Cybersecurity experts have uncovered a series of attacks targeting organizations in Kazakhstan by a threat actor dubbed “Bloody Wolf.” The group utilizes STRRAT, an inexpensive but potent malware available on
Uncategorized
APT41 Hackers Attacking Research Institute with ShadowPad and Cobalt Strike
Cisco Talos has unearthed a sophisticated cyber-espionage campaign targeting a Taiwanese government-affiliated research institute. The attack, attributed to the notorious Chinese hacking group APT41, involved the deployment of the ShadowPad
Rockwell Automation Devices Flaw Let Hackers Gain Unauthorized Access
A critical security vulnerability in Rockwell Automation’s ControlLogix and GuardLogix controllers has been discovered. This vulnerability could potentially allow attackers to bypass security measures and gain unauthorized access to industrial
Telegram-Controlled TgRat Attacking Linux Servers to Exfiltrate Data
TgRat, a Telegram-controlled trojan, was discovered attacking Linux servers in an attempt to steal data from a compromised system. In 2022, the TgRat trojan was first identified. Although the original
Sitting Ducks DNS Attack Hijack 35,000 Domains
Threat actors have been exploiting the attack vector known as Sitting Ducks since at least 2019 to conduct malware delivery, phishing, brand impersonation, and data exfiltration by exploiting flaws in
Beware! Fake Google Authenticator Sites Spreading DeerStealer Malware
Researchers from ANY RUN identified a malware distribution campaign dubbed DeerStealer that leverages deceptive websites masquerading as legitimate Google Authenticator download pages. The initial discovered website, “authentificcatorgoolgltecom,” closely resembles the
Threat Actors Exploiting ChatGPT’s Sora AI Excitement To Deliver Malware
Threat actors exploit AI to make their attacks more effective through automation, scanning large data sets for security gaps and creating intricate phishing scams that are harder to spot. In
DEV#POPPER Attacking developers via New Social Engineering Tactics
Threat actors masquerade as interviewers and send a ZIP file (onlinestoreforhirog.zip) to candidates as part of a fake interview, which contains legitimate files and a malicious JavaScript file (printfulRoute.js) that
Bitdefender Vulnerability Let Attackers Trigger SSRF Attacks
A critical security vulnerability has been discovered in Bitdefender’s GravityZone Update Server, potentially exposing organizations to server-side request forgery (SSRF) attacks. The flaw, identified as CVE-2024-6980, carries a high severity
Security Risk Advisors Announces Launch of VECTR Enterprise Edition
Security Risk Advisors (SRA) announces the launch of VECTR Enterprise Edition, a premium version of its widely-used VECTR platform for purple teams and adversary management program reporting and benchmarking. VECTR
