New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand

By The Hacker News — December 7^th 2023 at 06:15

A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named after a nocturnal female spirit of Southeast Asian folklore, the malware is "able to conceal its own presence during the initialization phase," Group-IB said in a report

The Hacker News

Researchers Unveil GuLoader Malware's Latest Anti-Analysis Techniques

By Newsroom — December 9^th 2023 at 07:16

Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process," Elastic Security Labs

The Hacker News

QakBot Malware Resurfaces with New Tactics, Targeting the Hospitality Industry

By Newsroom — December 18^th 2023 at 09:29

A new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network. Microsoft, which made the discovery, described it as a low-volume campaign that began on December 11, 2023, and targeted the hospitality industry. "Targets

The Hacker News

Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware

By Newsroom — December 21^st 2023 at 07:22

Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), a memory corruption vulnerability in Office's

The Hacker News

Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication

By Newsroom — December 21^st 2023 at 16:21

Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. "Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in executing Device Takeover (DTO) using the accessibility service, all while expanding its targeted region,

The Hacker News

New Bandook RAT Variant Resurfaces, Targeting Windows Machines

By Newsroom — January 5^th 2024 at 05:16

A new variant of a remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows machines, underscoring the continuous evolution of the malware. Fortinet FortiGuard Labs, which identified the activity in October 2023, said the malware is distributed via a PDF file that embeds a link to a password-protected .7z archive. “

The Hacker News

Getting off the Attack Surface Hamster Wheel: Identity Can Help

By The Hacker News — January 10^th 2024 at 11:30

IT professionals have developed a sophisticated understanding of the enterprise attack surface – what it is, how to quantify it and how to manage it.  The process is simple: begin by thoroughly assessing the attack surface, encompassing the entire IT environment. Identify all potential entry and exit points where unauthorized access could occur. Strengthen these vulnerable points using

The Hacker News

Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload

By Newsroom — January 11^th 2024 at 11:40

Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules,"

WIRED

Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection

By Matt Burgess — January 22^nd 2024 at 18:43

Apple’s iOS 17.3 introduces Stolen Device Protection to iPhones, which could stop phone thieves from taking over your accounts. Here’s how to enable it right now.

The Hacker News

SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks

By Newsroom — January 25^th 2024 at 14:23

Cybersecurity researchers have shed light on the command-and-control (C2) server workings of a known malware family called SystemBC. "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP," Kroll said in an analysis published last week. The risk

The Hacker News

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware

By Newsroom — February 5^th 2024 at 13:18

The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called VajraSpy. Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from the official Google Play Store and were collectively downloaded more than 1,400 times between

The Hacker News

Unified Identity – look for the meaning behind the hype!

By The Hacker News — February 8^th 2024 at 10:39

If you've listened to software vendors in the identity space lately, you will have noticed that “unified” has quickly become the buzzword that everyone is adopting to describe their portfolio. And this is great! Unified identity has some amazing benefits!  However (there is always a however, right?) not every “unified” “identity” “security” “platform” is made equal. Some vendors call the

The Hacker News

New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack

By Newsroom — February 9^th 2024 at 10:28

Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote. "This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection," Russian cybersecurity firm Kaspersky said in a Thursday report. What

The Hacker News

U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators

By Newsroom — February 11^th 2024 at 10:54

The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT. The domains – www.warzone[.]ws and three others – were "used to sell computer malware used by cybercriminals to secretly access and steal data from victims' computers," the DoJ said. Alongside the takedown, the

The Hacker News

Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries

By Newsroom — February 19^th 2024 at 10:29

The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. "Some of the droppers in the campaign successfully exploited the accessibility service, despite Google Play's enhanced detection and protection mechanisms," ThreatFabric said in a report shared with The Hacker News.

