DATE |
NAME |
Info |
CATEG. |
WEB |
|
25.2.24 |
Data From Chinese Security Services Company i-Soon Linked to Previous
Chinese APT Campaigns |
On Feb. 16, 2024, someone uploaded data to GitHub that included possible
internal company communications, sales-related materials and product
manuals belonging to the Chinese IT security services company i-Soon,
also known as Anxun Information Technology. |
APT blog |
Palo Alto |
|
25.2.24 |
Intruders in the Library: Exploring DLL Hijacking |
Dynamic-link library (DLL) hijacking is one of the oldest techniques
that both threat actors and offensive security professionals continue to
use today. |
Hacking blog |
Palo Alto |
|
25.2.24 |
2024 Unit 42 Incident Response Report: Navigating the Shift in
Cybersecurity Threat Tactics |
Our annual survey of incident data from more than 250 organizations and
more than 600 incidents provides a Unit 42 perspective on the current
state of security exposures. |
Incident blog |
Palo Alto |
|
25.2.24 |
Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708
and CVE-2024-1709) |
Feb. 13, 2024, ConnectWise was notified of two vulnerabilities impacting
their remote desktop software application ScreenConnect. |
Vulnerebility blog |
Palo Alto |
|
25.2.24 |
2024’S CYBER BATTLEGROUND UNVEILED: ESCALATING RANSOMWARE EPIDEMIC, THE
EVOLUTION OF CYBER WARFARE TACTICS AND STRATEGIC USE OF AI IN DEFENSE –
INSIGHTS FROM CHECK POINT’S LATEST SECURITY REPORT |
Rising Threats: Cybersecurity landscape faces an unprecedented surge in
ransomware attacks, with 1 in every 10 organizations globally being
targeted in 2023. |
Cyber blog |
Checkpoint |
|
25.2.24 |
TinyTurla-NG in-depth tooling and command and control analysis |
Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious
components used by the Turla APT. |
APT blog |
Cisco Blog |
|
25.2.24 |
How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity |
While distilling risk down to a simple numerical score is helpful for
many in the security space, it is also an imperfect system that can
often leave out important context. |
Vulnerebility blog |
Cisco Blog |
|
25.2.24 |
Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused
malware campaigns |
Since September 2023, we have observed a significant increase in the
volume of malicious emails leveraging the Google Cloud Run service to
infect potential victims with banking trojans. |
Malware blog |
Cisco Blog |
|
25.2.24 |
PSYOP campaigns targeting Ukraine – Week in security with Tony Anscomber |
Coming in two waves, the campaign sought to demoralize Ukrainians and
Ukrainian speakers abroad with disinformation messages about war-related
subjects |
BigBrother blog |
Eset |
|
25.2.24 |
Everything you need to know about IP grabbers |
You would never give your personal ID to random strangers, right? So why
provide the ID of your computer? Unsuspecting users beware, IP grabbers
do not ask for your permission. |
Security blog |
Eset |
|
25.2.24 |
Operation Texonto: Information operation targeting Ukrainian speakers in
the context of the war |
A mix of PSYOPs, espionage and … fake Canadian pharmacies! |
Cyber blog |
Eset |
|
25.2.24 |
Watching out for the fakes: How to spot online disinformation |
Why and how are we subjected to so much disinformation nowadays, and is
there a way to spot the fakes? |
Security blog |
Eset |
|
18.2.24 |
Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious
Taurus (Volt Typhoon) |
Insidious Taurus (aka Volt Typhoon) is identified by U.S. government
agencies and international government partners as People’s Republic of
China (PRC) state-sponsored cyber actors. |
APT blog |
Palo Alto |
|
18.2.24 |
New Vulnerability in QNAP QTS Firmware: CVE-2023-50358 |
This article provides technical analysis on a zero-day vulnerability
affecting QNAP Network Attached Storage (NAS) devices. |
Vulnerebility blog |
Palo Alto |
|
18.2.24 |
THE RISKS OF THE #MONIKERLINK BUG IN MICROSOFT OUTLOOK AND THE BIG
PICTURE |
Recently, Check Point Research released a white paper titled “The
Obvious, the Normal, and the Advanced: |
Attack blog |
Checkpoint |
|
18.2.24 |
TinyTurla Next Generation - Turla APT spies on Polish NGOs |
This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to
Turla’s previously disclosed implant, TinyTurla, in coding style and
functionality implementation. |
APT blog |
Cisco Blog |
|
18.2.24 |
How are attackers using QR codes in phishing emails and lure documents? |
QR code attacks are particularly dangerous because they move the attack
vector off a protected computer and onto the target’s personal mobile
device, which usually has fewer security protections in place and
ultimately has the sensitive information that attackers are after. |
Attack blog |
Cisco Blog |
|
18.2.24 |
Cyber-insurance and vulnerability scanning – Week in security with Tony
Anscombe |
Here's how the results of vulnerability scans factor into decisions on
cyber-insurance and how human intelligence comes into play in the
assessment of such digital signals |
Vulnerebility blog |
Eset |
|
18.2.24 |
All eyes on AI | Unlocked 403: A cybersecurity podcast |
Artificial intelligence is on everybody’s lips these days, but there are
also many misconceptions about what AI actually is and isn’t. We unpack
the basics and examine AI's broader implications. |
AI blog |
Eset |
|
18.2.24 |
The art of digital sleuthing: How digital forensics unlocks the truth |
Learn how the cyber variety of CSI works, from sizing up the crime scene
and hunting for clues to piecing together the story that the data has to
tell |
Security blog |
Eset |
|
18.2.24 |
Deepfakes in the global election year of 2024: A weapon of mass
deception? |
As fabricated images, videos and audio clips of real people go
mainstream, the prospect of a firehose of AI-powered disinformation is a
cause for mounting concern |
BigBrother blog |
Eset |
|
10.2.24 |
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis |
The ransomware landscape experienced significant transformations and
challenges in 2023. |
Ransom blog |
Palo Alto |
|
10.2.24 |
RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYS |
Two new 1-day LPE exploits were used by the Raspberry Robin worm before
they were publicly disclosed, which means that Raspberry Robin has
access to an exploit seller or its authors develop the exploits
themselves in a short period of time. |
Malware blog |
Checkpoint |
|
10.2.24 |
New Zardoor backdoor used in long-term cyber espionage operation
targeting an Islamic organization |
Talos discovered a new, stealthy espionage campaign that has likely
persisted since at least March 2021. |
Malware blog |
Cisco Blog |
|
10.2.24 |
How are user credentials stolen and used by threat actors? |
You’ve probably heard the phrase, “Attackers don’t hack anyone these
days. They log on. |
Cyber blog |
Cisco Blog |
|
10.2.24 |
OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate
privileges |
Open Automation Software recently released patches for multiple
vulnerabilities in their OAS Engine. |
Vulnerebility blog |
Cisco Blog |
|
10.2.24 |
Ransomware payments hit a record high in 2023 – Week in security with
Tony Anscombe |
Called a "watershed year for ransomware", 2023 marked a reversal from
the decline in ransomware payments observed in the previous year |
Ransom blog |
Eset |
|
10.2.24 |
The buck stops here: Why the stakes are high for CISOs |
Heavy workloads and the specter of personal liability for incidents take
a toll on security leaders, so much so that many of them look for the
exits. |
Security blog |
Eset |
|
10.2.24 |
Left to their own devices: Security for employees using personal devices
for work |
As personal devices within corporate networks make for a potentially
combustible mix, a cavalier approach to BYOD security won’t cut it |
Security blog |
Eset |
|
10.2.24 |
Could your Valentine be a scammer? How to avoid getting caught in a bad
romance |
With Valentine’s Day almost upon us, here’s some timely advice on how to
prevent scammers from stealing more than your heart |
Security blog |
Eset |
|
4.2.24 |
Exploring the Latest Mispadu Stealer Variant |
