Cybersecurity researchers have taken the wraps off what they call a “nearly-impossible-to-detect” Linux malware that could be weaponized to backdoor infected systems. Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal itself within running processes and network traffic and drain a victim’s resources like
Cyber Security
Image Source: Toptal The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers, according to enterprise security company Proofpoint,
U.S. cybersecurity and intelligence agencies have warned about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private sector organizations since at least 2020. The widespread intrusion campaigns aim to exploit publicly identified security flaws in network devices such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices with the
An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), even as the Follina flaw continues to be exploited in the wild. The issue — referenced as DogWalk — relates to a path traversal flaw that can be exploited to stash a malicious executable
A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady. “The malware is notable for the unusual way it is delivered to target PCs — using shellcode hidden in the properties of Microsoft Office documents,” Patrick Schläpfer, a threat analyst at HP, said in a technical write-up. SVCReady is
Enforcing the “double-extortion” technique aka pay-now-or-get-breached emerged as a head-turner last year. May 6th, 2022 is a recent example. The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January. Conti, a ransomware-as-a-service (RaaS) program, is one of the most notorious ransomware groups
The threat cluster dubbed UNC2165, which shares numerous overlaps with a Russia-based cybercrime group known as Evil Corp, has been linked to multiple LockBit ransomware intrusions in an attempt to get around sanctions imposed by the U.S. Treasury in December 2019. “These actors have shifted away from using exclusive ransomware variants to LockBit — a
Microsoft’s Digital Crimes Unit (DCU) last week disclosed that it had taken legal proceedings against an Iranian threat actor dubbed Bohrium in connection with a spear-phishing operation. The adversarial collective is said to have targeted entities in tech, transportation, government, and education sectors located in the U.S., Middle East, and India. “Bohrium actors create fake
10 of the most prolific mobile banking trojans have set their eyes on 639 financial applications that are available on the Google Play Store and have been cumulatively downloaded over 1.01 billion times. Some of the most targeted apps include Walmart-backed PhonePe, Binance, Cash App, Garanti BBVA Mobile, La Banque Postale, Ma Banque, Caf –
Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS). U-Boot is a boot loader used in Linux-based embedded systems such as ChromeOS as
A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office “Follina” vulnerability to target government entities in Europe and the U.S. Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked CVE-2022-30190 (CVSS score: 7.8). No less than
Virtual Private Network (VPN) provider ExpressVPN on Thursday announced that it’s removing Indian-based VPN servers in response to a new cybersecurity directive issued by the Indian Computer Emergency Response Team (CERT-In). “Rest assured, our users will still be able to connect to VPN servers that will give them Indian IP addresses and allow them to
An analysis of leaked chats from the notorious Conti ransomware group earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices. “Control over firmware gives attackers virtually unmatched powers both to directly cause damage and
Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium. In addition to removing the offending accounts created by the Lebanon-based activity group, the tech giant’s Threat Intelligence Center (MSTIC) said it suspended over 20
Atlassian on Friday rolled out fixes to address a critical security flaw affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution. Tracked as CVE-2022-26134, the issue is similar to CVE-2021-26084 — another security flaw the Australian software company patched in August 2021.
An “extremely sophisticated” Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that’s delivered by means of man-on-the-side attacks. “This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads,” Russian cybersecurity company Kaspersky said in a new report. “Such attacks are
GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of GitLab Enterprise Edition (EE) starting from 11.10
The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research. Sucuri, which has been tracking the same campaign since February 2019 under the name “NDSW/NDSX,” said that “the malware was one of the top infections” detected in 2021, accounting for