Security News

Lazarus Group is using Windows Update to spray malware in a campaign powered by a GitHub command-and-control server, researchers have found. Lazarus did the same thing last July: At that time, the APT was identified as being behind a campaign that was spreading malicious documents to job-seeking engineers, impersonating defense contractors who were purportedly seeking job candidates at Airbus, General Motors and Rheinmetall.

NET payload and command-and-control servers with previous MoleRats APT attacks. "The targets in this campaign were chosen specifically by the threat actor and they included critical members of the banking sector in Palestine, people related to Palestinian political parties, as well as human rights activists and journalists in Turkey," Zscaler's analysts found.

Kaspersky researchers have uncovered the third known case of a firmware bootkit in the wild. Having first appeared in the wild in the spring of 2021, MoonBounce demonstrates a sophisticated attack flow, with evident advancement in comparison to formerly reported UEFI firmware bootkits.

From basic financial pump-and-dump schemes to straight-up nation-state cybertheft, nascent crypto markets, and their investors - often with dubious understanding of how they really work - have become prime targets for crypto scammers. North Korean-backed cybercrime groups, including APT 38/Lazarus Group, have turned their talents and resources exclusively toward ripping off crypto markets, according to a new report from Chainalysis.

U.S. Cyber Command has confirmed that MuddyWater - an advanced persistent threat cyberespionage actor aka Mercury, Static Kitten, TEMP.Zagros or Seedworm that's historically targeted government victims in the Middle East - is an Iranian intelligence outfit. On Wednesday, USCYBERCOM not only confirmed the tie; it also disclosed the plethora of open-source tools and strategies MuddyWater uses to break into target systems and released malware samples.

Threat hunters have shed light on the tactics, techniques, and procedures embraced by an Indian-origin hacking group called Patchwork as part of a renewed campaign that commenced in late November 2021, targeting Pakistani government entities and individuals with a research focus on molecular medicine and biological science. "Ironically, all the information we gathered was possible thanks to the threat actor infecting themselves with their own , resulting in captured keystrokes and screenshots of their own computer and virtual machines," Malwarebytes Threat Intelligence Team said in a report published on Friday.

Ransomware attacks decrease, operators started rebrandingPositive Technologies experts have analyzed the Q3 2021 cybersecurity threatscape and found a decrease in the number of unique cyberattacks. How can SMBs extend their SecOps capabilities without adding headcount?While cybersecurity budgets are rising, most small and some midsize organizations looking to employ skilled cybersecurity professionals are often unable to match salaries offered by big enterprises in a job market where demand outstrips supply.

As we enter 2022, organizations are re-evaluating their cybersecurity strategies to lower risks and best defend against potential threats. Two things to consider in that planning - in addition to the ever-growing threats of ransomware, phishing, and zero-day vulnerabilities - are nation-state and Advanced Persistent Threat-style attacks.

Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group to exploit the Log4Shell vulnerability. Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a vulnerable VMware installation during an attack that involved of a large undisclosed academic institution, according to research released Wednesday.

A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately foiled, was aimed at an unnamed "Large academic institution." The state-sponsored group is believed to have been operating since mid-2020 in pursuit of intelligence collection and industrial espionage, with its attacks primarily directed against companies in the telecommunications, technology, and government sectors.