“Egypt Leaks” – Hacktivists are Leaking Financial Data
Researchers at cybersecurity firm Resecurity spotted a new group of hacktivists targeting financial institutions in Egypt, Resecurity, a California-based cybersecurity...
News
Uncommon infection and malware propagation methods
Introduction We are often asked how targets are infected with malware. Our answer is nearly always the same: (spear) phishing....
Avast releases a free decryptor for some Hades ransomware variants
Avast released a free decryptor for variants of the Hades ransomware tracked as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ ....
How Water Labbu Exploits Electron-Based Applications
In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using...
US-CERT Bulletin (SB22-276):Vulnerability Summary for the Week of September 26, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
New Maggie malware already infected over 250 Microsoft SQL servers
Hundreds of Microsoft SQL servers all over the world have been infected with a new piece of malware tracked as Maggie....
Telstra Telecom discloses data breach impacting former and current employees
Bad news for the Australian telecommunications industry, the largest company in the country Telstra suffered a data breach. Australia’s largest...
OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel
OnionPoison: researchers reported that an infected Tor Browser installer has been distributed through a popular YouTube channel. Kaspersky researchers discovered...
OnionPoison: infected Tor Browser installer distributed through popular YouTube channel
While performing regular threat hunting activities, we identified multiple downloads of previously unclustered malicious Tor Browser installers. According to our...
Cyber Security Framework: Back to Basics
Dr. Ivan Pavlov once said: “If you want new ideas, read old books.” The same applies with cybersecurity best practices....
Tracking Earth Aughisky’s Malware and Changes
For over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and...
CISA Gov: ’23-25 Plan Focuses on Unified Cybersecurity
William Malik, VP of Infrastructure Strategies, shares his opinions on the goals and objectives outlined in the CISA Strategic Plan...
Water Labbu Abuses Malicious DApps to Steal Cryptocurrency
The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious...
A flaw in the Packagist PHP repository could have allowed supply chain attacks
Experts disclosed a flaw in the PHP software package repository Packagist that could have been exploited to carry out supply...
Lazarus APT employed an exploit in a Dell firmware driver in recent attacks
North Korea-linked Lazarus APT has been spotted deploying a Windows rootkit by taking advantage of an exploit in a Dell...
Linux Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group
Researchers link recently discovered Linux ransomware Cheerscrypt to the China-linked cyberespionage group DEV-0401. Researchers at cybersecurity firm Sygnia attributed the...
Microsoft mitigations for recently disclosed Exchange zero-days can be easily bypassed
The mitigation shared by Microsoft for the two recently disclosed Exchange zero-day vulnerabilities can be bypassed, expert warns. Last week,...
DeftTorero: tactics, techniques and procedures of intrusions revealed
Earlier this year, we started hunting for possible new DeftTorero (aka Lebanese Cedar, Volatile Cedar) artifacts. This threat actor is...
Trojanized Comm100 Live Chat app installer distributed a JavaScript backdoor
A threat actor used a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm...
RansomEXX gang claims to have hacked Ferrari and leaked online internal documents
The Italian luxury sports car manufacturer Ferrari confirmed the availability of internal documents online, but said it has no evidence...
Finnish intelligence warns of Russia’s cyberespionage activities
The Finnish Security Intelligence Service (SUPO) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish...
Reflected XSS bugs in Canon Medical ’s Vitrea View could expose patient info
Trustwave researchers discovered two XSS flaws in Canon Medical ’s Vitrea View tool that could expose patient information. During a...
BlackCat ransomware gang claims to have hacked US defense contractor NJVC
Another US defense contractor suffered a data breach, the BlackCat ransomware gang claims to have hacked NJVC. The ALPHV/BlackCat ransomware...
Security Affairs newsletter Round 386
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
