Security News

A Russian national on February 7, 2023, pleaded guilty in the U.S. to money laundering charges and for attempting to conceal the source of funds obtained in connection with Ryuk ransomware attacks. "Between at least August 2018 and August 2021, Dubnikov and his co-conspirators laundered the proceeds of Ryuk ransomware attacks on individuals and organizations throughout the United States and abroad," the Department of Justice said.

Threat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control framework for carrying out post-exploitation activities. The findings come from AhnLab Security Emergency response Center, which found that security vulnerabilities in Sunlogin, a remote desktop program developed in China, are being abused to deploy a wide range of payloads.

A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver attacks to disable security software. According to a report by the AhnLab Security Emergency Response Center, recently observed attacks target two 2022 vulnerabilities in Sunlogin, a remote-control software by a Chinese developer.

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. The vulnerability is a case of remote code injection that requires access to the administrative console of the application, making it imperative that the systems are not exposed to the public internet.

I have done a written interview and a podcast interview about the book. It's been chosen as a "February 2023 Must-Read Book" by the Next Big Idea Club.

The developers of the GoAnywhere MFT file transfer solution are warning customers of zero-day remote code execution vulnerability on exposed administrator consoles. GoAnywhere is a secure web file transfer solution that allows companies to securely transfer encrypted files with their partners while keeping detailed audit logs of who accessed the files.

The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers," Trend Micro researchers Mohamed Fahmy, Sherif Magdy, and Mahmoud Zohdy said.

Security researchers warn that hackers may start using Microsoft Visual Studio Tools for Office more often as method to achieve persistence and execute code on a target machine via malicious Office add-ins. NET-based malware and embedding it into the Office add-in.

A new cyber espionage campaign dubbed 'No Pineapple!' has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction. The campaign is named after the '' error seen transmitted by a remote access malware when uploading stolen data to the threat actor's servers.

Teams of hackers defend their own computers while attacking other teams'. It's a controlled setting for what computer hackers do in real life: finding and fixing vulnerabilities in their own systems and exploiting them in others'.