The Hacker News

Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative

By Newsroom — February 20^th 2024 at 06:01

Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U.S., phishing campaigns designed to steal intelligence, and information operations to turn public opinion against Israel. Iran

Security – Cisco Blog

NIS2 compliance for industrial networks: Are you ready?

By Fabien Maisl — February 16^th 2024 at 17:47

Since the European Union (EU) signed the second version of the Network and Information Security (NIS2) Directive in December 2022, there has been a real frenzy all around Europe about it. NIS2 is now… Read more on Cisco Blogs

NIS2 compliance for industrial networks: Are you ready?

💾

Security – Cisco Blog

Cisco Secure Access Accelerates SSE Innovation with AI, User Experience Monitoring, and Identity Intelligence

By Jeff Scheaffer — February 19^th 2024 at 13:00

In a blog post last December, I said that the business and IT leaders with whom I meet always ask: How can I secure my highly distributed workforce, who gets more varied and decentralized all the… Read more on Cisco Blogs

Security – Cisco Blog

The Real Deal About ZTNA and Zero Trust Access

By Jeff Scheaffer — February 23^rd 2024 at 02:29

ZTNA hasn’t delivered on the full promise of zero trust

Zero Trust has been all the rage for several years; it states, “never trust, always verify” and assumes every attempt to access the network or a… Read more on Cisco Blogs

Security – Cisco Blog

Drive Your Cybersecurity Platform Transformation: Lead the Way With SSE

By Bill Mabon — February 26^th 2024 at 13:00

By shifting from point-solutions to a cybersecurity platform approach, IT and security teams significantly improve their efficiency and security outcomes. Security Service Edge (SSE) projects are… Read more on Cisco Blogs

Security – Cisco Blog

Cisco Live Melbourne SOC Report

By Christian Clasen — March 1^st 2024 at 13:00

Executive Summary. 1

The Team… 2

Team Leaders. 2

Core Infrastructure and Threat Hunting. 2

Threat Hunting. 2

Build and Operation. 2

SOC Architecture. 2

Cisco Secure Access Enables ZTNA for SOC… Read more on Cisco Blogs

Security – Cisco Blog

Mitigating Lateral Movement with Zero Trust Access

By Andrew Akers — March 5^th 2024 at 13:00

Security service edge (SSE) technology was created to protect remote and branch users with a unified, cloud-delivered security stack. To understand how SSE solutions protect organizations and their… Read more on Cisco Blogs

💾

Security – Cisco Blog

Helping Ivanti VPN Customers

By Bill Mabon — March 11^th 2024 at 12:00

In January 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a directive (with an update in February) mandating that all U.S. Federal agencies take Ivanti systems offline… Read more on Cisco Blogs

Security – Cisco Blog

Complexity drives more than security risk. Secure Access can help with that too.

By Andrew Akers — March 14^th 2024 at 12:00

Modern networks are complex, often involving hybrid work models and a mix of first- and third-party applications and infrastructure. In response, organizations have adopted security service edge… Read more on Cisco Blogs

Security – Cisco Blog

Cisco Secure Access named Leader in Zero Trust Network Access

By Andrew Akers — March 19^th 2024 at 12:00

Zero Trust Network Access (ZTNA) is a critical component to increase productivity and reduce risk in today’s hyper-distributed environments. Cisco Secure Access provides a modern form of zero trust a… Read more on Cisco Blogs

Security – Cisco Blog

Cisco Secure Access Wins Global Security Service Edge Customer Value Leadership Award

By David Gormley — April 11^th 2024 at 12:00

It’s one thing to claim leadership in cloud security; it’s another to have that leadership acknowledged by industry experts. That’s why we’re thrilled to announce our recent recognition by Frost & Sul… Read more on Cisco Blogs

WIRED

The Biggest Deepfake Porn Website Is Now Blocked in the UK

By Matt Burgess — April 19^th 2024 at 16:54

The world's most-visited deepfake website and another large competing site are stopping people in the UK from accessing them, days after the UK government announced a crackdown.