Malware

New APT targets South and Southeast Asia with custom-written backdoor

Lancefly, an APT group, is using a custom-written backdoor in attacks targeting government, aviation, education, and telecom organizations in South and Southeast Asia in an activity that has been ongoing for the past five years, according to Symantec. The group has been seen carrying out the activity with the motive of intelligence gathering. Lancefly has been deploying the Merdoor backdoor in highly targeted attacks since 2018 to establish persistence, execute commands, and perform keylogging on…

Read More

New ransomware gang RA Group quickly expanding operations

Researchers warn of a new ransomware threat dubbed RA Group that also engages in data theft and extortion and has been hitting organizations since late April. The group’s ransomware program is built from the leaked source code of a different threat called Babuk. “Like other ransomware actors, RA Group also operates a data leak site in which they threaten to publish the data exfiltrated from victims who fail to contact them within a specified time…

Read More

Law enforcement crackdowns and new techniques are forcing cybercriminals to pivot

It can seem like cybercriminals are running rampant across the world’s digital infrastructure, launching ransomware attacks, scams, and outright thefts with impunity. Over the last year, however, US and global authorities seized $112 million from cryptocurrency investment scams, disrupted the Hive ransomware group, broke up online illegal drug marketplaces, and sanctioned crypto money launderers, among other operations to crack down on internet-enabled crimes. These developments highlight how quickly investigative tools have evolved to track and…

Read More

New security tool lets you bypass SSL errors

Endpoint-based web and cloud security provider Dope Security has launched a new instant secure socket layer (SSL) error resolution feature on its secure web gateway (SWG) offering, Dope.swg. The new feature is added to simplify SSL inspection conducted by Dope’s SWG and helps admins bypass SSL errors generated as a result of the inspection. “Dope’s main differentiation is its ‘fly-direct’ architecture — rather than re-route all of your Internet traffic to a data center for…

Read More

Israeli threat group uses fake company acquisitions in CEO fraud schemes

A group of cybercriminals based in Israel has launched more than 350 business email compromise (BEC) campaigns over the past two years, targeting large multinational companies from around the world. The group stands out with some of the techniques it uses, including email display name spoofing and multiple fake personas in the email chains, and through the abnormally large sums of money the attempt to extract from organizations. “Like most other threat actors that focus…

Read More

CISA and FBI Release Joint Advisory in Response to Active Exploitation of PaperCut Vulnerability

CISA and FBI have released a joint Cybersecurity Advisory (CSA), Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. This joint advisory provides details related to an exploitation of PaperCut MF/NG vulnerability (CVE-2023-27350). FBI observed malicious actors exploit CVE-2023-27350 beginning in mid-April 2023 and continuing through the present. In early May 2023, FBI observed a group self-identifying as the Bl00dy Ransomware Gang attempting to exploit vulnerable PaperCut servers against the Education Facilities Subsector. The advisory further…

Read More

New DownEx malware campaign targets Central Asia

A previously undocumented malware campaign called DownEx has been observed actively targeting government institutions in Central Asia for cyberespionage, according to a report by Bitdefender.  The first instance of the malware was detected in 2022 in a highly targeted attack aimed at exfiltrating data from foreign government institutions in Kazakhstan. Researchers observed another attack in Afghanistan. “The domain and IP addresses involved do not appear in any previously documented incidents, and the malware does not share any code similarities…

Read More

The 6 best password managers for business

What’s a password manager? A password manager is a program that stores passwords and logins for various sites and apps, and generates new strong passwords when a user needs to change an old one or create a new account. Users can sign into a password manager with a single strong password or by using biometrics, and access all their login information. Most password managers allow users to sign in on multiple devices (including Macs, Windows…

Read More

Dell pushes security, devops integration in storage updates

Dell’s storage product lineup is set to receive a wide range of updates, including  devops integrations with the Ansible and Terraform tools, compliance with the latest US government security standards, zero trust readiness and more. PowerStore, Dell’s flash-based storage array line, is receiving the lion’s share of the security updates, according to a Dell announcement on Wednesday. Dell said that PowerStore now boasts STIG hardening, meaning that it is compliant with the federal government’s stanadards…

Read More

Microsoft fixes bypass for critical Outlook zero-click flaw patch

Microsoft fixed a new vulnerability this week that could be used to bypass defenses the company put in place in March for a critical vulnerability in Outlook that Russian cyberspies exploited in the wild. That vulnerability allowed attackers to steal NTLM hashes by simply sending specifically crafted emails to Outlook users. The exploit requires no user interaction. The new vulnerability, patched Tuesday and tracked as CVE-2023-29324, is in the Windows MSHTML Platform and can be…

Read More