Security News

Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat. A new report from U.S.-based cybersecurity company Proofpoint exposes a new attack campaign operated by a financially-oriented threat actor dubbed TA4557 with high financial data theft risks and possibly more risks such as intellectual property theft.

North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability and novel malware written in DLang. "This campaign consists of continued opportunistic targeting of enterprises globally that publicly host and expose their vulnerable infrastructure to n-day vulnerability exploitation such as CVE-2021-44228. We have observed Lazarus target manufacturing, agricultural and physical security companies," Cisco Talos researchers shared.

A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a...

The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. The new malware are two remote access trojans named NineRAT and DLRAT and a malware downloader named BottomLoader.

Research into Lazarus Group's attacks using Log4Shell has revealed novel malware strains written in an atypical programming language. At least three new DLang-based malware strains have been used in attacks on worldwide organizations spanning the manufacturing, agriculture, and physical security industries, Cisco Talos revealed today.

Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware.The April network breach led to an outage affecting the company's operations after Americold forced it to shut down its IT network to contain the breach and "Rebuild the impacted systems."

Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed...

Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to...

Security researchers discovered a remote access trojan they named Krasue that is targeting Linux systems of telecommunications companies and managed to remain undetected since 2021. According to researchers at cybersecurity company Group-IB, the main function of the malware is to maintain access to the host, which may suggest that it is deployed through a botnet or sold by initial access brokers to threat actors seeking access to a particular target.

We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader malware. More ransomware actors switched to extortion rather than encryption, while commodity loaders evolved to be stealthier and highly effective, although new major security improvements have seen the day in 2023, such as Microsoft Office disabling macros by default.