of malicious Python projects being distributed in PyPI, the official Python package repository. The threat targets both Windows and Linux systems and usually delivers a custom backdoor. In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both.…
During the past month, we have observed an increase in the number of malicious ads on Google searches for “Zoom”, the popular piece of video conferencing software. Threat actors have been alternating between different keywords for software downloads such as “Advanced IP Scanner” or “WinSCP” normally geared towards IT administrators.…
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers observed a series of apparently related attacks against organizations in the Middle East, Africa and the U.S. We will discuss a set of tools used in the course of the attacks that reveal clues about the threat actors’ activity.…
High
Analysis SummaryAPT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been active since at least 2012 and primarily targets victims in South Korea. However, it has also conducted operations against entities in other countries, including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and various parts of the Middle East.…
Headlace backdoor capable of facilitating multiple malicious actions on objectives.
It is unclear precisely how many entities were impacted by the campaign, but our analysis indicates that organizations in the following countries were targeted: Hungary, Türkiye, Australia, Poland, Belgium, Ukraine, Germany, Azerbaijan, Saudi Arabia, Kazakhstan, Italy, Latvia and Romania.…
In 2021, Anonymous declared a cyber war against Russia after the Ukraine invasion, with similar tactics seen in the Israel-Hamas conflict. Main attacks:
Denial of Service Attacks: These attacks flood websites with excessive traffic, rendering them unavailable to legitimate users for extended periods.…Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Since the beginning of 2023, ESET researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds.
Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims’ personal and financial information to blackmail them, and in the end gain their funds.…
In the ever-evolving landscape of cybersecurity threats, one name that consistently surfaces as a force to be reckoned with is “PlugX.” This covert and insidious malware has left a trail of digital intrigue, combining advanced features with a knack for eluding detection. Its history is interwoven with cyber espionage, targeted attacks, and a continuous cat-and-mouse game with security experts (1)(2).…
The AhnLab Security Emergency response Center (ASEC) analysis team previously posted about AsyncRAT being distributed via files with the .chm extension. [1] It was recently discovered that this type of AsyncRAT malware is now being distributed in WSF script format. The WSF file was found to be distributed in a compressed file (.zip)…
Published On : 2023-12-01
EXECUTIVE SUMMARYAt Cyfirma, our dedication lies in providing current insights into the predominant threats and strategies employed by malicious entities targeting organizations and individuals. This comprehensive analysis focuses on the information stealer DanaBot and presents a thorough examination of its functionality and capabilities.…
Cybereason issues Threat Alerts to inform customers of emerging impacting threats. The Cybereason Incident Response (IR) team documented such critical attack scenarios, which started from a GootLoader infection to ultimately deploy more capabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.…
Earlier this year, we reported on a new variant of SystemBC called DroxiDat that was deployed against a critical infrastructure target in South Africa. This proxy-capable backdoor was deployed alongside Cobalt Strike beacons.…
By Securonix Threat Research: D.Iuzvyk, T.Peck, O.Kolesnikov
tl;drThreat actors working as part of DB#JAMMER attack campaigns are compromising exposed MSSQL databases using brute force attacks and appear to be well tooled and ready to deliver ransomware and Cobalt Strike payloads.
In an interesting attack campaign, the Securonix Threat Research team has identified threat actors targeting exposed Microsoft SQL (MSSQL) services using brute force attacks.…
By Max Kersten · November 29, 2023 This blog was also written by Alexandre Mundo
First discovered in early 2023, Akira ransomware seemed to be just another ransomware family that entered the market. Its continued activity and numerous victims are our main motivators to investigate the malware’s inner workings to empower blue teams to create additional defensive rules outside of their already in-place security.…
Summary
BlackBerry has uncovered a previously unknown threat actor targeting an aerospace organization in the United States, with the apparent goal of conducting commercial and competitive cyber espionage. The BlackBerry Threat Research and Intelligence team is tracking this threat actor as AeroBlade. The actor used spear-phishing as a delivery mechanism: A weaponized document, sent as an email attachment, contains an embedded remote template injection technique and a malicious VBA macro code, to deliver the next stage to the final payload execution.…
Information Stealers are a pervasive threat and are capable of providing threat actors with a rich source of sensitive data.
Recently, we came across this tweet that the Serpent Stealer is on sale on the dark web. A .NET based malware, this has the ability to not only acquire sensitive information from the most popular online browsers and applications but also has the capability to exfiltrate passwords. …
The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier).…