Malware

CTI Roundup: ToddyCat APT, GuptiMiner Malware, APT28 Exploits a Windows Print Spooler Flaw

May 1, 2024 By Tanium In Tanium

ToddyCat deploys advanced tools for industrial scale data theft, hackers use eScan updates to spread GuptiMiner malware, and Russia’s APT28 exploits a Windows Print Spooler flaw.

Read Post

Tanium

Read more about CTI Roundup: ToddyCat APT, GuptiMiner Malware, APT28 Exploits a Windows Print Spooler Flaw

The 443 Podcast, Ep. 286 - BatBadBut What?

Apr 30, 2024 By WatchGuard In WatchGuard

This week on #the443podcast, we cover a research post describing a code injection vulnerability caused by how nearly every high-level programming language runs on Windows. We also discuss a series of vulnerabilities in LG televisions that allow remote attackers to root the device before ending with a chat about new adversarial tactics for delivering malware via GitHub.

View Video

WatchGuard

Read more about The 443 Podcast, Ep. 286 - BatBadBut What?

Shamane Tan on cyber resilience - Cyber Security Decoded

Apr 30, 2024 By Rubrik In Rubrik

Bouncing back from a cyber incident, data breach or #ransomware attack is a great accomplishment…but how can you bounce forward? A complete Cyber Resilience strategy is mission-critical. Security teams should be proactive and have response plans in place for when #CyberAttacks hit, rather than attempting to prevent attacks from occurring. With a #CyberResilience strategy, your team will be equipped with a plan when a cyber incident occurs while also having tools to identify those malicious attacks before they happen.

View Video

Rubrik

Read more about Shamane Tan on cyber resilience - Cyber Security Decoded

CVE-2024-20353 and CVE-2024-20359: Cisco ASA and FTD Vulnerabilities Exploited by State-Sponsored Threat Actor in Espionage Campaign "ArcaneDoor"

Apr 29, 2024 By Andres Ramos In Arctic Wolf

On April 24, 2024, Cisco Talos and several government security agencies published details on a sophisticated threat campaign focused on espionage and gaining unauthorized access to sensitive information from targeted government entities and organizations in critical infrastructure. As part of that publication, Cisco disclosed CVE-2024-20353 and CVE-2024-20359, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, which were actively exploited in the documented campaign.

Read Post

Arctic Wolf

Read more about CVE-2024-20353 and CVE-2024-20359: Cisco ASA and FTD Vulnerabilities Exploited by State-Sponsored Threat Actor in Espionage Campaign "ArcaneDoor"

"Junk gun" ransomware: the cheap new threat to small businesses

Apr 25, 2024 By Graham Cluley In Tripwire

A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit, Rhysida, and BlackSuit, it still presents a serious threat to organizations.

Read Post

Tripwire

Read more about "Junk gun" ransomware: the cheap new threat to small businesses

Trustwave SpiderLabs Reveals the Ransomware Threats Targeting Latin American Financial and Government Sectors

Apr 25, 2024 By Trustwave In Trustwave

Ransomware-as-a-service (RaaS) threat groups are placing severe and continuous pressure on the financial and government services sectors in Latin America, according to data compiled by the elite Trustwave SpiderLabs team. RaaS is where developers working for threat actors manage and update the malware while affiliates carry out the actual ransomware attacks.

Read Post

Trustwave

Read more about Trustwave SpiderLabs Reveals the Ransomware Threats Targeting Latin American Financial and Government Sectors

Global Optics Provider Hit with Ransomware Attack and a $10M Ransom

Apr 23, 2024 By Stu Sjouwerman In KnowBe4

Global optics manufacturer Hoya had business operations at its headquarters and several business divisions impacted and is now facing a “No Negotiation / No Discount Policy” $10 million ransom decision to make.

Read Post

KnowBe4

Read more about Global Optics Provider Hit with Ransomware Attack and a $10M Ransom

Unveiling Sharp Stealer: A New Threat to Gamers

Apr 23, 2024 By Foresiet In Foresiet

In the ever-evolving landscape of cybersecurity threats, the recent breach by the notorious hacker group R00TK1T serves as a stark reminder of the vulnerabilities faced by even the most established organizations. As the Foresight Threat Team delves into the details of this alarming incident, it becomes imperative to shed light on the implications and lessons to be learned from this breach.

Read Post

Foresiet

Read more about Unveiling Sharp Stealer: A New Threat to Gamers

CVE-2024-3400: Critical Palo Alto PAN-OS Command Injection Vulnerability Exploited by Sysrv Botnet's XMRig Malware

Apr 21, 2024 By Vitaly Simonovich In Cato Networks

On Friday, April 12, 2024, Palo Alto Networks PAN-OS was found to have an OS command injection vulnerability (CVE-2024-3400). Due to its severity, CISA added it to its Known Exploited Vulnerabilities Catalog. Shortly after disclosure, a PoC was published.

Read Post

Cato Networks

Read more about CVE-2024-3400: Critical Palo Alto PAN-OS Command Injection Vulnerability Exploited by Sysrv Botnet's XMRig Malware

Unveiling the Nestle Data Breach: A Deep Dive into R00TK1T's Threat

Apr 19, 2024 By Foresiet In Foresiet

In the ever-evolving landscape of cybersecurity threats, the recent breach by the notorious hacker group R00TK1T serves as a stark reminder of the vulnerabilities faced by even the most established organizations. As the Foresight Threat Team delves into the details of this alarming incident, it becomes imperative to shed light on the implications and lessons to be learned from this breach.

Read Post