FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
☐ β˜† βœ‡ The Hacker News

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign

By: Newsroom β€” May 16th 2024 at 13:48
The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware. "The threat actor created a Facebook account with a fake identity disguised as a public official working in the North Korean human rights field," South Korean cybersecurity company Genians
☐ β˜† βœ‡ The Hacker News

Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions

By: Newsroom β€” May 15th 2024 at 12:29
An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail. ESET, which identified the activity, attributed it with medium confidence to the Russia-aligned cyberespionage group Turla (aka Iron Hunter, Pensive Ursa, Secret Blizzard, Snake, Uroburos, and Venomous
☐ β˜† βœ‡ The Hacker News

Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days

By: Newsroom β€” May 15th 2024 at 07:17
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity. This is in addition to 30 vulnerabilities&
☐ β˜† βœ‡ The Hacker News

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

By: The Hacker News β€” May 13th 2024 at 10:19
In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts
☐ β˜† βœ‡ The Hacker News

Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia

By: Newsroom β€” May 13th 2024 at 10:01
The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022. In a joint advisory published by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS
☐ β˜† βœ‡ The Hacker News

CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar)

By: The Hacker News β€” May 10th 2024 at 12:52
Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you'll explore how AI tools are shaping the future of cybersecurity defenses. During the session, Censys Security Researcher Aidan Holland will
☐ β˜† βœ‡ The Hacker News

What's the Right EDR for You?

By: The Hacker News β€” May 10th 2024 at 10:22
A guide to finding the right endpoint detection and response (EDR) solution for your business’ unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints. This is why endpoint
☐ β˜† βœ‡ The Hacker News

Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign

By: Newsroom β€” May 9th 2024 at 15:20
Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. "The campaign sent emails with content intended to arouse the recipient's interest and persuade him to click on the link," the computer emergency response team, CERT Polska, said in a Wednesday bulletin. Clicking on the link
☐ β˜† βœ‡ The Hacker News

Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery

By: Newsroom β€” May 9th 2024 at 11:04
Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet. That's according to findings from Juniper Threat Labs, which said the vulnerabilities CVE-2023-46805 and CVE-2024-21887 have been leveraged to deliver the botnet payload. While CVE-2023-46805 is an authentication bypass flaw, CVE-2024-
☐ β˜† βœ‡ The Hacker News

Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover

By: Newsroom β€” May 9th 2024 at 06:11
Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next
☐ β˜† βœ‡ The Hacker News

The Fundamentals of Cloud Security Stress Testing

By: The Hacker News β€” May 8th 2024 at 10:58
Χ΄Defenders think in lists, attackers think in graphs,” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list security gaps directly related to their assets in the network and eliminate as many as possible, starting with the most critical.
☐ β˜† βœ‡ The Hacker News

Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

By: Newsroom β€” May 3rd 2024 at 12:35
Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
☐ β˜† βœ‡ The Hacker News

How to Make Your Employees Your First Line of Cyber Defense

By: The Hacker News β€” May 1st 2024 at 11:03
There’s a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you’ve got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard, you
☐ β˜† βœ‡ The Hacker News

Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years

By: Newsroom β€” April 30th 2024 at 13:36
Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositories in Docker Hub are imageless and have no content except for the repository
☐ β˜† βœ‡ The Hacker News

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

By: Newsroom β€” April 26th 2024 at 10:18
Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in
☐ β˜† βœ‡ The Hacker News

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

By: Newsroom β€” April 26th 2024 at 05:49
Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.92.0. The issue has been resolved in version 3.92.1 released on February 27, 2024,
☐ β˜† βœ‡ The Hacker News

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

By: Newsroom β€” April 24th 2024 at 07:02
A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed 
☐ β˜† βœ‡ KitPloit - PenTest Tools!

C2-Tracker - Live Feed Of C2 Servers, Tools, And Botnets

By: Zion3R β€” April 24th 2024 at 02:23


Free to use IOC feed for various tools/malware. It started out for just C2 tools but has morphed into tracking infostealers and botnets as well. It uses shodan.io/">Shodan searches to collect the IPs. The most recent collection is always stored in data; the IPs are broken down by tool and there is an all.txt.

The feed should update daily. Actively working on making the backend more reliable


Honorable Mentions

Many of the Shodan queries have been sourced from other CTI researchers:

Huge shoutout to them!

Thanks to BertJanCyber for creating the KQL query for ingesting this feed

And finally, thanks to Y_nexro for creating C2Live in order to visualize the data

What do I track?

Running Locally

If you want to host a private version, put your Shodan API key in an environment variable called SHODAN_API_KEY

echo SHODAN_API_KEY=API_KEY >> ~/.bashrc
bash
python3 -m pip install -r requirements.txt
python3 tracker.py

Contributing

I encourage opening an issue/PR if you know of any additional Shodan searches for identifying adversary infrastructure. I will not set any hard guidelines around what can be submitted, just know, fidelity is paramount (high true/false positive ratio is the focus).

