Raptor Train - IoT Botnet
October 29, 2024
Topics
- iot
- botnet
- raptor train
- flax typhoon
- threat
- hackers
October 29, 2024
Topics
June 6, 2024
zero-day , vulnerability , TikTok
June 6, 2024
Recently this year, cybersecurity researchers at Wiz Research have found a significant security flaw in AI service provider, Replicate, that could allow hackers to gain its users' sensitive private information and AI models. This breakthrough was found through a coding error in an open-source tool, named Cog that Replicate utilizes.
AI , AI Models
June 6, 2024
Python , Silver C2 Framework , Colbalt Strike
April 19, 2024
March 15, 2024
Volt Typhoon , hackers , cybersecurity , Fortinet
February 14, 2024
Since late 2022, artificial intelligence (AI) has been making headlines almost every week. The first big story on AI was when OpenAI launched their product ChatGPT. Since then, many other companies have followed suit and come up with their own AI chatbots that seem to gain more and more functionality as time goes on. Tech giants like Google and Microsoft have also joined the race to create the best AI with Google launching Gemini (Bard) in early 2023 and Microsoft launching Copilot in late 2023. As AI continues to evolve, the risk it poses to organizations around the world will also increase.
AI , Artificial Intelligence , MFA , Phishing
October 24, 2023
Ever since the invention of internet browsers for personal computers came about in the 1990s, cybercrime has been on the rise. Almost 30 years after the invention of the World Wide Web, cybercriminals have a variety of different methodologies and toolkits they use daily to leverage vulnerabilities and commit crimes. One of the most popular types of attacks that is used by threat actors is a ransomware attack. Most recently, several Las Vegas Casinos fell victim to a series of ransomware attacks.
Social Engineering , Ransomware
October 12, 2023
Hackers, whether they are working by themselves or part of a larger APT (advanced persistence threat) group, are constantly thinking about new ways to launch attacks against individuals and organizations around the world. Most of these hackers and APT groups share common motives ranging from things like revenge and hacktivism to financial gain. Things get a little more complicated when hackers are working on behalf of a state-sponsored operation, especially when that state is North Korea. Recently, there have been reports of hackers connected to the North Korean state posing as job recruiters to deploy complex malware onto the devices of individuals around the world.
advanced persistent threat , Social Engineering
September 7, 2023
In the past couple of months, researchers observed an uptick in malware being delivered to end users through a malspam campaign. Malspam is a term given to spam emails that contain malicious links, contents, or files. One such malware that is currently being spread through malspam is DarkGate. Recently, researchers have begun to investigate new cases of this malware which began spreading in June 2023.
Malware , phishing campaign
September 7, 2023
Many threat actors tend to gravitate towards using some type of remote access trojan (RAT) in their campaigns. RATs are a type of malware that is designed to allow the attacker to have control over an infected device. RATs are a popular choice for hackers to use due to their many capabilities from reconnaissance and data exfiltration to long-term persistence. Throughout the last couple of months, a new Android banking trojan has been making headlines. This trojan, known as MMRat, has been seen targeting mobile users in Asia and has been linked to bank fraud.
Malware
August 7, 2023
Malware
August 7, 2023
Cybersecurity
August 7, 2023
phishing campaign
July 5, 2023
Anonymous Sudan, a hacker group that originated as a Russian-speaking Telegram channel in early January of 2023 has been known to target American technology corporations by launching distributed denial of service attacks.
DDoS
July 5, 2023
Code Mirage: How Cyber Criminals Harness AI-Hallucinated Code for Malicious Machinations
Cybersecurity
June 5, 2023
Unveiling the Tactics of a Notorious Cybercrime Group
Ransomware
June 5, 2023
Unraveling the Chinese Hacking Group "Volt Typhoon": A Global Cybersecurity Threat
nationstate , Cybersecurity
April 10, 2023
With the disablement of VBA macros, threat actors have turned to using OneNote attachments as a new way to install malware on an endpoint. OneNote attachments can contain embedded file formats, such as HTML, ISO, and JScripts, which can be exploited by malicious actors. OneNote attachments are particularly appealing to attackers because they are interactive and designed to be added on to and interacted with, rather than just viewed. This makes it easier for malicious actors to include enticing messages and clickable buttons that can lead to infection
Social Engineering
March 8, 2023
Dridex is a banking Trojan that is primarily used to steal sensitive information, such as login credentials and financial information. Dridex is known for its ability to evade detection by using dynamic configuration files.
Malware
January 5, 2023
GuLoader is an advanced malware downloader that is used by cybercriminals to distribute secondary malware payloads to further their infection chain
Malware
December 7, 2022
Raccoon Stealer was first observed in 2019 and caught everyone’s attention when it became a popular choice for cybercriminals. With its new version released lately, it continues to gain popularity as a preferred tool for threat actors and poses a great threat to organizations that are not properly equipped to defend against information stealing malware such as Raccoon infostealer.
