Security News
Black Hat State-sponsored cyber spies and criminals are increasingly using legitimate cloud services to attack their victims, according to Symantec's threat hunters who have spotted three such operations over recent months, plus new data theft and other malware tools in development by these goons. This piece of malware used Microsoft's Graph API to communicate with the attacker's command and control server, hosted on Microsoft OneDrive.
The latest malware from upstart criminal gang Hunters International appears to be targeting network admins, using attack code disguised as the popular networking tool Angry IP Scanner. The malware seekers at Quorum Cyber identified the password to the archive, and once inside found an application named Microsoft.
The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. [...]
South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. [...]
A previously undocumented Android malware named 'LightSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. [...]
Why a strong patch management strategy is essential for reducing business riskIn this Help Net Security interview, Eran Livne, Senior Director of Product Management, Endpoint Remediation at Qualys and Thomas Scheffler, Security Operations Manager of Cintas Corporation, discuss their experiences with automated patch management. These risks are driven by heightened cybersecurity threats, evolving regulations, and increased public awareness of security breaches.
A Facebook malvertising campaign targets users searching for AI image editing tools and steals their credentials by tricking them into installing fake apps that mimic legitimate software. [...]
A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published today, attributing it with medium to high level of confidence to APT28, which is also referred to as BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422.
"A key element of their strategy was using direct syscalls to bypass security monitoring tools, decrypting layers of shellcode, and deploying the Early Bird APC queue injection to stealthily execute code and evade detection effectively." The exploitation of TryCloudflare for malicious ends was first recorded last year, when Sysdig uncovered a cryptojacking and proxyjacking campaign dubbed LABRAT that weaponized a now-patched critical flaw in GitLab to infiltrate targets and obscure their command-and-control servers using Cloudflare tunnels.