A suspected ransomware intrusion against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment. The findings come from cybersecurity firm CrowdStrike, which traced the source of the attack to a Linux-based Mitel VoIP device sitting on the network perimeter, while also identifying a … [Read more...] about Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack
Hackers
How Hackers Choose Their Victims
Enforcing the "double-extortion" technique aka pay-now-or-get-breached emerged as a head-turner last year. May 6th, 2022 is a recent example. The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January. Conti, a ransomware-as-a-service (RaaS) program, is one of the most notorious ransomware groups and has been … [Read more...] about How Hackers Choose Their Victims
New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email
A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction," SonarSource said in a … [Read more...] about New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email
Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks
A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion … [Read more...] about Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks
Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia
An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the … [Read more...] about Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia
Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia
A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 (aka Cozy Bear), with some set of the activities associated with the crew assigned the … [Read more...] about Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia
Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak
The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. Conti, attributed to a Russia-based threat actor known as Gold Ulrick, is one of the most prevalent malware strains in the ransomware landscape, accounting for 19% of all attacks during the … [Read more...] about Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak
T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code
Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the group indicating that LAPSUS$ breached the company several times in March prior to … [Read more...] about T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code
Hackers Sneak ‘More_Eggs’ Malware Into Resumes Sent to Corporate Hiring Managers
A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers. "This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake … [Read more...] about Hackers Sneak ‘More_Eggs’ Malware Into Resumes Sent to Corporate Hiring Managers
U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware
The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert. "The tools enable them to scan for, … [Read more...] about U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware