Computer Security
GooseEgg Malware Linked to Russian Fancy Bear APT
APT28, a threat actor linked to Russia, utilized a security vulnerability in the Microsoft Windows Print Spooler component to deploy a new custom malware named GooseEgg. This post-compromise tool, operational since at... Read more
SoumniBot Mobile Malware Targets Android Devices
A newly discovered Android trojan named SoumniBot has been identified in the field targeting users in South Korea by exploiting vulnerabilities in the procedure for extracting and parsing manifests. According to... Read more
Fuxnet ICS Malware Deployed by Ukrainian Security Services Against Russia
Claroty, a cybersecurity company specializing in industrial and enterprise IoT, has analyzed Fuxnet, a type of malware utilized by Ukrainian hackers in an attack on a Russian infrastructure company. This attack,... Read more
XploitSpy Mobile Malware Deployed Against South Asia Victims
A recent Android malware campaign known as eXotic Visit has been predominantly targeting users in South Asia, particularly in India and Pakistan. The malware is being spread through dedicated websites and the Google... Read more
BatCloak Malware Attacks Use Fake Invoices
Security analysts have uncovered a complex series of attacks employing phishing tactics disguised as invoice-related emails to distribute various types of malware, including Venom RAT, Remcos RAT, XWorm, NanoCore RAT,... Read more
RotBot Malware Used on Asian Victims
A suspected threat actor of Vietnamese origin has been observed targeting individuals in various Asian and Southeast Asian nations with malicious software aimed at extracting valuable data since at least May 2023.... Read more
Quotation Request Malicious Emails
After going over the email in question, we confirmed that "Quotation Request" is malicious spam, disguising itself as a potential purchase inquiry. The goal is to trick potential victims into opening the malicious... Read more
MadMxShell Backdoor Spreads Through Malicious Ads
A recent malvertising campaign abusing Google Ads involves a series of websites resembling a legitimate IP scanner tool, aiming to distribute a new backdoor named MadMxShell. Researchers from Zscaler ThreatLabz found... Read more
CVE-2024-3400 Vulnerability Hinges on Command Injection Flaw
Cyber attackers have been taking advantage of a recently revealed vulnerability in Palo Alto Networks PAN-OS software since March 26, 2024, almost three weeks before it was publicly disclosed. This activity,... Read more
Another Ransomware Threat Group Attacks Change Healthcare
Change Healthcare, a vital player in the healthcare industry, finds itself once again in the crosshairs of cybercriminals. Just a month after grappling with a ransomware attack that saw them shelling out a hefty sum... Read more
Russian-Based Hack Breaches Microsoft's Core Software Systems
Amid escalating concerns over cybersecurity breaches, Microsoft disclosed ongoing efforts to expel elite Russian government hackers who infiltrated email accounts belonging to senior company executives in November.... Read more
DinodasRAT Linux Version Used in Asian Countries
Security researchers revealed the emergence of a Linux iteration of DinodasRAT, a versatile backdoor malware, spotted in the wild targeting regions including China, Taiwan, Turkey, and Uzbekistan. DinodasRAT, also... Read more
CR4T Malware Used in DuneQuixote Campaign
Government bodies in the Middle East have become the focus of an undisclosed operation aiming to introduce a fresh clandestine entry point known as CR4T. According to cybersecurity researchers, this activity was... Read more
SteganoAmor Attack Operation Uses Images to Spread Malware
The threat group known as TA558 has been observed employing steganography, a technique of concealing data within images and text files, to distribute various types of malware including Agent Tesla, FormBook, Remcos... Read more
RUBYCARP Botnet Attributed to Romanian Threat Actor
A cyber threat group suspected to be of Romanian origin, known as RUBYCARP, has been observed operating a persistent botnet for engaging in various illicit activities including crypto mining, distributed... Read more
FlexStarling Mobile Malware Targets Specialized Victims in Africa
Human rights activists in Morocco and the Western Sahara region face a new threat from malicious actors who are using phishing tactics to deceive victims into downloading fake Android applications and accessing... Read more
Latrodectus Malware Distributed in Phishing Campaign
Threat investigators have uncovered a newly identified malware named Latrodectus, which has been distributed through email phishing campaigns since at least late November 2023. Described as an emerging downloader with... Read more
CVE-2024-3094 Vulnerability (XZ Backdoor) Discovered in Linux Data Compression Library
Red Hat issued an urgent security advisory on Friday regarding two versions of the widely used data compression tool XZ Utils, previously known as LZMA Utils, which have been compromised with malicious code aimed at... Read more