PROXY Archives - Page 3 of 55 - Cybersecurity News Everyday

RansomHub: Attackers Leverage New Custom Backdoor

This article discusses a range of exploits and malware variants associated with RansomHub, Betruger, and various other threats. Notably, it highlights multiple hashes identified as indicators of compromise related to these malware family. The findings suggest significant concerns regarding the cybersecurity landscape with active threats to different platforms.…

Cyber Security News

Major web services go dark in Russia amid reported Cloudflare block

March 21, 2025 CybersecurityNews

Summary: Russian internet users experienced significant outages this week due to disruptions linked to Russia’s blocking of Cloudflare, affecting various online platforms and banking services. The internet regulator Roskomnadzor attributes these issues to reliance on foreign server infrastructure while suggesting a switch to local hosting providers.…

Threat Research

VanHelsing Ransomware

March 20, 2025 Cyfirma

The CYFIRMA Research and Advisory Team has discovered the VanHelsing Ransomware, which targets Windows systems and uses advanced encryption methods, making it challenging to detect and remove. It employs double extortion tactics, threatening to leak sensitive data, and stresses the importance of proactive cybersecurity measures and incident response strategies.…

Threat Research

SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated Toolset

March 20, 2025 Picussecurity

SideWinder, also known as Rattlesnake or T-APT-04, is an advanced persistent threat group from India that has expanded its operations to target maritime and nuclear sectors across Asia, the Middle East, and Africa since 2012. Known for quickly adapting to security measures, SideWinder employs various tactics, techniques, and procedures (TTPs) to execute sophisticated cyber-attacks, primarily through phishing and malware.…

Threat Research

Resurgence of a Fake Captcha Malware Campaign

March 20, 2025March 20, 2025 Securonix

The article discusses a recent investigation by Trustwave SpiderLabs that uncovered a campaign leveraging fake CAPTCHA verifications to execute malicious PowerShell scripts, leading to the deployment of infostealers like Lumma and Vidar. The multi-stage attack involves deceptive prompts to execute commands, downloading HTA files, decrypting payloads, and executing infostealers.…

Cyber Security News

Ukrainian military targeted in new Signal spear-phishing attacks

March 20, 2025 BleepingComputer

Summary: Ukraine’s Computer Emergency Response Team (CERT-UA) has issued a warning about targeted attacks utilizing compromised Signal accounts to deliver malware to defense industry employees and military personnel. The attacks involve messages with archives masquerading as meeting reports, leading victims to inadvertently execute harmful files. This activity, tracked as UAC-0200, has seen recent updates in phishing tactics to align with urgent military topics in Ukraine.…

Threat Research

The Things We Think and Do Not Say: The Future of Our Beacon Object Files (BOFs)

March 20, 2025 Netspi

This blog post proposes a new design for Beacon Object File (BOF) portable executables aimed at enhancing integration with C2 platforms. The proposed design addresses existing challenges in BOF maintenance and execution, particularly by introducing support for C++ and exception handling, promoting ease of development and deployment for C2 vendors.…

Cyber Security News

Why it’s time for phishing prevention to move beyond email

March 19, 2025 BleepingComputer

Summary: Despite significant investments in email security solutions, phishing attacks continue to pose a severe threat to organizations, largely due to the emergence of sophisticated Attack-in-the-Middle (AitM) phishing techniques. Traditional detection methods, including known-bad blocklists and malicious webpage detection, are increasingly ineffective against these evolving tactics.…

Threat Research

Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files

March 19, 2025 Unit42

A recent compromise of the tj-actions/changed-files GitHub action highlights significant risks in CI/CD pipelines stemming from third-party dependencies. Attackers exploited a vulnerability that allowed unauthorized access to sensitive workflow secrets and data breaches. The incident affected over 23,000 repositories and raised concerns about security in software supply chains.…

Threat Research

Securonix Threat Labs Monthly Intelligence Insights – February 2025

March 19, 2025 Securonix

The Monthly Intelligence Insights report from Securonix Threat Labs analyzes significant cybersecurity threats from February 2025, including sophisticated campaigns such as DEEP#DRIVE by Kimsuky and various ransomware activities. Key findings include the emergence of new threat actors and tactics targeting critical sectors through phishing and exploiting vulnerabilities.…

Cyber Security News

BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse

March 18, 2025 CybersecurityNews

Summary: The BADBOX 2.0 scheme involves at least four distinct threat actors operating a large-scale ad fraud and residential proxy operation, utilizing compromised consumer devices to create a massive botnet. This sophisticated fraud ring targets inexpensive Android devices worldwide, causing significant financial damage through various forms of cybercrime.…

Threat Research

Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor

March 18, 2025 ESET-welivesecurity

In August 2024, ESET researchers uncovered cyberespionage activities by the MirrorFace APT group targeting a Central European diplomatic institute related to Expo 2025 in Osaka, Japan. This marks the first instance of MirrorFace infiltrating a European entity, showcasing new tactics and tools, including the backdoor ANEL and a customized variant of AsyncRAT.…

Threat Research

Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud Blog

March 18, 2025March 18, 2025 Securonix

Mandiant’s discovery in mid-2024 revealed that the China-nexus espionage group, UNC3886, deployed custom backdoors on Juniper Networks’ Junos OS routers, utilizing various capabilities to maintain long-term access while circumventing security protections. Mandiant urges organizations to upgrade their Juniper devices to mitigate these vulnerabilities and recommends security measures.…

Threat Research

BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle Technique

March 18, 2025 GoogleCloudIntel

The article discusses the increasing threat of Browser in the Middle (BitM) attacks which allow adversaries to compromise user sessions across various web applications swiftly. While multi-factor authentication (MFA) is critical for security, sophisticated social engineering tactics can successfully bypass it by targeting session tokens. To combat these threats, organizations are urged to implement robust defenses such as hardware-based MFA, client certificates, and FIDO2.…

Threat Research

Medusa Ransomware Hits Record Levels, FBI and CISA Provide Key Security Insights

March 18, 2025 Cyble

The FBI and CISA have issued an advisory regarding the Medusa ransomware group, which has been increasingly active in 2025. The group has moved well beyond its previous year’s attack levels, particularly focusing on critical infrastructure sectors. This advisory details the group’s tactics, available indicators of compromise, and highlights the potential risks involved.…

Cyber Security News

AWS SNS Abused for Data Exfiltration and Phishing, Elastic Report Reveals

March 17, 2025 CybersecurityNews

Summary: A report from Elastic reveals how threat actors are misusing AWS Simple Notification Service (SNS) for data exfiltration and phishing attacks. The research uncovers techniques employed by adversaries to exploit SNS, emphasizing the challenges and opportunities for detection. The findings underline the importance of understanding the vulnerabilities inherent in cloud services to bolster security measures.…

Cyber Security News

Head Mare and Twelve: Inside the Collaboration Targeting Russian Companies

March 15, 2025 CybersecurityNews

Summary: A report by Kaspersky Labs reveals collaboration between hacktivist groups Head Mare and Twelve in a series of attacks against Russian companies in September 2024. They are utilizing shared tools and infrastructure, including the new Cobint backdoor, indicating a coordinated approach in their cyber offensive tactics.…

Threat Research

INDOHAXSEC Indonesian Hacking Collective | Arctic Wolf

March 15, 2025March 27, 2025 iocOne

The article discusses the activities of an Indonesian hacktivist group called INDOHAXSEC, which has been conducting cyberattacks, including DDoS and ransomware attacks, motivated largely by political beliefs, particularly targeting entities associated with Israel and Malaysia. They utilize custom tools and social media for coordination and propaganda.…

Threat Research

Off the Beaten Path: Recent Unusual Malware

March 15, 2025 Unit42

This article discusses three unique malware samples discovered recently: a C++/CLI IIS backdoor, a bootkit that installs a GRUB 2 bootloader, and a post-exploitation framework known as ProjectGeass. Each sample demonstrates unconventional techniques and complexities, highlighting the evolving threat landscape. Affected: IIS, Windows, system environments

Keypoints :

Three unique malware samples discovered exhibiting novel characteristics.…

Cyber Security News

Ransomware gang creates tool to automate VPN brute-force attacks

March 15, 2025 BleepingComputer

Summary: The Black Basta ransomware operation has developed an automated brute-forcing tool named ‘BRUTED’ that targets edge networking devices such as firewalls and VPNs. This framework enhances their ransomware attacks by providing streamlined access to vulnerable endpoints, with reports of increased credential-stuffing attacks throughout 2024. The tool has been designed to evade detection while significantly increasing attack efficiency on various remote-access products.…

Tag: PROXY