News

A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. "DotRunpeX is a new injector written in .NET using the Process Hollowing technique and used to infect systems with a variety of known malware families," Check

ODNI recently announced Charles Luftig has been named the new Deputy Director of National Intelligence for Policy and Capabilities.

A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. The activity, which commenced in August 2022, is currently ongoing, Ocelot Team from Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Mispadu (

The overall number of zero-day vulnerabilities discovered in the wild last year declined compared to numbers in 2021. The post Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say appeared first on CyberScoop.

This article has not been generated by ChatGPT.  2022 was the year when inflation hit world economies, except in one corner of the global marketplace – stolen data. Ransomware payments fell by over 40% in 2022 compared to 2021. More organisations chose not to pay ransom demands, according to findings by blockchain firm Chainalysis. Nonetheless, stolen data has value beyond a price tag, and in

The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload. CatB, also referred to as CatB99 and Baxtoy, emerged late last year and is said to be an "evolution or direct rebrand" of another ransomware strain known as Pandora based on code-level similarities. It's worth noting that the use

The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down. A 

Addressing business risk requires identifying cyber risk. Involving C-suite in cybersecurity discussions is good digital stewardship & good leadership.

The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim

U.S. law enforcement authorities have arrested a 21-year-old New York man in connection with running the infamous BreachForums hacking forum under the online alias "Pompompurin." The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators "spent hours inside and outside of a home in Peekskill." "At one point, investigators

Think of the typical portrayal of a cyberattack. Bad guy pounding furiously on a keyboard, his eyes peeking out from under a dark hoodie. At long last, his efforts pay off and he hits the right combination of keys. "I'm in!" he shouts in triumph. Clearly, there are many problems with this scenario – and it's not just the hoodie. What's even more inaccurate is that most cyber attackers today do

U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit,"

A North Carolina airport has installed new CT X-ray scanners for improved airport security. The scanners have been used at other NC airports.

An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. "FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim's device," cybersecurity firm Check Point said.

A Michigan school district adopted an AI-based gun detection platform to protect its students and faculty against gun-related violence.

Charles County Public Schools in Maryland is utilizing new active shooter detection and notification technology to improve school safety. 

Recent research from Hoxhunt analyzed effectiveness of ChatGPT-generated phishing attacks showing people are still better at deceiving other people.

A group of senators led a bipartisan effort to urge CISA to assess the potential national security risks associated with a drone manufacturer.

A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as 'Hinata--,'" Akamai said in a

In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly increased the number of

Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware. "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis. While the first instance of

The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government, SentinelOne said in a report shared with The

Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123

As the world moves toward biometrics, systems must be paired with advanced anti-spoofing to ensure faces & voices aren't as hackable as passwords.

The agency reports that scam text complaints rose 500% between 2015 to 2022, reflecting the increase in robotexts Americans receive annually. The post FCC rules aims to curb scourge of robotexts assaulting Americans’ phones appeared first on CyberScoop.

Ontinue, the managed detection and response division of Open Systems, announced Gareth Lindahl-Wise as its new Chief Information Security Officer.

Experts told Senators on Thursday that rural hospitals don't have the necessary resources to fend off an increasing number of cyberattacks. The post Rural hospitals need help from feds to fight ransomware, witnesses tell lawmakers appeared first on CyberScoop.

With a focus on working toward closing the gender gap in cybersecurity, CISA and Girl Scouts of the USA formalize collaboration efforts.

Security leaders around the world should anticipate that cybercrime and ransomware attacks will continue to increase in popularity in 2023. 

The collapse of the U.S. tech industry's bank of choice has prompted a massive amount of fraud attempting to capitalize on its downfall. The post Scammers target Cloudflare CEO with Silicon Valley Bank-themed spearphishing  appeared first on CyberScoop.

An oil and gas company been cited by OSHA for health and safety violations after an employee suffered fatal exposure to hydrogen sulfide.

The Biden administration needs to foster greater public-private collaboration, involve global partners and help build the cyber workforce to fight growing digital threats.  The post The US cybersecurity strategy won’t address today’s threats with regulation alone appeared first on CyberScoop.

Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that's designed to load Cobalt Strike onto infected machines. Dubbed SILKLOADER by Finnish cybersecurity company WithSecure, the malware leverages DLL side-loading techniques to deliver the commercial adversary simulation software. The development comes as 

ZOLL Medical has notified its customers of a data breach affecting customers' protected health information (PHI) that occurred in late January.  

The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aimed at containerized environments to ultimately steal proprietary data and software. Specifically, the

The Department of State implements new funding to address security objectives through new programs and initiatives for semiconductor development.

A coalition of law enforcement agencies across Europe and the U.S. announced the takedown of ChipMixer, an unlicensed cryptocurrency mixer that began its operations in August 2017. "The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking to launder illegal proceeds from criminal activities such as drug trafficking, weapons trafficking,

In last year's edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this. Manufacturing was also the most represented Industry in our CyberSOC dataset – contributing more Incidents than any other

Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC).

Enterprises must establish processes to mitigate existing risk and reduce future risk. These processes must be run continuously and in parallel.