News

  • New DotRunpeX Malware Delivers Multiple Malware Families via Malicious Ads
    on March 20, 2023

    A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. "DotRunpeX is a new injector written in .NET using the Process Hollowing technique and used to infect systems with a variety of known malware families," Check

  • Charles Luftig named Deputy Director of National Intelligence for P&C
    on March 20, 2023

    ODNI recently announced Charles Luftig has been named the new Deputy Director of National Intelligence for Policy and Capabilities.

  • Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen
    on March 20, 2023

    A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. The activity, which commenced in August 2022, is currently ongoing, Ocelot Team from Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Mispadu (

  • Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say
    on March 20, 2023 in Cybercrime, Threats, China, Mandiant, ransomware, research, vulnerabilities

    The overall number of zero-day vulnerabilities discovered in the wild last year declined compared to numbers in 2021. The post Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say appeared first on CyberScoop.

  • New Cyber Platform Lab 1 Decodes Dark Web Data to Uncover Hidden Supply Chain Breaches
    on March 20, 2023

    This article has not been generated by ChatGPT.  2022 was the year when inflation hit world economies, except in one corner of the global marketplace – stolen data. Ransomware payments fell by over 40% in 2022 compared to 2021. More organisations chose not to pay ransom demands, according to findings by blockchain firm Chainalysis. Nonetheless, stolen data has value beyond a price tag, and in

  • Researchers Shed Light on CatB Ransomware's Evasion Techniques
    on March 20, 2023

    The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload. CatB, also referred to as CatB99 and Baxtoy, emerged late last year and is said to be an "evolution or direct rebrand" of another ransomware strain known as Pandora based on code-level similarities. It's worth noting that the use

  • Emotet Rises Again: Evades Macro Security via OneNote Attachments
    on March 20, 2023

    The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down. A 

  • Cyber risk is a business risk
    on March 20, 2023

    Addressing business risk requires identifying cyber risk. Involving C-suite in cybersecurity discussions is good digital stewardship & good leadership.

  • Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack
    on March 18, 2023

    The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim

  • Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York
    on March 18, 2023

    U.S. law enforcement authorities have arrested a 21-year-old New York man in connection with running the infamous BreachForums hacking forum under the online alias "Pompompurin." The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators "spent hours inside and outside of a home in Peekskill." "At one point, investigators

  • THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter
    on March 18, 2023

    Think of the typical portrayal of a cyberattack. Bad guy pounding furiously on a keyboard, his eyes peeking out from under a dark hoodie. At long last, his efforts pay off and he hits the right combination of keys. "I'm in!" he shouts in triumph. Clearly, there are many problems with this scenario – and it's not just the hoodie. What's even more inaccurate is that most cyber attackers today do

  • LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions
    on March 18, 2023

    U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit,"

  • CT scanners installed at NC airport for improved passenger screening
    on March 17, 2023

    A North Carolina airport has installed new CT X-ray scanners for improved airport security. The scanners have been used at other NC airports.

  • FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps
    on March 17, 2023

    An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. "FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim's device," cybersecurity firm Check Point said.

  • Michigan school district adopts AI-based gun detection
    on March 17, 2023

    A Michigan school district adopted an AI-based gun detection platform to protect its students and faculty against gun-related violence.

  • Maryland school district implements gun detection technology
    on March 17, 2023

    Charles County Public Schools in Maryland is utilizing new active shooter detection and notification technology to improve school safety. 

  • Will AI replace humans in phishing attacks?
    on March 17, 2023

    Recent research from Hoxhunt analyzed effectiveness of ChatGPT-generated phishing attacks showing people are still better at deceiving other people.

  • Senators write letter to CISA over drone manufacturer concerns
    on March 17, 2023

    A group of senators led a bipartisan effort to urge CISA to assess the potential national security risks associated with a drone manufacturer.

  • New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
    on March 17, 2023

    A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as 'Hinata--,'" Akamai said in a

  • A New Security Category Addresses Web-borne Threats
    on March 17, 2023

    In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly increased the number of

  • Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware
    on March 17, 2023

    Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware. "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis. While the first instance of

  • Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials
    on March 17, 2023

    The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government, SentinelOne said in a report shared with The

  • Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips
    on March 17, 2023

    Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123

  • As biometrics adoption surges, anti-spoofing is non-negotiable
    on March 17, 2023

    As the world moves toward biometrics, systems must be paired with advanced anti-spoofing to ensure faces & voices aren't as hackable as passwords.

  • FCC rules aims to curb scourge of robotexts assaulting Americans’ phones
    on March 16, 2023 in Government, Threats, FCC, phishing, robotext

    The agency reports that scam text complaints rose 500% between 2015 to 2022, reflecting the increase in robotexts Americans receive annually. The post FCC rules aims to curb scourge of robotexts assaulting Americans’ phones appeared first on CyberScoop.

  • Gareth Lindahl-Wise named Ontinue CISO
    on March 16, 2023

    Ontinue, the managed detection and response division of Open Systems, announced Gareth Lindahl-Wise as its new Chief Information Security Officer.

  • Rural hospitals need help from feds to fight ransomware, witnesses tell lawmakers
    on March 16, 2023 in Policy, health care, ransomware, Senate Homeland Security and Governmental Affairs Committee

    Experts told Senators on Thursday that rural hospitals don't have the necessary resources to fend off an increasing number of cyberattacks. The post Rural hospitals need help from feds to fight ransomware, witnesses tell lawmakers appeared first on CyberScoop.

  • CISA, Girl Scouts joins forces to close cybersecurity gender gap
    on March 16, 2023

    With a focus on working toward closing the gender gap in cybersecurity, CISA and Girl Scouts of the USA formalize collaboration efforts.

  • 2023 cybersecurity outlook: Crime keeps on slippin’ into the future
    on March 16, 2023

    Security leaders around the world should anticipate that cybercrime and ransomware attacks will continue to increase in popularity in 2023. 

  • Scammers target Cloudflare CEO with Silicon Valley Bank-themed spearphishing 
    on March 16, 2023 in Cybercrime, Financial, Threats, Uncategorized, Cloudflare, cybercrime, Financial services, phishing

    The collapse of the U.S. tech industry's bank of choice has prompted a massive amount of fraud attempting to capitalize on its downfall. The post Scammers target Cloudflare CEO with Silicon Valley Bank-themed spearphishing  appeared first on CyberScoop.

  • Texas oil and gas company cited by OSHA after employee death
    on March 16, 2023

    An oil and gas company been cited by OSHA for health and safety violations after an employee suffered fatal exposure to hydrogen sulfide.

  • The US cybersecurity strategy won’t address today’s threats with regulation alone
    on March 16, 2023 in Commentary, Biden administration, Cybersecurity, Russia, White House, workforce

    The Biden administration needs to foster greater public-private collaboration, involve global partners and help build the cyber workforce to fight growing digital threats.  The post The US cybersecurity strategy won’t address today’s threats with regulation alone appeared first on CyberScoop.

  • Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection
    on March 16, 2023

    Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that's designed to load Cobalt Strike onto infected machines. Dubbed SILKLOADER by Finnish cybersecurity company WithSecure, the malware leverages DLL side-loading techniques to deliver the commercial adversary simulation software. The development comes as 

  • Portable health device company suffers data breach
    on March 16, 2023

    ZOLL Medical has notified its customers of a data breach affecting customers' protected health information (PHI) that occurred in late January.  

  • Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration
    on March 16, 2023

    The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aimed at containerized environments to ultimately steal proprietary data and software. Specifically, the

  • Department of State receives funding for semiconductor development
    on March 16, 2023

    The Department of State implements new funding to address security objectives through new programs and initiatives for semiconductor development.

  • Authorities Shut Down ChipMixer Platform Tied to Crypto Laundering Scheme
    on March 16, 2023

    A coalition of law enforcement agencies across Europe and the U.S. announced the takedown of ChipMixer, an unlicensed cryptocurrency mixer that began its operations in August 2017. "The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking to launder illegal proceeds from criminal activities such as drug trafficking, weapons trafficking,

  • What's Wrong with Manufacturing?
    on March 16, 2023

    In last year's edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this. Manufacturing was also the most represented Industry in our CyberSOC dataset – contributing more Incidents than any other

  • Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency
    on March 16, 2023

    Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC).

  • Balancing security & agility in today's networks is a continuous effort
    on March 16, 2023

    Enterprises must establish processes to mitigate existing risk and reduce future risk. These processes must be run continuously and in parallel.