Security News

A new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code. The malware contains encrypted source code for a malware downloader that is compiled and executed on the fly.

North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with...

The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark. The threat actors are exploiting authentication bypass and remote code execution flaws disclosed on February 20, 2024, when ConnectWise urged ScreenConnect customers to immediately upgrade their servers to version 23.9.8 or later.

The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddleShark. The threat actors are exploiting authentication bypass and remote code execution flaws disclosed on February 20, 2024, when ConnectWise urged ScreenConnect customers to immediately upgrade their servers to version 23.9.8 or later.

Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks. The GRX is a component of mobile telecommunications that facilitates data roaming services across different geographical areas and networks.

CISA ordered U.S. Federal Civilian Executive Branch agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service that's actively exploited in attacks. Redmond patched the bug during the June 2023 Patch Tuesday, with proof-of-concept exploit code dropping on GitHub three months later, on September 24.

Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. "This latest version of...

Group-IB found these compromised credentials within the logs of information-stealing malware traded on illicit dark web marketplaces. Throughout the reporting period, Group-IB experts uncovered 27 new advertisements for ransomware-as-a-service programs on dark web forums, including well known groups such as Qilin, as well as other collectives that have yet to be seen in the wild.

A new Linux variant of the Bifrost remote access trojan employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware. The analysis of the latest Bitfrost samples by Unit 42 researchers has uncovered several interesting updates that enhance the malware's operational and evasion capabilities.

Threat hunters have discovered a new Linux malware called GTPDOOR that’s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the...