Mar 10, 2023Ravie LakshmananCyber Attack / Malware A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. Google-owned Mandiant said the threat cluster shares "multiple overlaps" with a … [Read more...] about North Korean UNC2970 Hackers Expands Operations with New Malware Families
cyber security news today
New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic
Mar 09, 2023Ravie LakshmananCryptojacking / Threat Detection, The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with successful exploitation of susceptible Oracle WebLogic servers to download a PowerShell … [Read more...] about New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic
Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments
Mar 08, 2023Ravie LakshmananAdvanced Persistent Threat High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the group's attack chains … [Read more...] about Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments
Shein’s Android App Caught Transmitting Clipboard Data to Remote Servers
Mar 07, 2023Ravie LakshmananPrivacy / Data Breach An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server. The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021. The issue has since been addressed as … [Read more...] about Shein’s Android App Caught Transmitting Clipboard Data to Remote Servers
Experts Discover Flaw in U.S. Govt’s Chosen Quantum-Resistant Encryption Algorithm
Mar 06, 2023Ravie LakshmananEncryption / Cybersecurity A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber … [Read more...] about Experts Discover Flaw in U.S. Govt’s Chosen Quantum-Resistant Encryption Algorithm
Security and IT Teams No Longer Need To Pay For SaaS-Shadow IT Discovery
Mar 04, 2023The Hacker NewsSaaS Security / Cyber Security This past January, a SaaS Security Posture Management (SSPM) company named Wing Security (Wing) made waves with the launch of its free SaaS-Shadow IT discovery solution. Cloud-based companies were invited to gain insight into their employees' SaaS usage through a completely free, self-service product that operates on a … [Read more...] about Security and IT Teams No Longer Need To Pay For SaaS-Shadow IT Discovery
New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
Mar 03, 2023Ravie LakshmananEnterprise Security / IoT A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is … [Read more...] about New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware’s Deadly Capabilities
Mar 03, 2023Ravie LakshmananEndpoint Security / Ransomware The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory about Royal ransomware, which emerged in the threat landscape last year. "After gaining access to victims' networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the … [Read more...] about U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware’s Deadly Capabilities
SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics
Mar 02, 2023Ravie LakshmananLinux / Cyber Threat The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software … [Read more...] about SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics
Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques
Mar 01, 2023Ravie LakshmananCryptocurrency / Cyber Attack Cryptocurrency companies are being targeted as part of a new campaign that delivers a remote access trojan called Parallax RAT. The malware "uses injection techniques to hide within legitimate processes, making it difficult to detect," Uptycs said in a new report. "Once it has been successfully injected, attackers can … [Read more...] about Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques