Security News
A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the Windows operating system and rshell artifacts for Linux and macOS. As many as 13 different entities located in Taiwan and the Philippines have been at the receiving end of the attacks, eight of whom have been hit with rshell.
Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor that can be used to steal data from Linux and macOS systems. SEKOIA's Threat & Detection Research Team says that the app's macOS 2.3.0 version has been backdoored for almost four months, since May 26, 2022.
Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures, including a new remote access trojan called ROMCOM RAT on compromised systems. In the intervening months, the ransomware operation has received an upgrade with an aim to "Optimize its execution, minimize unintended system behavior, and provide technical support to the ransomware victims if they choose to negotiate," per Trend Micro.
Critical steps for a successful cyber security awareness campaign Staff working remotely are at greater risk of compromising organizational security. Home connections are less secure. Employees...
A new hacker forum is taking a unique political stance to support Ukraine in its war with Russia, entertaining only topics and threat activity focused against Russia and Belarus, researchers have found. A closer look at the forum revealed its unique ideology to take a firm political stance to support Ukraine as it defends itself against Russia's invasion, "The only forum we're aware of that is taking such a stance," researchers wrote.
Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio. The attack, which transpired around the same time Twilio was targeted, came from four phone numbers associated with T-Mobile-issued SIM cards amd was ultimately unsuccessful.
The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company. The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the ransomware strain by North Korean government-backed hackers to target the healthcare sector since at least May 2021.
Critical steps for a successful cyber security awareness campaign. Staff working remotely are at greater risk of compromising organizational security. Home connections are less secure. Employees...
A member of the Cuba ransomware operation is employing previously unseen tactics, techniques, and procedures, including a novel RAT and a new local privilege escalation tool. The threat actor was named 'Tropical Scorpius' by researchers at Palo Alto Networks Unit 42 and is likely an affiliate of the Cuba ransomware operation.
For the most part, hackers don't even have to hide in the dark recesses of the web to take advantage of people any longer; they can be found right in plain sight on social media sites or forums, professionally advertised with their websites, and may even approach you anonymously through such channels as Twitter. A series of new DDoS for Hire are commoditizing the art of hacking and reducing the barrier to launching DDoS attacks.