Security News

The infamous Mirai botnet was spotted by researchers who say it is spinning up again, this time with an "Aggressively updated arsenal of exploits." It's the first major update to the IZ1H9 Mirai variant in months and arrives bolstered with tools to break into devices from D-Link and Zyxel, among others.

The Royal ransomware gang has begun testing a new encryptor called BlackSuit that shares many similarities with the operation's usual encryptor. Since its launch, Royal Ransomware has become one of the most active operations, responsible for numerous attacks on the enterprise.

So says Singapore-based security outfit Group-IB, which claims Dark Pink has been active since mid-2021, primarily focused on victims in the Asia-Pacific region - but that appears to be changing. Group-IB's researchers say they've identified five new Dark Pink victims since their January 2023 research on the threat group, bringing the criminals' victim list to 13.

The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users. The attacks are part of a persistent and long-running activity tracked under the name Operation Dream Job, ESET said in a new report published today.

The North Korean advanced persistent threat actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help files to download additional malware. "The group is constantly evolving its tools, techniques, and procedures while experimenting with new file formats and methods to bypass security vendors," Zscaler researchers Sudeep Singh and Naveen Selvan said in a new analysis published Tuesday.

The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia. The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C# and is designed to evade "Network-based forms of detection."

How can blue teams remove the attackers' edge by turning data into visualizations? Understand relationships between your data points. By understanding the relationships between pairs of these data points, we can automate the construction of a relationship tree between all of them.

The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. ALPHV is also one of the first ransomware strains to be programmed in Rust, a trend that has since been adopted by other families such as Hive and Luna in recent months to develop and distribute cross-platform malware.

The security community is so focused on attacks relying on software that it often forgets that physical attacks are possible. Physical attacks are also often seen as an attacker having the capability to physically access the targeted computer and then use some hardware to compromise the computer.

At the Black Hat USA 2022 Arsenal by ToolsWatch, researchers showcase their latest open-source tools and products. This year, the Arsenal provides tool demonstrations in an open, conversational, and hybrid environment where presenters are able to interact with attendees.