Malware
November 7, 2022
Vice Society is a ransomware group that initially appeared in June 2021. Although the group has been active since then, Vice Society was able to maintain its low profile until now by targeting small-sized schools. What makes Vice Society unique is that it targets organizations that have weaker security controls due to a lack of resources and exploit them for a ransom.
advanced persistent threat
November 4, 2022
Social Engineering
October 5, 2022
A fairly new hacker group known as “Metador” has recently started gaining traction in the news. This group is interesting because their motives are not fueled by any monetary value, however, it seems that the group’s main goal is long-term persistence and espionage. It is hypothesized that this group has been around for about 2-3 years targeting mostly organizations in the Middle East and Africa.
Ransomware
October 5, 2022
Nullmixer is a new malware dropper that gives us another reason to avoid questionable downloads. Your computer can become infected with malware after downloading and running the dropper, which is disguised as illegal, cracked software or some other app that might prompt you to ignore warnings from your antivirus software.
Malware
August 2, 2022
A denial-of-service attack (DoS attack) is a cyber-attack in which an attacker seeks to make a machine or network resource unavailable by disrupting access to that specific machine or network. Denial of service is typically accomplished by flooding the targeted machine or resource with excess requests to prevent legitimate requests from being fulfilled.
DDoS , Denial of Service , Cybersecurity
August 2, 2022
Malware , Cybersecurity , malware analysis
July 4, 2022
Cybersecurity
July 4, 2022
Cybersecurity , Threat Hunting
June 2, 2022
advanced persistent threat , Ransomware , Malware
June 2, 2022
Web Applications are an attackers first choice when trying to compromise an organization. By being one of the few attack vectors that face the public, if not secured correctly, they can be an easy way for attackers to gain a foothold in your organization. In this post we will talk about the vulnerabilities in Web Applications that the OWASP Foundation has highlighted as “Most Critical”.
May 3, 2022
nationstate , advanced persistent threat
May 3, 2022
Microsoft started to disable Excel 4.0 macros by default at the beginning of the year, sending ripples through the hacking community. For context, macros are code embedded within documents which allow users to automate repetitive tasks and calculate complex equations automatically. While the purpose of macros began in a place of doing good and being efficient, they have been used for malicious purposes in the past, as malware authors have started injecting excel with malicious code that runs upon opening the sheet.
malware analysis , phishing campaign
April 1, 2022
A new player in the ransomware circle has continued to target big name companies such as Microsoft, Samsung, and Nvidia. While the group has become infamous, it is strongly believed that the group is formed by a group of teenagers based on their behavior and operation procedures/tactics.
Malware , Ransomware , campaign
April 1, 2022
Web Application’s are an attackers first choice when trying to compromise an organization. By being one of the few attack vectors that face the public, if not secured correctly, they can be an easy way for attackers to gain a foothold in your organization. In this post we will talk about the vulnerabilities in Web Applications that the OWASP Foundation has highlighted as “Most Critical”.
Cybersecurity , webapp security
April 1, 2022
phishing campaign , nationstate
March 2, 2022
The rate of cyber-attacks has escalated exponentially in the past year. According to Reuters, cybercrime has risen 500% since the beginning of the pandemic. As a lot of companies are turning to remote work, attackers are finding new ways to exploit this along with the multitude of options already available to them. Although stopping attackers from gaining access may seem like a daunting task, by understanding the entire process, from initial reconnaissance to system compromise, we can be better prepared to stop an attack before it does real damage.
Cybersecurity
March 2, 2022
A ransomware group using Rust programming language and with ties to DarkSide & BlackMatter has been increasing their activity as many organizations have fallen victim to their ransomware.
Ransomware
February 2, 2022
The group responsible for hacking Mandiant analyst back in 2017 has made their return, according to Forum chatter and a new website.
phishing campaign
February 1, 2022
Lazarus Group (also known by other monikers such as Zinc, HIDDEN COBRA, and APT 38) is a cybercrime group made up of an unknown number of individuals run by the North Korean state. Researchers have attributed many cyberattacks to them between 2010 and 2021. The Lazarus Group has strong links to North Korea.
nationstate , campaign
January 3, 2022
In early 2021, an international law enforcement operation coordinated by Europol and Eurojust took over the Emotet infrastructure and arrested two individuals related to the group. Now, in late 2021, Emotet has been revived and improved, and has been gradually increasing its activity.
Malware , Ransomware
January 3, 2022
The attack and defense sides of security are constantly changing. As part of handling this change, organizations should continually reassess and evolve their defenses. This process is called Threat Modeling and is a proactive approach to protecting your organization against threats.
Cybersecurity
December 13, 2021
One of the most infamous ransomware gangs, REvil, may have been permanently brought offline thanks to law enforcement activity. Several arrests of cyber criminals related to REvil have been made and their one of their leader named “Unknown” has been missing. REvil servers are currently offline and many in the DarkWeb Forum communities believe this the end of REvil.
Ransomware
December 3, 2021
Ransomware
November 3, 2021
Malware and Ransomware is only getting more complex over time. Find out if your organization could benefit from a MDR solution.
Cloud Services
November 3, 2021
While Darkside may have rebranded as BlackMatter and REvil took a short break in July, the LockBit 2.0 ransomware group is gradually amassing an immense number of victims and continue to successfully make less noise than their counterparts.
Cybersecurity , Ransomware
August 19, 2021
A new cybercrime service is being offered on the DarkWeb to help malware gangs distribute their malicious payloads through hacked websites
Cybersecurity , Malware
Topics