Security News

DDoS attacks appear to reflect major geo-political challenges and social tensions and have become an increasingly significant part in the hybrid warfare arsenal, according to Arelion. Conversely, in the rest of the world, researchers observed lower Asia-US DDoS activity and fewer DDoS attacks to and from South America in 2022.

A previously undetected advanced persistent threat actor dubbed Red Stinger has been linked to attacks targeting Eastern Europe since 2020. Red Stinger overlaps with a threat cluster Kaspersky revealed under the name Bad Magic last month as having targeted government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea last year.

Researchers are seeing a rise in attacks spreading the EvilExtractor data theft tool, used to steal users' sensitive data in Europe and the U.S. EvilExtractor is sold by a company named Kodex for $59/month, featuring seven attack modules, including ransomware, credential extraction, and Windows Defender bypassing. While marketed as a legitimate tool, BleepingComputer was told that EvilExtractor is primarily promoted to threat actors on hacking forums.

According to Mandiant, who has tracked APT43 since 2018, the threat actor aligns with the mission of the Reconnaissance General Bureau, the main foreign intelligence service from North Korea. In particular, malware and tools have been shared between APT43 and the infamous Lazarus threat actor.

Ukrainian cops have arrested two suspects and detained 10 others for their alleged roles in a cybercrime gang that used phishing scams and phony online marketplaces to steal more than $4.3 million from over 1,000 victims across Europe. Police say the victims come from several European countries including the Czech Republic, Poland, France, Spain, Portugal.

A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware loader dubbed DBatLoader. "The malware payload is distributed through WordPress websites that have authorized SSL certificates, which is a common tactic used by threat actors to evade detection engines," Zscaler researchers Meghraj Nandanwar and Satyam Singh said in a report published Monday.

Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble," Security Joes said in a new report published Monday.

Microsoft has confirmed that from the beginning of 2023, it will introduce an EU Data Boundary solution designed to help customers in the European Union and the European Free Trade Association comply with legislation including the General Data Protection Regulation. From January 1st, the Redmond tech monster promises to give customers the ability to store and process their customer data within the EU Data Boundary for Microsoft 365, Azure, Power Platform and Dynamics 365 services.

Are you experiencing slow bug bounty lead times, gaps in security skills, or low-quality reports from researchers? Intigriti's expert triage team and global community of ethical hackers are enabling businesses to protect themselves against every emerging cybersecurity threat. Join the likes of Intel, Yahoo, and Sixt who levelled up their security with Intigriti to enjoy higher quality bug bounty reports, faster lead times, and an intuitive platform.

Hackers tied to the North Korean government have been observed using an updated version of a backdoor known as Dtrack targeting a wide range of industries in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey and the U.S. "Dtrack allows criminals to upload, download, start or delete files on the victim host," Kaspersky researchers Konstantin Zykov and Jornt van der Wiel said in a report. Discovered in September 2019, the malware has been previously deployed in a cyber attack aimed at a nuclear power plant in India, with more recent intrusions using Dtrack as part of Maui ransomware attacks.