Apr 22, 2025Ravie LakshmananIoT Security / Malware Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly … [Read more...] about Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals
CrowdStrike Falcon Privileged Access Secures Critical Hybrid Identity Environments
CrowdStrike is excited to announce CrowdStrike Falcon Privileged Access, a new offering within CrowdStrike Falcon® Identity Protection that uses high-fidelity risk signals to provide just-in-time access to organizations’ critical permissions and resources. Adversaries know valid credentials unlock access to data, infrastructure, and capabilities. Nearly 80% of attacks to … [Read more...] about CrowdStrike Falcon Privileged Access Secures Critical Hybrid Identity Environments
How Cushman & Wakefield Secures Identities with Falcon Identity Protection
For years, Cushman & Wakefield’s security team knew that remote desktop protocol (RDP) access was a potential weak point, but enforcing multifactor authentication (MFA) for RDP was out of reach. The company’s legacy cybersecurity tools simply didn’t support it, leaving critical systems vulnerable to credential-based attacks. “We knew attackers target RDP as an easy … [Read more...] about How Cushman & Wakefield Secures Identities with Falcon Identity Protection
How GenAI is transforming banking experiences
Discover how GenAI is helping banks move from rigid systems to conversational, intuitive customer experiences while driving speed, insight, and fraud detection."Did I eat at Wendy's twice last week?" is the kind of question we might ask ourselves while scrolling through bank statements. Now, thanks to generative AI (GenAI), banks can more effectively understand and answer such … [Read more...] about How GenAI is transforming banking experiences
Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan
Apr 21, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence … [Read more...] about Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan
APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed … [Read more...] about APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
Exfiltration over C2 channel | Elastic Blog
The digital battlefield is constantly evolving, and adversaries are always looking for ways to smuggle sensitive data out of an organization’s environment undetected. MITRE ATT&CK® T1041 - Exfiltration Over Command and Control (C2) Channel is a technique where attackers use their already established communication channels to stealthily exfiltrate data. Rather than raising … [Read more...] about Exfiltration over C2 channel | Elastic Blog
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Apr 19, 2025Ravie LakshmananLinux / Malware Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - According to supply chain security firm Socket, the packages are designed to mimic … [Read more...] about Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim … [Read more...] about Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Detect script-based threats with ES|QL: MITRE T1059 in action
Stealthy adversaries continually exploit system utilities to execute malicious code. A particularly potent and frequently misused tactic is MITRE ATT&CK® T1059 - Command and Scripting Interpreter, wherein attackers harness built-in interpreters like PowerShell, Bash, Python, or JavaScript to run arbitrary commands. This strategy enables adversaries to conduct … [Read more...] about Detect script-based threats with ES|QL: MITRE T1059 in action