High-profile attacks often stem from the exploitation of RCE vulnerabilities in commonly used software products. In late October 2024, security researchers uncovered a critical vulnerability in the FortiManager API (CVE-2024-47575) actively exploited in zero-day attacks. With the holiday season on the horizon, adversaries ramp up their activities as a new security flaw surfaces in the […]
Defenders observe increasing numbers of cyber-attacks linked to China-backed APT groups, primarily focused on intelligence gathering. In September 2024, a China-affiliated APT group tracked as Earth Baxia set its sights on a state agency in Taiwan and possibly other nations within the APAC region. A recently uncovered cyber-espionage campaign has been targeting high-profile organizations in […]
Since russia launched its full-scale invasion of Ukraine, defense organizations have been heavily targeted by multiple hacking groups via the phishing attack vector. CERT-UA researchers recently shed light on the latest attacks by UAC-0185 (aka UNC4221) targeting Ukrainian organizations within the defense-industrial sector. The new CERT-UA alert covers cyber attacks using email spoofing and masquerading […]
The russian state-sponsored threat actor BlueAlpha (aka Gamaredon, Hive0051, Shuckworm, UAC-0010, or Armageddon) has been orchestrating cyber-espionage campaigns against Ukraine since 2014. Following Russia’s full-scale invasion of Ukraine on February 24, 2022, these operations have intensified, showcasing evolving TTPs that are often tested in Ukraine before being deployed against a wider array of targets. Recently, […]
New day, a new menace for cyber defenders. Recently, security researchers from ThreatLabz have uncovered two novel malicious strains adding to the 100 million count of those already identified in 2024. As per reports, the newly revealed RevC2 and Venom Loader have been making the rounds since the summer of 2024, leveraging Venom Spider’s Malware-as-a-Service […]
The nefarious SmokeLoader malware resurfaces in the cyber threat arena targeting Taiwanese companies in multiple industry sectors, including manufacturing, healthcare, and IT. Typically used as a downloader for deploying other malicious samples, in the latest attack campaign, SmokeLoader executes the attack directly by retrieving plugins from its C2 server. Detect SmokeLoader Malware Almost 100 million […]
For nearly three years since the full-scale war in Ukraine began, cyber defenders have reported a growing number of russia-aligned offensive operations targeting Ukrainian organizations to collect intelligence, with attacks increasingly expanding their geographical scope. The russia-backed hacking collective tracked as TAG-110 or UAC-0063 has been observed behind an ongoing cyber-espionage campaign against organizations in […]
Emerging last year as the successor to Royal ransomware, BlackSuit has quickly evolved into a highly sophisticated malicious spinoff, aggressively targeting organizations worldwide. Security researchers have recently observed a significant surge in activity by the Ignoble Scorpius group, the operator behind BlackSuit, with over 90 organizations falling victim to their relentless intrusions. Detect BlackSuit Ransomware […]
Following a wave of cyber attacks by the Iran-linked hacking collective tracked as Pioneer Kitten, the FBI, CISA, and authoring partners issue a new alert notifying defenders of a growing threat posed by BianLian Ransomware Group, which primarily targets critical infrastructure organizations in the U.S. and Australia. Detect BianLian Ransomware According to the State of […]
A new Rust-based stealer malware dubbed Fickle Stealer has come to the scene, capable of extracting sensitive data from compromised users. The new stealer masquerades itself as GitHub Desktop software for Windows and employs a wide range of anti-malware and detection evasion techniques, posing a growing threat to its potential victims. Detect Fickle Stealer Malware […]