References



☐ β˜† βœ‡ The Hacker News

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

By: Newsroom β€” April 23rd 2024 at 04:23
The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly as early as April 2019, leveraged a now-patched flaw that allowed for
☐ β˜† βœ‡ The Hacker News

Pentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation

By: The Hacker News β€” April 22nd 2024 at 11:30
Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half.  And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and
☐ β˜† βœ‡ The Hacker News

Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack

By: Newsroom β€” April 20th 2024 at 05:53
Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as "intricate" and a combination of two bugs in versions PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 of the software. "In
☐ β˜† βœ‡ The Hacker News

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

By: Newsroom β€” April 20th 2024 at 05:18
Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files," CrushFTP said in an advisory released Friday.
☐ β˜† βœ‡ The Hacker News

BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool

By: Newsroom β€” April 19th 2024 at 13:44
Technology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as well as its enhanced successor referred to as Deuterbear. Cybersecurity firm Trend Micro is tracking the
☐ β˜† βœ‡ The Hacker News

Hackers Target Middle East Governments with Evasive "CR4T" Backdoor

By: Newsroom β€” April 19th 2024 at 06:16
Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T. Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it may have been active since at least a year prior. The campaign has been codenamed 
☐ β˜† βœ‡ The Hacker News

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

By: Newsroom β€” April 18th 2024 at 14:25
Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform since 2018. More than 20 such documents have been uploaded since 2022. "The documents contained VBA
☐ β˜† βœ‡ The Hacker News

How to Conduct Advanced Static Analysis in a Malware Sandbox

By: The Hacker News β€” April 18th 2024 at 10:31
Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations. Detecting Threats in PDFs PDF files are frequently exploited by threat actors to
☐ β˜† βœ‡ The Hacker News

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

By: Newsroom β€” April 16th 2024 at 13:39
The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside
☐ β˜† βœ‡ The Hacker News

Identity in the Shadows: Shedding Light on Cybersecurity's Unseen Threats

By: The Hacker News β€” April 16th 2024 at 11:10
In today's rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify their identity security measures. Our recent research report, The Identity Underground
☐ β˜† βœ‡ The Hacker News

Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability

By: Newsroom β€” April 15th 2024 at 08:17
Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root
☐ β˜† βœ‡ The Hacker News

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

By: Newsroom β€” April 12th 2024 at 14:55
"Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal. liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying library that is part of the XZ Utils data compression software. The
☐ β˜† βœ‡ The Hacker News

Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign

By: Newsroom β€” April 12th 2024 at 09:49
The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2, becoming the latest such tool in its arsenal after SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go. "While occasionally switching to a new remote administration tool or changing their C2 framework, MuddyWater’s methods remain constant," Deep
☐ β˜† βœ‡ The Hacker News

Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack

By: Newsroom β€” April 12th 2024 at 08:56
Palo Alto Networks is warning that a critical flaw impacting PAN-OS software used in its GlobalProtect gateways is being actively exploited in the wild. Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity. "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct
☐ β˜† βœ‡ The Hacker News

Python's PyPI Reveals Its Secrets

By: The Hacker News β€” April 11th 2024 at 11:32
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in GitHub, but a number in the popular Python package repository PyPI. PyPI,
☐ β˜† βœ‡ The Hacker News

CL0P's Ransomware Rampage - Security Measures for 2024

By: The Hacker News β€” April 9th 2024 at 11:24
2023 CL0P Growth  Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the β€˜CryptoMix’ ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to 2022. But in 2023 the CL0P ransomware gang took itself to new heights and became one of the
☐ β˜† βœ‡ The Hacker News

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

By: Newsroom β€” April 9th 2024 at 05:46
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in
☐ β˜† βœ‡ The Hacker News

Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox

By: Newsroom β€” April 8th 2024 at 11:29
Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it's designed to retrieve
☐ β˜† βœ‡ The Hacker News

The Drop in Ransomware Attacks in 2024 and What it Means

By: The Hacker News β€” April 8th 2024 at 11:23
The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure
☐ β˜† βœ‡ The Hacker News

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

By: Newsroom β€” April 6th 2024 at 09:43
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution. It was addressed by the company as part of
☐ β˜† βœ‡ The Hacker News

Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

By: Newsroom β€” April 5th 2024 at 07:15
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the uncategorized monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Also previously linked to the exploitation spree is a Chinese
☐ β˜† βœ‡ The Hacker News

China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations

By: Newsroom β€” April 2nd 2024 at 11:00
A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security researcher Christopher So said in a report published today. "It has been observed to
☐ β˜† βœ‡ The Hacker News

Harnessing the Power of CTEM for Cloud Security

By: The Hacker News β€” April 2nd 2024 at 11:27
Cloud solutions are more mainstream – and therefore more exposed – than ever before. In 2023 alone, a staggering 82% of data breaches were against public, private, or hybrid cloud environments. What’s more, nearly 40% of breaches spanned multiple cloud environments. The average cost of a cloud breach was above the overall average, at $4.75 million. In a time where cloud has become the de facto
☐ β˜† βœ‡ The Hacker News

Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors

By: Newsroom β€” April 2nd 2024 at 04:54
The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government verticals in Spain, Mexico, the United States, Colombia, Portugal, Brazil, Dominican Republic, and
☐ β˜† βœ‡ The Hacker News

PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers

By: Newsroom β€” March 29th 2024 at 05:37
The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. PyPI said "new project creation and new user registration" was temporarily halted to mitigate what it said was a "malware upload campaign." The incident was resolved 10 hours later, on March 28, 2024, at 12:56
☐ β˜† βœ‡ The Hacker News

New Webinar: Avoiding Application Security Blind Spots with OPSWAT and F5

By: The Hacker News β€” March 28th 2024 at 12:43
Considering the ever-changing state of cybersecurity, it's never too late to ask yourself, "am I doing what's necessary to keep my organization's web applications secure?" The continuous evolution of technology introduces new and increasingly sophisticated threats daily, posing challenges to organizations all over the world and across the broader spectrum of industries striving to maintain
☐ β˜† βœ‡ The Hacker News

CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

By: Newsroom β€” March 27th 2024 at 13:15
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a critical remote code execution flaw that allows an authenticated attacker with Site
☐ β˜† βœ‡ The Hacker News

Sketchy NuGet Package Likely Linked to Industrial Espionage Targets Developers

By: Newsroom β€” March 26th 2024 at 16:54
Threat hunters have identified a suspicious package in the NuGet package manager that's likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which ReversingLabs said was first published on January 24, 2024. It has been downloaded 
☐ β˜† βœ‡ The Hacker News

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

By: Newsroom β€” March 25th 2024 at 11:58
Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. "The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom
☐ β˜† βœ‡ The Hacker News

German Police Seize 'Nemesis Market' in Major International Darknet Raid

By: Newsroom β€” March 24th 2024 at 05:24
German authorities have announced the takedown of an illicit underground marketplace called Nemesis Market that peddled narcotics, stolen data, and various cybercrime services. The Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said it seized the digital infrastructure associated with the darknet service located in Germany and Lithuania and confiscated €94,000 ($102,107)
☐ β˜† βœ‡ The Hacker News

New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S.

By: Newsroom β€” March 22nd 2024 at 14:08
Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as StrelaStealer. The campaigns impact more than 100 organizations in the E.U. and the U.S., Palo Alto Networks Unit 42 researchers said in a new report published today. "These campaigns come in the form of spam emails with attachments that eventually
☐ β˜† βœ‡ The Hacker News

Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware

By: Newsroom β€” March 22nd 2024 at 03:06
The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show. The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with Russian military intelligence. "AcidPour's expanded capabilities would enable it to better
☐ β˜† βœ‡ The Hacker News

Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems

By: Newsroom β€” March 21st 2024 at 16:03
The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG (TTNG). "The attackers compromised the first system, established persistence and added exclusions to antivirus products running on these endpoints as part of their preliminary post-compromise actions," Cisco
☐ β˜† βœ‡ The Hacker News

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

By: Newsroom β€” March 21st 2024 at 12:48
Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs researcher Kashinath T Pattan said. "Classified as an SMTP cracker, it exploits SMTP
☐ β˜† βœ‡ The Hacker News

Making Sense of Operational Technology Attacks: The Past, Present, and Future

By: The Hacker News β€” March 21st 2024 at 09:23
When you read reports about cyber-attacks affecting operational technology (OT), it’s easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the
☐ β˜† βœ‡ The Hacker News

TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks

By: Newsroom β€” March 20th 2024 at 11:26
Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of CVE-2024-27198 (CVSS score: 9.8) that enables an adversary to bypass authentication measures and gain administrative
☐ β˜† βœ‡ The Hacker News

Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices

By: Newsroom β€” March 19th 2024 at 09:59
A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for Linux x86 devices, SentinelOne's Juan Andres Guerrero-Saade said in a series of posts on X. "The new variant [...] is an ELF binary compiled for x86 (not MIPS) and while it refers to similar devices/
☐ β˜† βœ‡ Security – Cisco Blog

Sign up for a Tour at the RSA Conference 2024 SOC

By: Jessica Bair β€” March 18th 2024 at 12:00

Join the guided tour outside the Security Operations Center, where we’ll discuss real time network traffic of the RSA Conference, as seen in the NetWitness platform. Engineers will be using Cisco S… Read more on Cisco Blogs

☐ β˜† βœ‡ The Hacker News

Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers

By: Newsroom β€” March 15th 2024 at 06:18
Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike. β€œThe malicious site found in the notepad++ search is distributed through an advertisement block,” Kaspersky
☐ β˜† βœ‡ The Hacker News

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

By: The Hacker News β€” March 14th 2024 at 04:21
Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted
☐ β˜† βœ‡ The Hacker News

Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub

By: Newsroom β€” March 13th 2024 at 09:43
A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-based downloader. β€œThe attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware,” Fortinet FortiGuard Labs researcher Yurren Wan said. An unusual aspect of the
☐ β˜† βœ‡ The Hacker News

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

By: Newsroom β€” March 9th 2024 at 04:01
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our
❌