Pierluigi Paganini
May 29, 2023
Cisco Talos and the Citizen Lab researchers have published a technical analysis of the powerful Android spyware Predator. Security researchers at Cisco Talos and the Citizen Lab have shared technical details about a commercial Android spyware named Predator that is sold by the surveillance firm Intellexa (formerly known as Cytrox). The researchers focused their analysis […]
Pierluigi Paganini
May 29, 2023
Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and .rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials. RPMSG files are used to deliver e-mails with Rights-Managed Email Object Protocol enabled. […]
Pierluigi Paganini
May 28, 2023
US CISA added recently patched Barracuda zero-day vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a recently patched Barracuda zero-day vulnerability to its Known Exploited Vulnerabilities Catalog. This week, the network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached […]
Pierluigi Paganini
May 27, 2023
The city of Augusta in Georgia, U.S., admitted that the recent IT system outage was caused by a cyber attack. While the City of Augusta revealed that a cyberattack caused the recent IT outage, the BlackByte ransomware gang has claimed responsibility for the attack. The attack took place on May 21, the administrator at the City […]
Pierluigi Paganini
May 27, 2023
The recently identified Buhti operation targets organizations worldwide with rebranded LockBit and Babuk ransomware variants. Researchers from Symantec discovered a new ransomware operation called Buhti (aka Blacktail) that is using LockBit and Babuk variants to target Linux and Windows systems worldwide. The ransomware operation hasn’t its own ransomware payload, however, it uses a custom information […]
Pierluigi Paganini
May 26, 2023
An alleged Iran-linked APT group targeted an organization linked to the United Arab Emirates (U.A.E.) with the new PowerExchange backdoor. Researchers from the Fortinet FortiGuard Labs observed an attack targeting a government entity in the United Arab Emirates with a new PowerShell-based backdoor dubbed PowerExchange. The experts speculate that the backdoor is likely linked to an […]
Pierluigi Paganini
May 26, 2023
Experts detailed a new piece of malware, named CosmicEnergy, that is linked to Russia and targets industrial control systems (ICS). Researchers from Mandiant discovered a new malware, named CosmicEnergy, designed to target operational technology (OT) / industrial control system (ICS) systems. The malicious code was first uploaded to a public malware scanning service in December 2021 by […]
Pierluigi Paganini
May 25, 2023
A China-linked APT group, tracked as Volt Typhoon, breached critical infrastructure organizations in the U.S. and Guam without being detected. China-linked APT cyber espionage group Volt Typhoon infiltrated critical infrastructure organizations in the U.S. and Guam without being detected. The group managed to maintain access without being detected for as long as possible. According to […]
Pierluigi Paganini
May 25, 2023
North Korea-linked APT group Lazarus actor has been targeting vulnerable Microsoft IIS servers to deploy malware. AhnLab Security Emergency response Center (ASEC) researchers reported that the Lazarus APT Group is targeting vulnerable versions of Microsoft IIS servers in a recent wave of malware-based attacks. Once discovered a vulnerable ISS server, the attackers leverage the DLL side-loading […]
Pierluigi Paganini
May 25, 2023
Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. ClearSky Cyber Security uncovered a watering hole attack on at least eight Israeli websites belonging to shipping, logistics, and financial services companies and attributed them with low confidence to the Iran-linked APT group Tortoiseshell (aka TA456 or Imperial […]
