Security News

An open source command-and-control framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilized Havoc.

Enterprises looking to modernize their APIs are increasingly switching from the REST architecture to the open-source data query and manipulation language GraphQL. While the transition makes sense - GraphQL is more flexible, scalable, and easier for developers to use - attackers are also seeing new opportunities for mischief. Those finding themselves within the developer led GraphQL movement must understand the current threats facing them and recognize that GraphQL increases their own security responsibilities.

Find out how to avoid these circumstances and detect unknown malicious behavior efficiently. Malware developers use polymorphism, which enables them to modify the malicious code to generate unique variants of the same malware.

Telecommunication service providers in the Middle East are being targeted by a previously undocumented threat actor as part of a suspected espionage-related campaign. NET-based backdoors such as CMD365 or CMDEmber that leverage Microsoft 365 Mail and Google Firebase for C2. "The main functionality of CMD365 and CMDEmber is to execute attacker-provided system commands using the Windows command interpreter," the researchers said.

High-risk users represent approximately 10% of the worker population and are found in every department and function of the organization, according to Elevate Security research. High-risk users represent a sizable threat to the organization.

Digital communication would not be possible without file sharing. Whether we are opening an exported Excel file with a Salesforce report or downloading a new note taking software, we are using files to share information and perform critical tasks.

A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas. The starting point that kicks off the multi-stage attack chain is a phishing email bearing a malicious ZIP file that's used as a pathway to deliver either the clipper or the ransomware.

Adam Shostack, the author of "Threat Modeling: Designing for Security", and the co-author of "The New School of Information Security", recently launched his new book - "Threats: What Every Engineer Should Learn From Star Wars". In this Help Net Security video interview, Shostack talks about the new book.

Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers "Use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar Zahravi and Peter Girnus said in a report this week.

A previously unknown threat actor dubbed NewsPenguin has been linked to a phishing campaign targeting Pakistani entities by leveraging the upcoming international maritime expo as a lure. "The attacker sent out targeted phishing emails with a weaponized document attached that purports to be an exhibitor manual for PIMEC-23," the BlackBerry Research and Intelligence Team said.