RSS Dashboard

The Hackers News

X-Force Threat Intelligence Report

The National Cyber Security Centre

Zero Day Initiative: Published

NHS High CareCerts

ThreatPost

Mandiant

The Importance of Managing Your Data Security Posture
The Importance of Managing Your Data Security Posture

Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data… [...]

Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering

The Chinese nation-stage group known as Camaro Dragon has been linked to yet another backdoor that's designed to meet its intelligence-gathering goals. Israeli cybersecurity firm Check Point, which dubbed the Go-based malware TinyNote, said… [...]

North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks
North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

U.S. and South Korean intelligence agencies have issued a new alert warning of North Korean cyber actors' use of social engineering tactics to strike think tanks, academia, and news media… [...]

MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited
MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited

A critical flaw in Progress Software's in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is… [...]

Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks
Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks

An analysis of the "evasive and tenacious" malware known as QBot has revealed that 25% of its command-and-control (C2) servers are merely active for a single day. What's more, 50%… [...]

Not your average Joe: An analysis of the XeGroup’s attack techniques

XeGroup is a hacking group that has been active since at least 2013. The group is believed to have been involved in various cybercriminal activities. This threat actor uses many… [...]

Malware Spotlight: Camaro Dragon’s TinyNote Backdoor

Since early January 2023, there has been a notable surge in activity targeting European foreign affairs entities linked to Southeast and East Asia. The threat actors (TA) responsible are tracked by… [...]

SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations

SharpPanda, an APT group originating from China, has seen a rise in its cyber-attack operations starting from at least 2018. The APT group utilizes spear-phishing techniques to obtain initial access, employing… [...]

New Horabot campaign targets the Americas

Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in… [...]

Attacks against misconfigured Apache NiFi instances

Apache NiFi describes itself as “an easy-to-use, powerful, and reliable system to process and distribute data.” In simple terms, NiFi implements a web-based interface to define how data is moved… [...]

The threat from commercial cyber proliferation

Report informing readers about the threat to UK industry and society from commercial cyber tools and services. [...]

ACD - The Sixth Year

Key findings from the 6th year of the Active Cyber Defence (ACD) programme. [...]

Threat Report 24th March 2023

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 10th March 2023

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 24th February 2023

The NCSC's threat report is drawn from recent open source reporting. [...]

RSS Error: WP HTTP Error: cURL error 28: Connection timed out after 10001 milliseconds

CC-4326 - Progress MOVEit Transfer Critical Vulnerability

Severity: Medium A SQL injection vulnerability in the MOVEit Transfer web application is being actively exploited in the wild A SQL injection vulnerability in the MOVEit Transfer web application is… [...]

CC-4323 - Zyxel Releases Security Updates

Severity: Information only Security updates address vulnerabilities in Zyxel ATP, USG, and VPN products. Security updates address vulnerabilities in Zyxel ATP, USG, and VPN products. Updated: 01 Jun 2023 [...]

CC-4310 - Zyxel Releases Security Updates

Severity: Information only Security updates address vulnerabilities in Zyxel ATP, USG, and VPN products, including a command injection vulnerability Security updates address vulnerabilities in Zyxel ATP, USG and VPN products, including a… [...]

CC-4325 - Zyxel Releases Security Update

Severity: Information only Security update addresses a post-authentication command injection vulnerability in Zyxel NAS products Security update addresses a post-authentication command injection vulnerability in Zyxel NAS products Updated: 01 Jun… [...]

CC-4324 - Apache Releases Security Update for HTTP Server Vulnerability

Severity: Information only This security update addresses HTTP request smuggling attack capabilities in CVE-2023-25690 This security update addresses HTTP request smuggling attack capabilities in CVE-2023-25690 Updated: 30 May 2023 [...]

CC-4321 - Apple Releases Security Updates for Multiple Products

Severity: Medium The released security updates include three exploited zero-day vulnerabilities in iOS, iPadOS, Safari, watchOS, tvOS and macOS  The released security updates include three exploited zero-day vulnerabilities in iOS,… [...]

CC-4322 - Mitel Releases Security Update for Mitel MiVoice Connect

Severity: Information only Mitel has released a security update addressing two vulnerabilities in Mitel MiVoice Connect Mitel has released a security update addressing two vulnerabilities in Mitel MiVoice Connect Updated:… [...]

CC-4320 - Critical Vulnerabilities in Cisco Small Business Series Switches

Severity: Medium Cisco has released security advisories including one Critical and eight Medium severity advisories for vulnerabilities in Cisco Small Business Series Switches, Cisco ISE, Cisco SSM On-Prem, Cisco SSM… [...]

CC-4319 - VMware Releases Security Update

Severity: Information only VMware security update addresses four vulnerabilities in VMware Aria Operations and Cloud Foundation VMware security update addresses four vulnerabilities in VMware Aria Operations and Cloud Foundation Updated: 15 May… [...]

CC-4318 - SAP Releases May 2023 Security Updates

Severity: Information only Scheduled security updates address vulnerabilities affecting multiple products Scheduled security updates address vulnerabilities affecting multiple products Updated: 10 May 2023 [...]

Student Loan Breach Exposes 2.5M Records
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
Watering Hole Attacks Push ScanBox Keylogger
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Ransomware Attacks are on the Rise
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises

Mandiant identified novel operational technology (OT) / industrial control system (ICS)-oriented malware, which we track as COSMICENERGY, uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia. 

COSMICENERGY is the latest example of specialized OT malware capable of causing cyber physical

Don't @ Me: URL Obfuscation Through Schema Abuse

A technique is being used in the distribution of multiple families of malware that obfuscates the end destination of a URL by abusing the URL schema. Mandiant tracks this adversary methodology as "URL Schema Obfuscation”. The technique could increase the likelihood of a successful phishing attack, and could cause domain extraction errors in logging or security tooling. If a network defense tool is relying on knowing the server a URL is pointing to (e.g. checking if a domain is on a threat intel feed), it could potentially bypass it and cause gaps in visibility and coverage. Common URL parsing

Mandiant Managed Defense Expands to Support CrowdStrike and SentinelOne

To support our ongoing mission of helping organizations around the world defend against persistent and sophisticated cyber threats, we’re excited to announce the general availability of Mandiant Managed Defense for CrowdStrike Falcon® Insight XDR™ and SentinelOne Singularity XDR. By partnering with elite technology companies, we're helping organizations maximize their investments. Mutual customers benefit from the strengths of the technologies deployed in their environment along with a shared mission focus that can lead to deep technical integrations. 

The Power of Technology + Strategic
A Requirements-Driven Approach to Cyber Threat Intelligence

Cyber threat intelligence (CTI) serves a broad purpose: to inform, advise, and empower stakeholders within an organization. Successful CTI functions invariably put stakeholder intelligence requirements at the heart of their mission statement. But, any CTI team can and should adopt a requirements-focused approach. 

In our report, A Requirements-Driven Approach to Cyber Threat Intelligence, we outline what it means to be requirements-driven in practice. We offer actionable advice on how intelligence functions can implement and optimize such an approach within their organizations. 

Implemen

SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack

In 2022, Mandiant identified attacker activity centered in Microsoft Azure that Mandiant attributed to UNC3944. Mandiant’s investigation revealed that the attacker employed malicious use of the Serial Console on Azure Virtual Machines (VM) to install third-party remote management software within client environments. This method of attack was unique in that it avoided many of the traditional detection methods employed within Azure and provided the attacker with full administrative access to the VM. Unfortunately, cloud resources are often poorly misunderstood, leading to misconfigurations that