An updated version of the Python-based, cloud-focused hack tool called Legion—which can extract credentials from vulnerable web servers—has surfaced. The updated variant incorporates the Paramiko module to exploit SSH servers. Furthermore, it can now retrieve specific AWS credentials associated wit ...Read More
Alleged Iranian nation-state hacker group Tortoiseshell performed a watering hole attack on several shipping and logistics websites in Israel to collect information about their users. Attackers stay hidden by impersonating the genuine jQuery JavaScript framework. Organizations are urged to raise aw ...Read More
An unidentified threat actor group has been observed employing a malicious Windows kernel driver in targeted attacks, primarily focusing on the Middle East region. Fortinet security experts have dubbed the artifact as WINTAPIX (WinTapix.sys). To stay protected, users are suggested to immediately im ...Read More
Kimsuky, the North Korean APT group, is actively distributing a variant of custom malware known as RandomQuery as part of its reconnaissance campaigns. The malware has been specifically designed to perform two primary functions: file enumeration and data exfiltration. A real-time threat intelligenc ...Read More
AhRAT is a newly discovered threat by ESET researchers on the Google Play Store that disguises itself as a screen recording application, which witnessed tens of thousands of installations. Threat actors added malicious functionality at a later stage of its release in August 2022. Organizations must ...Read More
CERT-UA warned against a cyberespionage campaign by the UAC-0063 threat group targeting Ukraine, Mongolia, Kazakhstan, Kyrgyzstan, Israel, and India. To complicate investigation efforts and hinder attribution, the hackers employed the PyArmor and Themida software tools. Organizations are advised to ...Read More
The Cyber Signals report revealed that Microsoft detected 35 million BEC attempts with an average of 156,000 attempts daily between April 2022 and April 2023. Microsoft also noticed a pattern in which attackers used a phishing-as-a-service platform, BulletProftLink, to obtain login credentials. To ...Read More
Trend Micro revealed that the BlackCat ransomware group is using a signed kernel driver for evasion tactics. The driver was utilized in conjunction with a separate user client executable, with the intention of manipulating, pausing, and terminating specific processes associated with the security on ...Read More
Security analysts at Scam Sniffer exposed a crypto phishing and scam service Inferno Drainer that swindled about $5.9 million worth of cryptocurrencies from 4,888 victims. It reportedly crafted over 689 counterfeit websites since March 27, 2023. Deploy a real-time anti-scam protection solutio ...Read More
ASEC’s AhnLab discovered a spam email campaign that distributes the DarkCloud info-stealer malware. The email contents urge recipients to review the attached payment statement, which purportedly pertains to their company account. Additionally, the threat actor installs ClipBanker on infected device ...Read More
Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.