RECONNAISSANCE Archives - Page 3 of 46 - Cybersecurity News Everyday

In November 2024, Microsoft Incident Response uncovered StilachiRAT, a remote access trojan that employs sophisticated evasion techniques and data exfiltration capabilities, targeting sensitive information such as credentials, digital wallet data, and clipboard contents. StilachiRAT establishes command-and-control connectivity with remote servers, and Microsoft has issued guidance to bolster defenses against this growing threat.…

Cyber Security News

Microsoft: New RAT malware used for crypto theft, reconnaissance

March 18, 2025 BleepingComputer

Summary: Microsoft has detected a new remote access trojan (RAT) named StilachiRAT that utilizes advanced techniques for avoiding detection and extracting sensitive information. Although its distribution is currently limited, Microsoft has released indicators of compromise and mitigation strategies to aid network defenders in identifying the threat.…

Threat Research

Credit Card Skimmer and Backdoor on WordPress E-commerce Site

March 16, 2025 Sucuri

The increasing sophistication of e-commerce malware has led to serious security threats for platforms such as WordPress WooCommerce. A recent case uncovered a coordinated attack involving a credit card skimmer, a hidden backdoor file manager, and a reconnaissance script, aimed at stealing customer data and maintaining long-term access.…

Cyber Security News

Head Mare and Twelve: Inside the Collaboration Targeting Russian Companies

March 15, 2025 CybersecurityNews

Summary: A report by Kaspersky Labs reveals collaboration between hacktivist groups Head Mare and Twelve in a series of attacks against Russian companies in September 2024. They are utilizing shared tools and infrastructure, including the new Cobint backdoor, indicating a coordinated approach in their cyber offensive tactics.…

Threat Research

SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware

March 14, 2025 TrendMicro

Trend Research’s analysis of SocGholish’s MaaS framework highlights its critical role in delivering RansomHub ransomware via compromised websites. Utilizing highly obfuscated JavaScript loaders, SocGholish evades detection and successfully executes malicious tasks. Notably, the framework propels initial access for ransomware attacks, mainly affecting government entities in the United States.…

Cyber Security News

FBI, CISA Raise Alarms As Medusa Ransomware Attacks Grow

March 14, 2025 CybersecurityNews

Summary: A joint alert from CISA, FBI, and MS-ISAC warns of rising Medusa ransomware attacks, a ransomware-as-a-service (RaaS) variant impacting various critical infrastructure sectors. Since its emergence in 2021, Medusa has targeted over 300 victims, employing double extortion tactics and leveraging initial access brokers to gain entry to networks.…

Threat Research

How to Detect and Eliminate Persistent Malware Before It Wreaks Havoc

March 14, 2025 Huntress

This article provides an in-depth analysis of an intrusion investigation conducted by security professionals, focusing on the methods and techniques used to unravel a complex attack. It details how the threat actor gained initial access, performed credential theft, and executed lateral movement within a network. The findings highlight the challenges of gathering complete telemetry during such investigations.…

Threat Research

One Million Devices Infected: Hackers Use Malvertising and GitHub to Spread Infostealers

March 14, 2025 admin

In early December 2024, Microsoft Threat Intelligence detected a large-scale malvertising campaign that affected nearly one million devices globally. The attack exploited illegal streaming websites and employed a multi-stage payload delivery system using platforms like GitHub, Discord, and Dropbox to deliver malware aimed at information theft.…

Threat Research

Head Mare and Twelve join forces to attack Russian entities

March 14, 2025 SecureList

In September 2024, Russian companies faced a series of coordinated attacks linked to two hacktivist groups, Head Mare and Twelve. The investigation revealed a blend of new and familiar tactics, techniques, and procedures (TTPs) employed in these attacks, with indications of collaboration and tool-sharing between the groups.…

Interesting Stuff

Threat Intelligence: A Deep Dive into Cyber Kill Chains, Diamond Models, and the Zero-Day Crisis

March 13, 2025March 13, 2025 iocOne

The recent VMware zero-day vulnerability (CVE-2023–20867) has made numerous organizations—including cloud providers and financial institutions—vulnerable to serious attacks such as data theft and ransomware. This incident highlights the importance of cybersecurity frameworks like the Cyber Kill Chain and Diamond Model for developing effective defenses against increasingly sophisticated threats.…