Unit 42 researchers recently discovered activity attributed to Mispadu
Stealer, a stealthy infostealer first reported in 2019. |
Malware blog |
Palo Alto |
|
4.2.24 |
ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign |
Unit 42 researchers discovered a large-scale campaign we call ApateWeb
that uses a network of over 130,000 domains to deliver scareware,
potentially unwanted programs (PUPs) and other scam pages. Among these
PUPs, we have identified several adware programs including a rogue
browser and different browser extensions. |
Spam blog |
Palo Alto |
|
4.2.24 |
Threat Assessment: BianLian |
Unit 42 researchers have been tracking the BianLian ransomware group,
which has been in the top 10 of the most active groups based on leak
site data we’ve gathered. |
BigBrother blog |
Palo Alto |
|
4.2.24 |
Financial Fraud APK Campaign |
During our research discovering threats in legitimate network traffic,
activity generated by a certain type of Android Package Kit (APK) files
kept hitting our radar. |
OS Blog |
Palo Alto |
|
4.2.24 |
Significant increase in ransomware activity found in Talos IR
engagements, while education remains one of the most-targeted sectors |
Talos IR observed operations involving Play, Cactus, BlackSuit and
NoEscape ransomware for the first time this quarter. |
Ransom blog |
Cisco Blog |
|
4.2.24 |
OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate
privileges |
Open Automation Software recently released patches for multiple
vulnerabilities in their OAS Engine. |
Vulnerebility blog |
Cisco Blog |
|
4.2.24 |
Exploring malicious Windows drivers (Part 1): Introduction to the kernel
and drivers |
Malicious drivers are difficult to detect and successfully leveraging
one can give an attacker full access to a system. |
Malware blog |
Cisco Blog |
|
4.2.24 |
Grandoreiro banking malware disrupted – Week in security with Tony
Anscombe |
The banking trojan, which targeted mostly Brazil, Mexico and Spain,
blocked the victim’s screen, logged keystrokes, simulated mouse and
keyboard activity and displayed fake pop-up windows |
Malware blog |
Eset |
|
4.2.24 |
VajraSpy: A Patchwork of espionage apps |
ESET researchers discovered several Android apps carrying VajraSpy, a
RAT used by the Patchwork APT group |
APT blog |
Eset |
|
4.2.24 |
ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora |
An AI chatbot inadvertently kindles a cybercrime boom, ransomware
bandits plunder organizations without deploying ransomware, and a new
botnet enslaves Android TV boxes |
Cyber blog |
Eset |
|
4.2.24 |
ESET takes part in global operation to disrupt the Grandoreiro banking
trojan |
ESET provided technical analysis, statistical information, known C&C
servers and was able to get a glimpse of the victimology |
Malware blog |
Eset |
|
4.2.24 |
Cyber: The Swiss army knife of tradecraft |
In today’s digitally interconnected world, advanced cyber capabilities
have become an exceptionally potent and versatile tool of tradecraft for
nation-states and criminals alike |
Cyber blog |
Eset |
|
4.2.24 |
Blackwood hijacks software updates to deploy NSPX30 – Week in security
with Tony Anscombe |
The previously unknown threat actor used the implant to target Chinese
and Japanese companies, as well as individuals in China, Japan, and the
UK |
APT blog |
Eset |
|
4.2.24 |
Assessing and mitigating supply chain cybersecurity risks |
Blindly trusting your partners and suppliers on their security posture
is not sustainable – it’s time to take control through effective
supplier risk management |
Cyber blog |
Eset |
|
4.2.24 |
NSPX30: A sophisticated AitM-enabled implant evolving since 2005 |
ESET researchers have discovered NSPX30, a sophisticated implant used by
a new China-aligned APT group we have named Blackwood |
APT blog |
Eset |
|
4.2.24 |
Break the fake: The race is on to stop AI voice cloning scams |
As AI-powered voice cloning turbocharges imposter scams, we sit down
with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls –
and what the future holds for deepfake detection |
AI blog |
Eset |
| | | | |