Computer Security
BASICSTAR Backdoor Used By Iranian Threat Actor
The Iranian-linked threat actor known as Charming Kitten, also referred to as APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has been identified in a recent series of attacks targeting Middle East... Read more
Microsoft Warns State-Backed Threat Actors Are Using AI in Attacks
Nation-state actors linked with Russia, North Korea, Iran, and China are exploring the integration of artificial intelligence (AI) and large language models (LLMs) to enhance their existing cyber attack operations. A... Read more
RustDoor Backdoor Targets macOS Systems
Researchers have discovered a new macOS backdoor coded in Rust, suggesting connections to the ransomware families Black Basta and Alphv/BlackCat. Named RustDoor, the malware pretends to be Visual Studio, supporting... Read more
State and Local Election Systems Targeted by Threats Causing U.S. Cybersecurity Agency to Proactively Enhance Election Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken proactive measures to enhance the security of state and local election systems amidst growing threats. The agency's initiative, launched... Read more
US Thwarts Chinese Hacker Attacks on Essential American Infrastructure
In recent months, the U.S. government initiated an operation to combat an extensive Chinese hacking campaign that compromised numerous internet-connected devices, as revealed by two Western security officials and an... Read more
UK Cybersecurity Agency Warns that AI Will Aid Ransomware Actors, Scammers
The UK's cybersecurity agency, the National Cyber Security Centre (NCSC), has cautioned that the rise of artificial intelligence will complicate the identification of genuine emails versus those from scammers and... Read more
TinyTurla-NG Backdoor Used Against Targets in Poland
The threat actor Turla, associated with Russia, has been observed employing a new backdoor named TinyTurla-NG in a campaign spanning three months targeting Polish non-governmental organizations in December 2023.... Read more
US Puts Up $10 Million Bounty on Hive Ransomware Gang
In early February 2024, the US Department of State declared a $10 million reward for information concerning the leaders of the Hive ransomware cyber gang. This announcement comes approximately a year after law... Read more
VexTrio Malicious Network Spreads Malware
Researchers have discovered that over 70,000 apparently legitimate websites have been taken over and incorporated into a network, known as VexTrio, utilized by criminals for distributing malware, deploying phishing... Read more
China’s Volt Typhoon Hackers Were ‘Pre-Positioning’ Cyberattacks against Critical US Infrastructure for Five Years
The cybersecurity landscape has been rocked by revelations regarding the clandestine activities of Volt Typhoon, a Chinese state-sponsored hacking group. According to a recent advisory from the US Cybersecurity and... Read more
EMPTYSPACE Downloader Targets Italian Victims
UNC4990, a financially motivated threat actor, is utilizing weaponized USB devices as an initial means of infecting organizations in Italy. According to a report from Mandiant, a security company which Google acquired... Read more
Kasseika Ransomware Uses Advanced Infiltration Method
The ransomware group named Kasseika has recently adopted the Bring Your Own Vulnerable Driver (BYOVD) attack technique to disable security-related processes on compromised Windows hosts. This aligns it with other... Read more
GoldPickaxe Mobile Malware Steals from Both Android and iOS Devices
GoldFactory, a threat actor fluent in Chinese, is credited with developing advanced banking trojans, including a previously unreported iOS malware named GoldPickaxe. This malicious software is adept at extracting... Read more
DarkMe Malware Exploits Known Vulnerability
A recently revealed security vulnerability in Microsoft Defender SmartScreen has been exploited as a zero-day attack by an advanced persistent threat actor named Water Hydra, also known as DarkCasino. The targets of... Read more
Coyote Banking Trojan Targets Dozens of Apps
Researchers have identified a new banking Trojan named "Coyote" designed to target credentials for 61 online banking applications. Analysis reveals that Coyote, primarily affecting the banking sector in Brazil, stands... Read more
Cloudflare Discloses Hackers Accessed Code, Documents in 2023 Okta Breach
Cloudflare has disclosed that it experienced a likely nation-state attack, where the threat actor utilized stolen credentials to gain unauthorized entry into its Atlassian server, obtaining access to some... Read more
AllaKore RAT Targets Mexican Financial Institutions
A recent spear-phishing campaign has put Mexican financial institutions in its crosshairs, delivering a modified version of the AllaKore RAT, an open-source remote access trojan. The BlackBerry Research and... Read more
Major Water Supply Companies Hit by Ransomware Attacks
Two prominent water companies, namely Veolia North America in the United States and Southern Water in the United Kingdom, have fallen victim to ransomware attacks, leading to breaches in their data security. Veolia... Read more
