Security News
A new report from Cisco Talos Intelligence Group exposes new tools used in Avos ransomware attacks. The threat actor provides a control panel for the affiliates, a negotiation panel with push and sound notifications, decryption tests, and access to a diverse network of penetration testers, initial access brokers and other contacts.
Advanced persistent threat group Fancy Bear is behind a phishing campaign that uses the specter of nuclear war to exploit a known one-click Microsoft flaw. Fancy Bear is also known as APT28, Strontium and Sofacy.
"Despite defenders' best efforts, cybercriminals continue to defraud, extort, and ransom companies for billions of dollars annually," said Sherrod DeGrippo, vice president of threat research and detection at Proofpoint. Proofpoint entered into the report with a number of assumptions in place, detailing what methods threat actors would go to to carry out an attack, as well as the methods employed to help carry out such attacks.
Middle market companies face an increasingly volatile cybersecurity environment, with threats coming from more directions than ever before and more skilled criminals targeting the segment,...
The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. An acronym for "Brazilian Remote Access Tool Android," BRATA was first detected in the wild in Brazil in late 2018, before making its first appearance in Europe last April, while masquerading as antivirus software and other common productivity tools to trick users into downloading them.
The threat actor behind BRATA banking trojan has evolved their tactics and improved the malware with information-stealing capabilities. Italian mobile security company Cleafy has been tracking BRATA activity and noticed in the most recent campaigns changes that lead to longer persistence on the device.
Since 2020, Chinese state-sponsored threat actors have operated large attack campaigns exploiting publicly identified security vulnerabilities. In these campaigns, the attackers receive valid account access by exploiting Virtual Private Network vulnerabilities or other Internet-facing services without using their own distinctive or identifying malware, making it harder for threat intelligence analysts to evaluate the threat.
For the first time in over two years the streets of San Francisco have been filled by attendees at the RSA Conference and it seems that the days of physical cons are back on. The security conference trade has been more cautious than most when it comes to getting conferences back up to speed in the COVID years.
As a key factor, the report links BVP47 to the "Equation Group", which in turn has been tied to the Tailored Access Operations Unit at the United States National Security Agency. It's typical of the top-tier tools used by advanced persistent threat groups - including the state-sponsored groups.
If you have been following the news, you'll have most certainly been bombarded by the term ransomware. Almost every week, another large company publicly discloses being impacted by this type of attack.