Russian APT28 hackers, also known as Fancy Bear and other aliases, have been targeting unpatched Cisco routers in a malware operation since 2021. The UK National Cyber Security Centre (NCSC) and the US' National Security Agency, Cybersecurity and Infrastructure Security Agency, and the FBI issued a joint advisory outlining the APT28 exploitation tactics. The attackers exploited CVE-2017-6742, a bug in the Simple Network Management Protocol (SNMP)...
Read More
A new malware loader has been discovered by security researchers that is being used as part of the infection chain for the Aurora information stealer. The loader is successful at avoiding detection by security solutions due to its anti-virtual-machine (VM) and unusual compilation techniques. The Aurora infostealer is a modular malware-as-a-service platform that can be used as a downloader to deploy additional payloads as well as...
Read More
Polish government officials have issued a warning that a cyberespionage group, believed to be linked to Russia's intelligence services, is targeting diplomatic and foreign ministries from NATO and EU member states. The group, known as APT29, Cozy Bear, and NOBELIUM, is believed to be part of Russia's Foreign Intelligence Service (SVR). This group was responsible for the 2020 supply chain attack against software company SolarWinds, which...
Read More
Cybercriminals are increasingly turning to stolen credentials as a valuable commodity on the underground market. According to a report by cybersecurity firm Flashpoint, last year saw 4,518 data breaches reported, with attackers stealing or exposing 22.62 billion credentials and personal records. Over 60% of these were stolen from organizations in the information sector. Flashpoint's database of threat intelligence includes 575 million posts on illegal forums, 3.6...
Read More
LastPass Breach Resulted from Failure to Update Plex Software. A recent breach at LastPass, a popular password management service, has been attributed to the failure of one of its engineers to update Plex software on their home computer. This serves as a reminder of the importance of keeping software up-to-date to avoid potential security risks. The breach occurred when unidentified actors leveraged information stolen from a previous...
Read More
Six Law Firms Targeted in GootLoader and SocGholish Malware Campaigns Mar 01, 2023 - In January and February 2023, six different law firms were targeted in two separate threat campaigns distributing GootLoader and FakeUpdates (aka SocGholish) malware strains. GootLoader is a first-stage downloader that is capable of delivering a wide range of secondary payloads such as Cobalt Strike and ransomware. It employs search engine optimization (SEO)...
Read More
Today marks a significant milestone in the cyber threat landscape, as the first publicly known malware capable of bypassing Secure Boot defenses has been discovered. Dubbed BlackLotus, the stealthy Unified Extensible Firmware Interface (UEFI) bootkit is being offered for sale at $5,000 and is programmed in Assembly and C. According to ESET, a Slovak cybersecurity company, BlackLotus is capable of running on fully up-to-date Windows 11...
Read More
On February 23, 2023, Jamf Threat Labs uncovered evasive cryptocurrency mining malware targeting macOS systems. The XMRig coin miner was being deployed as a trojanized version of the legitimate application Final Cut Pro, a video editing software from Apple. The malicious mining process was found to be sourced from Pirate Bay, with uploads dating back to 2019. It is believed that the malware was delivered as...
Read More
On February 23, 2023, multiple threat actors have been observed exploiting a critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 (CVSS score: 9.8), the remote code execution flaw allows a complete takeover of the susceptible systems by unauthenticated attackers. Martin Zugec of Bitdefender's cybersecurity firm revealed in a technical advisory that the vulnerability "allows unauthenticated remote code execution due...
Read More
China-based cyberespionage actor DEV-0147 has been observed compromising diplomatic targets in South America, according to Microsoft’s Security Intelligence team. The initiative is “a notable expansion of the group’s data exfiltration operations that traditionally targeted gov’t agencies and think tanks in Asia and Europe,” the team tweeted on Monday. DEV-0147’s attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for reconnaissance...