Oct 31, 2024Ravie LakshmananSpyware / Mobile Security Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. "While the iOS implant delivery method closely mirrors that of the macOS … [Read more...] about New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics
cyber attacks
North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
Oct 30, 2024Ravie LakshmananRansomware / Threat Intelligence Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, … [Read more...] about North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
Researchers Uncover Vulnerabilities in Open-Source AI and ML Models
Oct 29, 2024Ravie LakshmananAI Security / Vulnerability A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported … [Read more...] about Researchers Uncover Vulnerabilities in Open-Source AI and ML Models
Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services
Oct 28, 2024Ravie LakshmananCloud Security / Cyber Attack A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by … [Read more...] about Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services
Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining
Oct 26, 2024Ravie LakshmananCloud Security / Cryptocurrency The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, … [Read more...] about Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining
Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions
Oct 26, 2024Ravie LakshmananCybercrime / Malware Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported that a court in St. Petersburg … [Read more...] about Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions
Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite
Oct 25, 2024Ravie LakshmananVulnerability / Wi-Fi Security A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as CVE-2024-41992, said the susceptible code from the Wi-Fi Alliance has been found deployed on Arcadyan … [Read more...] about Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite
New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics
Oct 24, 2024Ravie LakshmananRansomware / Cybercrime Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI … [Read more...] about New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics
New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection
New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. "Only part of this gang was arrested: the remaining operators behind Grandoreiro continue attacking … [Read more...] about New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans
Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. "The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to … [Read more...] about Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans