RECONNAISSANCE Archives - Page 2 of 46 - Cybersecurity News Everyday

CERT-UA Warns of Cyber Espionage Against the Ukrainian Defense Industry Using DarkCrystal RAT

Summary: The Computer Emergency Response Team of Ukraine (CERT-UA) has identified a cyber espionage campaign targeting the defense sector with the Dark Crystal RAT. This campaign involves the distribution of malicious archived files via Signal, designed to look like legitimate communications. The report highlights the persistent threat posed by the DCRat malware, which has evolved since its first appearance in 2018, with modular capabilities for various malicious actions.…

Cyber Security News

Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing

March 21, 2025 CybersecurityNews

Summary: Browser security is becoming increasingly critical due to a 140% rise in phishing attacks, primarily fueled by zero-day vulnerabilities and advancements in generative AI used by cybercriminals. As attackers adopt sophisticated techniques akin to professional engineering, the risk of browser-based phishing is expected to escalate dramatically moving into 2025.…

Threat Research

Black Basta’s Dependency Confusion Ambitions and Ransomware in Open Source Ecosystems

March 20, 2025 admin

Recent leaks from Black Basta’s internal chat logs highlight the gang’s strategy to leverage open source ecosystems, specifically npm and PyPI, to execute dependency confusion attacks. This research uncovers the threat posed by ransomware attacks and extortionware within these ecosystems, along with examples of historical attacks.…

Threat Research

North Korea Kimsuky Malicious Backdoor VBS Script-vbs.html (2025.3.16)

March 20, 2025March 20, 2025 iocOne

This article discusses a malicious VBS script named vbs.html created by the North Korean hacking group Kimsuky, which is distributed via a specific malicious URL. The script uses several obfuscation techniques to evade detection and can execute remote code via HTTP requests, indicating its potential use as a backdoor.…

Cyber Security News

Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners

March 20, 2025 CybersecurityNews

Summary: A severe security vulnerability in PHP (CVE-2024-4577) is being exploited by threat actors to deploy cryptocurrency miners and remote access trojans, with a significant rise in attacks noted across several countries. The flaw particularly affects Windows-based systems operating in CGI mode, allowing remote code execution.…

Threat Research

Securonix Threat Labs Monthly Intelligence Insights – February 2025

March 19, 2025 Securonix

The Monthly Intelligence Insights report from Securonix Threat Labs analyzes significant cybersecurity threats from February 2025, including sophisticated campaigns such as DEEP#DRIVE by Kimsuky and various ransomware activities. Key findings include the emergence of new threat actors and tactics targeting critical sectors through phishing and exploiting vulnerabilities.…

Threat Research

Silk Typhoon Targeting IT Supply Chain

March 18, 2025March 18, 2025 microsoft

Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…

Threat Research

Malvertising Campaign Leads to Info Stealers Hosted on GitHub

March 18, 2025March 18, 2025 microsoft

In December 2024, a widespread malvertising campaign was discovered that affected nearly a million devices globally, originating from illegal streaming websites embedded with malicious advertisements. The attack involved a series of redirections leading to GitHub, Dropbox, and Discord, where malware was hosted. This campaign targeted various sectors indiscriminately, highlighting the need for enhanced security measures across devices and networks.…

Cyber Attack

Medusa Ransomware Surge: 60 Victims in 3 Months—Are You Next?

March 18, 2025 LeakNews

Summary: Federal authorities have issued an urgent advisory regarding the rising threat from the Medusa ransomware group, which has seen a significant surge in attacks across major industries. The group employs advanced techniques, including double extortion and evasion strategies, to infiltrate organizations and extract sensitive data.…

Threat Research

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

March 18, 2025 Reliaquest

This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target these flaws for credential theft and administrative control. The research indicates substantial growth in discussions around Fortinet VPN vulnerabilities on cybercriminal forums, illustrating their significance in the current threat landscape.…

Threat Research

StilachiRAT analysis: From system reconnaissance to cryptocurrency theft | Microsoft Security Blog

March 18, 2025March 18, 2025 iocOne

In November 2024, Microsoft Incident Response uncovered StilachiRAT, a remote access trojan that employs sophisticated evasion techniques and data exfiltration capabilities, targeting sensitive information such as credentials, digital wallet data, and clipboard contents. StilachiRAT establishes command-and-control connectivity with remote servers, and Microsoft has issued guidance to bolster defenses against this growing threat.…

Cyber Security News

Microsoft: New RAT malware used for crypto theft, reconnaissance

March 18, 2025 BleepingComputer

Summary: Microsoft has detected a new remote access trojan (RAT) named StilachiRAT that utilizes advanced techniques for avoiding detection and extracting sensitive information. Although its distribution is currently limited, Microsoft has released indicators of compromise and mitigation strategies to aid network defenders in identifying the threat.…

Threat Research

Credit Card Skimmer and Backdoor on WordPress E-commerce Site

March 16, 2025 Sucuri

The increasing sophistication of e-commerce malware has led to serious security threats for platforms such as WordPress WooCommerce. A recent case uncovered a coordinated attack involving a credit card skimmer, a hidden backdoor file manager, and a reconnaissance script, aimed at stealing customer data and maintaining long-term access.…

Cyber Security News

Head Mare and Twelve: Inside the Collaboration Targeting Russian Companies

March 15, 2025 CybersecurityNews

Summary: A report by Kaspersky Labs reveals collaboration between hacktivist groups Head Mare and Twelve in a series of attacks against Russian companies in September 2024. They are utilizing shared tools and infrastructure, including the new Cobint backdoor, indicating a coordinated approach in their cyber offensive tactics.…

Threat Research

SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware

March 14, 2025 TrendMicro

Trend Research’s analysis of SocGholish’s MaaS framework highlights its critical role in delivering RansomHub ransomware via compromised websites. Utilizing highly obfuscated JavaScript loaders, SocGholish evades detection and successfully executes malicious tasks. Notably, the framework propels initial access for ransomware attacks, mainly affecting government entities in the United States.…

Cyber Security News

FBI, CISA Raise Alarms As Medusa Ransomware Attacks Grow

March 14, 2025 CybersecurityNews

Summary: A joint alert from CISA, FBI, and MS-ISAC warns of rising Medusa ransomware attacks, a ransomware-as-a-service (RaaS) variant impacting various critical infrastructure sectors. Since its emergence in 2021, Medusa has targeted over 300 victims, employing double extortion tactics and leveraging initial access brokers to gain entry to networks.…

Threat Research

How to Detect and Eliminate Persistent Malware Before It Wreaks Havoc

March 14, 2025 Huntress

This article provides an in-depth analysis of an intrusion investigation conducted by security professionals, focusing on the methods and techniques used to unravel a complex attack. It details how the threat actor gained initial access, performed credential theft, and executed lateral movement within a network. The findings highlight the challenges of gathering complete telemetry during such investigations.…

Threat Research

One Million Devices Infected: Hackers Use Malvertising and GitHub to Spread Infostealers

March 14, 2025 admin

In early December 2024, Microsoft Threat Intelligence detected a large-scale malvertising campaign that affected nearly one million devices globally. The attack exploited illegal streaming websites and employed a multi-stage payload delivery system using platforms like GitHub, Discord, and Dropbox to deliver malware aimed at information theft.…

Threat Research

Head Mare and Twelve join forces to attack Russian entities

March 14, 2025 SecureList

In September 2024, Russian companies faced a series of coordinated attacks linked to two hacktivist groups, Head Mare and Twelve. The investigation revealed a blend of new and familiar tactics, techniques, and procedures (TTPs) employed in these attacks, with indications of collaboration and tool-sharing between the groups.…

Interesting Stuff

Threat Intelligence: A Deep Dive into Cyber Kill Chains, Diamond Models, and the Zero-Day Crisis

March 13, 2025March 13, 2025 iocOne

The recent VMware zero-day vulnerability (CVE-2023–20867) has made numerous organizations—including cloud providers and financial institutions—vulnerable to serious attacks such as data theft and ransomware. This incident highlights the importance of cybersecurity frameworks like the Cyber Kill Chain and Diamond Model for developing effective defenses against increasingly sophisticated threats.…

Tag: RECONNAISSANCE