Security News

Data visualization: An invaluable tool in a defender’s arsenal
2022-10-21 04:30

How can blue teams remove the attackers' edge by turning data into visualizations? Understand relationships between your data points. By understanding the relationships between pairs of these data points, we can automate the construction of a relationship tree between all of them.

BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal
2022-09-26 10:33

The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. ALPHV is also one of the first ransomware strains to be programmed in Rust, a trend that has since been adopted by other families such as Hive and Luna in recent months to develop and distribute cross-platform malware.

Intel increases its arsenal against physical hardware attacks
2022-08-12 20:39

The security community is so focused on attacks relying on software that it often forgets that physical attacks are possible. Physical attacks are also often seen as an attacker having the capability to physically access the targeted computer and then use some hardware to compromise the computer.

Photos: Black Hat USA 2022 Arsenal
2022-08-11 13:52

At the Black Hat USA 2022 Arsenal by ToolsWatch, researchers showcase their latest open-source tools and products. This year, the Arsenal provides tool demonstrations in an open, conversational, and hybrid environment where presenters are able to interact with attendees.

Avos ransomware threat actor updates its attack arsenal
2022-06-23 13:50

A new report from Cisco Talos Intelligence Group exposes new tools used in Avos ransomware attacks. The threat actor provides a control panel for the affiliates, a negotiation panel with push and sound notifications, decryption tests, and access to a diverse network of penetration testers, initial access brokers and other contacts.

EnemyBot malware adds enterprise flaws to exploit arsenal
2022-06-01 03:47

The botnet malware EnemyBot has added exploits to its arsenal, allowing it to infect and spread from enterprise-grade gear. "The threat group behind EnemyBot, Keksec, is well-resourced and has the ability to update and add new capabilities to its arsenal of malware on a daily basis," Ofer Caspi, a security researcher with Alien Labs, wrote in a blog post this month.

Iran-Linked Hackers Expand Arsenal With New Android Backdoor
2021-08-05 15:48

The Iran-linked hacking group named Charming Kitten has added a new Android backdoor to its arsenal and successfully compromised individuals associated with the Iranian reformist movement, according to security researchers with IBM's X-Force threat intelligence team. Last year, the group accidentally exposed approximately 40 GB of videos and other content associated with its operations, including training videos on how to exfiltrate data from online accounts, and clips detailing the successful compromise of certain targets.

How ransomware actors are adding DDoS attacks to their arsenals
2021-06-02 11:38

DDoS attacks increase the pressure on the victim to pay the ransom by adding another threat to combat, says NETSCOUT. Ransomware attackers are always looking for new ways to persuade their targets to pay the ransom. One tactic increasingly being added to a traditional ransomware campaign is a DDoS attack.

Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal
2021-05-15 01:13

Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research. The attacks have been linked to a group called Transparent Tribe, also known as Operation C-Major, APT36, and Mythic Leopard, which has created fraudulent domains mimicking legitimate Indian military and defense organizations, and other fake domains posing as file-sharing sites to host malicious artifacts.

US-UK Gov Warning: SolarWinds Attackers Add Open-Source PenTest Tool to Arsenal
2021-05-07 16:32

Agencies in the United States and the United Kingdom on Friday published a joint report providing more details on the activities of the Russian cyberspy group that is believed to be behind the attack on IT management company SolarWinds. The FBI, NSA, CISA and the UK's NCSC say the Russian threat actor tracked as APT29 was behind the SolarWinds attack, which resulted in hundreds of organizations having their systems breached through malicious updates served from compromised SolarWinds systems.