Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
In 2021, Anonymous declared a cyber war against Russia after the Ukraine invasion, with similar tactics seen in the Israel-Hamas conflict. Main attacks:
Denial of Service Attacks: These attacks flood websites with excessive traffic, rendering them unavailable to legitimate users for extended periods.…Published On : 2023-12-01
EXECUTIVE SUMMARYAt Cyfirma, our dedication lies in providing current insights into the predominant threats and strategies employed by malicious entities targeting organizations and individuals. This comprehensive analysis focuses on the information stealer DanaBot and presents a thorough examination of its functionality and capabilities.…
Infoblox’s DNS Early Detection Program utilizes proprietary techniques to identify potentially malicious domains at the earliest opportunity. The program shares our recent analysis of malicious domains disclosed through public OSINT, contrasting it with our preliminary identification of these domains as suspicious.
Threat actors have refined their techniques, causing most of the potential damage before malicious domains are identified and shared through open source intelligence (OSINT) and the majority of commercial threat intel feeds.…
Published On : 2023-11-29
EXECUTIVE SUMMARYThe report highlights a surge in malicious activities by Malware-as-a-service (MaaS) operators Sordeal – particularly with their new malware ‘Nova’ – since at least September 2023. It employs extensive system information-gathering, registry modifications, and uses techniques to disable kernel-level logs for stealth.…
As Black Friday and the holiday shopping season approaches, the threat of online scams is on the rise, with a 22% increase in consumer scam losses reported during the 2022 Black Friday and Cyber Monday sales. Recorded Futures Insikt Group has analyzed recent high-impact scam website campaigns, revealing three key themes in how scammers operate and offering insights into how consumers and businesses can protect themselves.…
North Korean-aligned threat actors targeting macOS have had a busy 2023, with two major campaigns noted so far: RustBucket and KandyKorn. The initial RustBucket campaign used a second-stage malware, dubbed ‘SwiftLoader’, which functioned externally as a PDF Viewer for a lure document sent to targets. While victims viewed the lure, SwiftLoader retrieved and executed a further stage malware written in Rust.…
In early September, an automated retroactive indicator of compromise (IoC) threat hunt identified an indicator of compromise (IoC) in the environment of one of our customers. The detected IP address, 144.76.136[.]153, was previously used by the cybercrime group Scattered Spider to perform exfiltration via the domain transfer.sh.…
Authors: Shilpesh Trivedi and Nisarga C M
In April 2023, the cybersecurity community faced a significant challenge with the discovery of CVE-2023-38831, a vulnerability affecting versions of WinRAR prior to 6.23. This security flaw has become a critical concern due to its exploitation by various advanced persistent threat (APT) groups, who have used it to gain control of victim systems through deceptive methods.…
The contents of this blog post were originally scheduled to be presented during an upcoming cybersecurity conference. However, interest in this topic has heightened due to the war in Israel and a suspected ongoing attack against Israeli targets. As such, we have decided to publish the relevant findings from the presentation now.…
Published On : 2023-11-03
EXECUTIVE SUMMARYAt CYFIRMA, our mission is to equip you with the most cutting-edge insights into the evolving landscape of cybersecurity threats, both targeting organizations and individuals. Our research team identified a new RAT on GitHub, available for purchase. This in-depth report investigates the Millenium-RAT, particularly version 2.4; a Win32 executable built on .NET.…
Research led by Ferdous Saljooki.
BackgroundJamf Threat Labs has identified a new malware variant attributed to the BlueNoroff APT group. BlueNoroff’s campaigns are financially motivated, frequently targeting cryptocurrency exchanges, venture capital firms and banks. During our routine threat hunting, we discovered a Mach-O universal binary communicating with a domain that Jamf has previously classified as malicious.…
Published On : 2023-11-03
Ransomware of the WeekCYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – which could be relevant to your organization.
Type: Ransomware.Target Technologies: MS Windows.…
Previous research showed that MuddyWater has sent spear-phishing emails, starting back in 2020, with direct links, as well as PDF, RTF, and HTML attachments containing links to archives hosted on various file-sharing platforms.…
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
Our latest investigation revealed that threat actors are now delivering an information-stealing malware called Lumma Stealer via Discord, a popular chat platform for online gamers, content creators, and streamers.…