Security News

The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal
2024-12-17 06:55

A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a...

Photos: Black Hat USA 2024 Arsenal
2024-08-08 07:50

Please turn on your JavaScript for this page to function normally. At the Black Hat USA 2024 Arsenal by ToolsWatch, researchers showcase their latest cybersecurity open-source tools.

Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk
2024-07-11 12:31

The China-linked advanced persistent threat group codenamed APT41 is suspected to be using an "Advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector - which is also referred to as DUSTPAN - has been codenamed DodgeBox by Zscaler ThreatLabz, which discovered the loader strain in April 2024.

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal
2024-05-20 12:20

Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm....

Mirai reloads exploit arsenal as botnet embarks on another expansion drive
2023-10-10 18:15

The infamous Mirai botnet was spotted by researchers who say it is spinning up again, this time with an "Aggressively updated arsenal of exploits." It's the first major update to the IZ1H9 Mirai variant in months and arrives bolstered with tools to break into devices from D-Link and Zyxel, among others.

Royal ransomware gang adds BlackSuit encryptor to their arsenal
2023-06-08 07:12

The Royal ransomware gang has begun testing a new encryptor called BlackSuit that shares many similarities with the operation's usual encryptor. Since its launch, Royal Ransomware has become one of the most active operations, responsible for numerous attacks on the enterprise.

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
2023-06-01 01:24

So says Singapore-based security outfit Group-IB, which claims Dark Pink has been active since mid-2021, primarily focused on victims in the Asia-Pacific region - but that appears to be changing. Group-IB's researchers say they've identified five new Dark Pink victims since their January 2023 research on the threat group, bringing the criminals' victim list to 13.

Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job
2023-04-20 11:56

The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users. The attacks are part of a persistent and long-running activity tracked under the name Operation Dream Job, ESET said in a new report published today.

ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques
2023-03-22 12:24

The North Korean advanced persistent threat actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help files to download additional malware. "The group is constantly evolving its tools, techniques, and procedures while experimenting with new file formats and methods to bypass security vendors," Zscaler researchers Sudeep Singh and Naveen Selvan said in a new analysis published Tuesday.

NAPLISTENER: New Malware in REF2924 Group's Arsenal for Bypassing Detection
2023-03-22 07:19

The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia. The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C# and is designed to evade "Network-based forms of detection."