Threat Research

The Invisible Battlefield Behind LLM Security Crisis – NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

March 13, 2025March 13, 2025 iocOne

This article discusses a series of data breaches involving large language models (LLMs) that occurred between January and February 2025. These incidents highlighted vulnerabilities in the deployment of LLMs across enterprises, resulting in extensive data leaks including API keys, user credentials, and sensitive information. The incidents serve as a wake-up call regarding “AI-driven risks” and underscore the need for improved security practices.…

Interesting Stuff

Redelegate – VulnLab | ForceChangePassword, GenericAll, and Constrained Delegation

March 13, 2025March 13, 2025 Infosecwriteups

In this article, the author, known as Maverick, provides a detailed walkthrough of exploiting an Active Directory machine, showcasing various techniques such as DACL abuse and constrained delegation. Maverick employs tools like Nmap to identify vulnerabilities and FTP to download sensitive files, ultimately leading to privilege escalation through clever password management and attack vectors.…

Threat Research

The Rise of AI-Driven Cyber Attacks: How LLMs Are Reshaping the Threat Landscape

March 13, 2025 Deepinstinct

This article discusses the transformative impact of generative AI on cyberattacks, enhancing their speed and effectiveness, particularly through the use of Large Language Models (LLMs). It highlights how various Advanced Persistent Threat (APT) groups are employing AI for reconnaissance, phishing, vulnerability discovery, and malware development. As AI capabilities advance, cybersecurity professionals face growing challenges in defending against sophisticated AI-driven threats.…

Threat Research

NCSC Reports Surge in Cyber Security Incidents with Financial Losses in Q4 2024

March 13, 2025 Cyble

The NCSC’s Cyber Security Insights report for Q4 2024 highlights a significant rise in financial losses due to cybercrime in New Zealand, amounting to .8 million, a 24% increase from the previous quarter. The report reveals a concerning trend in high-loss incidents, often starting from impersonation scams via phone calls.…

Cyber Security News

SideWinder APT Group: Maritime & Nuclear Targets, Evolved Malware

March 12, 2025 CybersecurityNews

Summary: The SideWinder APT group has intensified its cyber-espionage efforts, specifically targeting maritime and nuclear sectors, while continuously evolving its malware and persistence strategies. Kaspersky Labs highlights notable increases in attacks across South and Southeast Asia, the Middle East, and Africa, as the group demonstrates refined techniques to maintain operational stealth.…

Cyber Security News

North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts

March 11, 2025 Cyware

Summary: North Korean hackers known as APT37 or ScarCruft are utilizing advanced phishing techniques to deploy the RokRat remote access Trojan (RAT) by delivering malicious ZIP files containing disguised LNK files. These attacks exploit real information to enhance credibility and execute a multi-stage infection process that gathers system details and exfiltrates data using legitimate cloud services.…

Threat Research

Stopping Sobolan Malware with Aqua Runtime Protection

March 11, 2025 Aquasec

Aqua Nautilus researchers have uncovered a new multi-stage attack campaign focused on interactive computing environments like Jupyter Notebooks. The attackers exploit unauthenticated instances to deploy malicious tools, hijack system resources, and maintain persistence, posing significant risks to cloud-native environments. Enhanced security measures are crucial to defend against such threats.…

Threat Research

Dark Web Profile: APT35

March 11, 2025 SocRadar

APT35, also known as Charming Kitten, is an Iranian state-sponsored cyber-espionage group targeting various sectors through sophisticated cyber campaigns. Since its emergence in 2014, APT35 has been involved in high-profile incidents such as the HBO data breach and attempted compromises of U.S. governmental and campaign-related accounts.…

Threat Research

RST TI Report Digest: 10 Mar 2025

March 10, 2025March 10, 2025 iocOne

This week’s threat intelligence report reveals a range of sophisticated cyber threats, including targeted multistage malware attacks, ransomware groups adopting new backconnect malware, and social engineering tactics employed in recruitment scams. Notable threats included a campaign targeting aviation and transport in the UAE, while other malware leveraged social media for distribution.…

Tag: RECONNAISSANCE