Tag: group
-
Mysterious Elephant Using Hajj-Themed Bait in Attacks
Group Deploys Upgraded Malware Disguised as Microsoft File on Pilgrimage Goers. A South Asian threat actor identified as Mysterious Elephant or APT-K-47 by Knownsec 404 researchers is using a Hajj-themed lure to trick victims into malicious payload disguised as a Windows file. The hacker is using upgraded Asyncshell malware disguised as a Microsoft Compiled HTML…
-
Zyxel firewalls targeted in recent ransomware attacks
by
in SecurityNewsZyxel warns that a ransomware group has been observed exploiting a recently patched command injection issue in its firewalls. Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise. Remote, unauthenticated attackers could exploit the flaw to execute OS commands…
-
Russian Hackers Exploit WiFi in Sophisticated New Attack
by
in SecurityNews‘Nearest Neighbor Attack’ Bypasses Cyber Defenses by Breaching WiFi Networks. A Russian cyberespionage group hacked a Washington, D.C.-based organization focused on Ukraine by deploying a new attack technique that exploits Wi-Fi connectivity, according to new research. The nearest neighbor attack: methodology could lead to a significant broadening of targeting and attacks. First seen on govinfosecurity.com…
-
Medical Specialty Groups: Why Cybercriminals are After Them
by
in SecurityNewsHacks on 2 Specialty Practices Are Latest on Increasingly Targeted Types of Groups. An Illinois gastroenterology practice and a California pulmonary practice are among the latest medical specialty groups targeted by cybercriminals who claim to have their patients’ sensitive health information. Attacks on such specialty healthcare practices appear to be rising, some experts said. First…
-
Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks
by
in SecurityNewsA ransomware group has been observed exploiting a recently patched command injection vulnerability in Zyxel firewalls for initial access. The post Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/recent-zyxel-firewall-vulnerability-exploited-in-ransomware-attacks/
-
17 hottest IT security certs for higher pay today
by
in SecurityNews
Tags: access, ai, attack, automation, blockchain, business, ceo, cisa, ciso, cloud, communications, conference, container, control, credentials, cryptography, cyber, cybersecurity, data, defense, detection, encryption, exploit, finance, fortinet, google, governance, group, guide, hacker, incident response, infosec, infrastructure, intelligence, Internet, jobs, monitoring, network, penetration-testing, privacy, reverse-engineering, risk, risk-management, skills, software, technology, threat, tool, training, windowsWith the New Year on the horizon, many IT professionals may be looking to improve their careers in 2025 but need direction on the best way. The latest data from Foote Partners may provide helpful signposts.Analyzing more than 638 certifications as part of its 3Q 2024 “IT Skills Demand and Pay Trends Report,” Foote Partners…
-
FBI pierces ‘anonymity’ of cryptocurrency, secret domain registrars in Scattered Spider probe
by
in SecurityNewsThe US Justice Department on Wednesday announced the arrest of five suspected members of the notorious Scattered Spider phishing crew, but the most interesting part of the case was a US Federal Bureau of Investigation (FBI) document detailing how easily the feds were able to track the phishers’ movements and activities. In recent years, services that push…
-
CSO30 ASEAN 2024: The top 30 cybersecurity leaders in Southeast Asia and Hong Kong
by
in SecurityNews
Tags: business, country, cyber, cybersecurity, finance, group, ibm, intelligence, resilience, risk, technologyThe fourth CSO30 ASEAN Awards programme recognises the top 30 cybersecurity leaders driving business value, demonstrating leadership, and influencing rapid change across Southeast Asia and Hong Kong.In addition to individual recognition, the programme includes: Business Value and Leadership awards.The CSO30 ASEAN Awards programme is aligned to Foundry’s global awards and celebrates the leading individuals and…
-
CrowdStrike’s Adam Meyers On ‘Up-Leveled’ Hacking By China, Threats To MSPs
by
in SecurityNewsThe uncovering of a second China-linked threat group focused on compromising telecommunications firms is a clear warning to all service providers that have access to client IT environments, CrowdStrike’s threat intelligence head tells CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2024/crowdstrike-s-adam-meyers-on-up-leveled-hacking-by-china-threats-to-msps
-
Faraway Russian hackers breached US organization via Wi-Fi
by
in SecurityNewsForest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/25/enterprise-wi-fi-compromised/
-
Salt Typhoon hackers backdoor telcos with new GhostSpider malware
The Chinese state-sponsored hacking group Salt Typhoon has been observed utilizing a new “GhostSpider” backdoor in attacks against telecommunication service providers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/
-
Microlise Confirms Data Breach as Ransomware Group Steps Forward
by
