As of today, a large majority of intrusion sets and threat actors leverage crypters prior to delivering and executing malicious payloads on a target system. They use it to build malware capable of avoiding security solutions. In their campaigns, malicious actors can rely on an open-source, a commercially available or a custom crypter.…
Tag: MONITOR
Cisco on Tuesday unveiled an open source proof-of-concept tool designed to improve visibility into backplane traffic in industrial organizations.
A backplane is a piece of hardware that connects various modules and components together. In operational technology (OT) environments, for instance, backplanes enable organizations to link together programmable logic controllers (PLCs) and other modules for high-speed communication.…
Updated March 8: Based on our experience, we believe that BlackCat’s claim of shutting down due to law enforcement pressure is a hoax. We anticipate their return under a new guise or brand after their hiatus. This scam tactic serves as a means for them to execute one final significant scam before resurfacing with less scrutiny.…
The US Department of Health and Human Services (HHS) on Monday revealed the actions taken to assist healthcare providers in continuing to serve patients following the ransomware attack on Change Healthcare.
One of the largest healthcare technology companies in the US and a subsidiary of UnitedHealth Group, Change Healthcare handles billions of healthcare transactions per year.…
An in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks.
[Reflectiz shields websites from client-side attacks, supply chain risks, data breaches, privacy violations, and compliance issues]
You Can’t Protect What You Can’t SeeToday’s websites are connected to dozens of third-party web apps, trackers, and open-source tools like pixels, tag managers, and JavaScript frameworks.…
EclecticIQ analysts identified an increase in the delivery of WikiLoader in February 2024 [1]. This trend highlights the necessity for organizations and individuals to enhance their cybersecurity measures against WikiLoader.…
The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker.
“TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan Raghuprasad said in a report shared with The Hacker News.…
Open-source tool that can legitimately be used to manage content in the cloud, but has been seen being abused by ransomware actors to exfiltrate data from victim machines. For an example of how Rclone may be used, see case study below.
AnyDesk: A legitimate remote desktop application. By installing it, attackers can obtain remote access to computers on a network. Malicious…
Analysis of an Android Malware-as-a-Service Operation
Coper, a descendant of the ,,Exobot malware family, was ,,first observed in the wild in July 2021, targeting Colombian Android users. At that time, Coper (the Spanish translation of “Copper”) was distributed as a fake version of Bancolombia’s “Personas” application.…
The North Korean government-backed hackers were able to gain a major victory when Microsoft left a zero-day vulnerability unpatched for six months after learning it was actively exploited for six months. As a result of this, attackers were able to take advantage of existing vulnerabilities, thereby gaining access to sensitive information.…
Read More Cybercriminals have developed an enhanced version of the infamous GhostLocker ransomware that they are deploying in attacks across the Middle East, Africa, and Asia.
Two ransomware groups, GhostSec and Stormous, have joined forces in the attack campaigns with double-extortion ransomware attacks using the new GhostLocker 2.0 to infect organizations in Lebanon, Israel, South Africa, Turkey, Egypt, India, Vietnam, and Thailand, as well as other locations.…
A plugin for the open source network security monitoring tool Zeek is affected by several vulnerabilities that threat actors could leverage in attacks aimed at industrial control system (ICS) environments.
The existence of the vulnerabilities was disclosed recently by the US security agency CISA. The agency’s ICS advisory describes two critical- and one high-severity vulnerabilities impacting the Ethercat plugin for Zeek.…
Mar 05, 2024NewsroomAttack Surface / Exposure Management
Startups and scales-ups are often cloud-first organizations and rarely have sprawling legacy on-prem environments. Likewise, knowing the agility and flexibility that cloud environments provide, the mid-market is predominantly running in a hybrid state, partly in the cloud but with some on-prem assets.…
Published On : 2024-03-05
EXECUTIVE SUMMARYAt CYFIRMA, our commitment is to provide timely insights into prevalent threats and malicious tactics affecting both organizations and individuals. Our research team recently identified a malicious .docx file linked to the stego-campaign, revealing a sophisticated cyber threat.
This campaign utilizes template injection in a Microsoft Office document to bypass traditional email security measures.…
American Express (Amex) notifies customers that their credit card information has been compromised in a data breach involving a third-party merchant processor. The company did not disclose the number of impacted customers.
“We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system.”…
Executive summary
Read More In 2023, Account Takeover (ATO) was confirmed to be among the most harmful types of fraud for online banking customers. At Cleafy, we have seen that 90% of fraud attempts are still conducted via Account Takeover, and our forecasts expect this number to stay flat in 2024.…
Gemini to return money
As part of a settlement with regulators on Wednesday, the cryptocurrency company Gemini, owned by the Winklevoss twins, agreed to repay at least $1.1 billion to consumers of its failed “Earn” loan scheme and pay a $37 million fine for “significant” compliance violations.…
Read More BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, Reuters, The Guardian, and Washington Post, among others.
These “news” websites, which we were able to trace to their proprietor in India, repost articles from credible media and research organizations without attribution.…
BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, Reuters, The Guardian, and Washington Post, among others.
These “news” websites, which we were able to trace to their proprietor in India, repost articles from credible media and research organizations without attribution.…
Table of contentsContext
Read More Since the onset of the War in Ukraine, various groups identified as “nationalist hacktivists” have emerged, particularly on the Russian side, to contribute to the confrontation between Kyiv and Moscow. Among these entities, the pro-Russian group NoName057(16) has garnered attention through the initiation of Project DDoSia, a collective endeavour aimed at conducting large-scale distributed denial-of-service (DDoS) attacks, targeting entities (private corporations, ministries and public institutions) belonging to countries supporting Ukraine, predominantly NATO member states.…