in SecurityNewsThe SafePay ransomware group claims to have stolen over 1 terabyte of data from vehicle tracking solutions provider Microlise. The post Microlise Confirms Data Breach as Ransomware Group Steps Forward appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microlise-confirms-data-breach-as-ransomware-group-steps-forward/
-
Russian Cyberspies Hacked Building Across Street From Target for Wi-Fi Attack
by
in SecurityNewsRussian cyberspy group APT28 conducted a Nearest Neighbor Attack, where it hacked into the building across the street from the victim for a Wi-Fi attack. The post Russian Cyberspies Hacked Building Across Street From Target for Wi-Fi Attack appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-cyberspies-hacked-building-across-street-from-target-for-wi-fi-attack/
-
Russia-linked APT TAG-110 uses targets Europe and Asia
by
in SecurityNewsRussia-linked threat actors TAG-110 employed custom malware HATVIBE and CHERRYSPY to target organizations in Asia and Europe. Insikt Group researchers uncovered an ongoing cyber-espionage campaign by Russia-linked threat actor TAG-110 that employed custom malware tools HATVIBE and CHERRYSPY. The campaign primarily targeted government entities, human rights groups, and educational institutions in Central Asia, East Asia,…
-
WolfsBane: Gelsemium APT Group’s Linux Backdoor Debut
ESET researchers have unveiled WolfsBane, the Linux counterpart to the Windows-based Gelsevirine backdoor, marking a significant milestone in the evolution of the Gelsemium Advanced Persistent Threat (APT) group. Known for... First seen on securityonline.info Jump to article: securityonline.info/wolfsbane-gelsemiums-linux-backdoor-debut/
-
Asyncshell: The Evolution of APT47’s Cyber Arsenal
by
in SecurityNewsThe Knownsec 404 Advanced Threat Intelligence team has uncovered a sophisticated and evolving threat from the APT-K-47 group, also known as Mysterious Elephant. This South Asia-based Advanced Persistent Threat (APT)... First seen on securityonline.info Jump to article: securityonline.info/asyncshell-the-evolution-of-apt-k-47s-cyber-arsenal/
-
Russia-Linked TAG-110 Launches Cyberespionage Campaign Across Asia and Europe
by
in SecurityNewsInsikt Group, the threat research division of Recorded Future, has uncovered a cyberespionage campaign attributed to TAG-110, a Russia-aligned threat activity group. This campaign, active since at least July 2024,... First seen on securityonline.info Jump to article: securityonline.info/russia-linked-tag-110-launches-cyberespionage-campaign-across-asia-and-europe/
-
How ‘Scattered Spider’ hacked some of the world’s biggest tech giants, and got caught
by
in SecurityNewsThe prolific hacking group broke into Caesars Entertainment, Coinbase, DoorDash, Mailchimp, Riot Games, Twilio (twice), and dozens more. First seen on techcrunch.com Jump to article: techcrunch.com/2024/11/23/the-rise-and-fall-of-the-scattered-spider-hackers/
-
The rise and fall of the ‘Scattered Spider’ hackers
by
in SecurityNewsThe prolific hacking group broke into Caesars Entertainment, Coinbase, DoorDash, Mailchimp, Riot Games, Twilio (twice), and dozens more. First seen on techcrunch.com Jump to article: techcrunch.com/2024/11/23/the-rise-and-fall-of-the-scattered-spider-hackers/
-
Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as >>GruesomeLarch>Nearest Neighbor Attack.
-
Ignoble Scorpius Strikes Again: The Rise of BlackSuit Ransomware
by
in SecurityNewsThe cybercrime group known as Ignoble Scorpius has resurfaced with the BlackSuit ransomware, as detailed in a recent report from Unit 42 researchers. Emerging in May 2023 as a rebrand... First seen on securityonline.info Jump to article: securityonline.info/ignoble-scorpius-strikes-again-the-rise-of-blacksuit-ransomware/
-
China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign
A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection.”The attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a First seen on…
-
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
by
in SecurityNews
Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windowsDon’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
-
Russian TAG-110 Hacked 60+ Users With HTML Loaded Python Backdoor
by
in SecurityNewsThe Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central Asia, East Asia, and Europe by deploying custom malware, HATVIBE and CHERRYSPY, to compromise government entities, human rights groups, and educational institutions. Initial access is typically gained through phishing or exploiting vulnerable web services, as the campaign’s goal is to…
-
Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations
by
in SecurityNewsEarth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India, Taiwan, and Japan, leveraging spear-phishing and exploiting vulnerabilities in public-facing applications like SSL-VPN and file storage services. The group has deployed various backdoors, including Cobalt Strike, LODEINFO, and the newly discovered NOOPDOOR, to maintain persistent access to compromised networks, which…