Security Affairs

Pierluigi Paganini December 13, 2024
Experts discovered the first mobile malware families linked to Russia’s Gamaredon

The Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states. Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, and ACTINIUM). These are the first known mobile malware families linked to the Russian APT.  The cyberespionage group is behind a […]

Pierluigi Paganini December 12, 2024
US Bitcoin ATM operator Byte Federal suffered a data breach

US Bitcoin ATM operator Byte Federal suffered a data breach impacting 58,000 customers, attackers gained unauthorized access to a server via GitLab flaw. US Bitcoin ATM operator Byte Federal disclosed a data breach after threat actors gained unauthorized access to a company server by exploiting a GitLab vulnerability. Byte Federal is a company specializing in […]

Pierluigi Paganini December 12, 2024
Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices, as detailed by Lookout. Researchers at the Lookout Threat Lab discovered a surveillance tool, dubbed EagleMsgSpy, used by Chinese law enforcement to spy on mobile devices. The researchers analyzed multiple samples of the malware and gained access to internal documents obtained from […]

Pierluigi Paganini December 12, 2024
Operation PowerOFF took down 27 DDoS platforms across 15 countries

Operation PowerOFF took down 27 DDoS stresser services globally, disrupting illegal platforms used for launching cyberattacks. A global law enforcement operation codenamed Operation PowerOFF disrupted 27 of the most popular platforms (including zdstresser.net, orbitalstress.net, and starkstresser.net) to launch Distributed Denial-of-Service (DDoS) attacks. “Law enforcement agencies worldwide have disrupted a holiday tradition for cybercriminals: launching Distributed […]

Pierluigi Paganini December 12, 2024
Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor

Russia-linked APT group Secret Blizzard is using Amadey Malware-as-a-Service to infect systems in Ukraine with the Kazuar backdoor. The Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) was spotted using the Amadey malware to deploy the KazuarV2 backdoor on devices in Ukraine. The experts observed threat actors using the Amadey bot malware between March and April 2024. Microsoft highlights […]

Pierluigi Paganini December 11, 2024
Operation Digital Eye: China-linked relies on Visual Studio Code Remote Tunnels to spy on Europen entities

An alleged China-linked APT group targeted large business-to-business IT service providers in Southern Europe as part of Operation Digital Eye campaign. Between late June and mid-July 2024, a China-linked threat actor targeted major IT service providers in Southern Europe in a campaign codenamed ‘Operation Digital Eye.’ Cyberspies aimed to establish footholds and compromise downstream entities […]

Pierluigi Paganini December 11, 2024
Chinese national charged for hacking thousands of Sophos firewalls

The U.S. has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. The U.S. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., faces charges for developing and testing a […]

Pierluigi Paganini December 11, 2024
Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

Resecurity uncovered a large-scale fraud campaign in the UAE where scammers impersonate law enforcement to target consumers. Resecurity has identified a wide-scale fraudulent campaign targeting consumers in the UAE by impersonating law enforcement. Victims are asked to pay non-existent fines online (traffic tickets, parking violations, driving license renewals) following multiple phone calls made on behalf […]

Pierluigi Paganini December 11, 2024
U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Common Log File System (CLFS) driver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Common Log File System (CLFS) driver flaw CVE-2024-49138  (CVSS score: 7.8) to its Known Exploited Vulnerabilities (KEV) catalog. Microsoft December 2024 […]

Pierluigi Paganini December 09, 2024
Mandiant devised a technique to bypass browser isolation using QR codes

Mandiant revealed a technique to bypass browser isolation using QR codes, enabling command transmission from C2 servers. Browser isolation is a security measure that separates web browsing from the user’s device by running the browser in a secure environment (e.g., cloud or VM) and streaming visuals. Mandiant has identified a new technique for bypassing browser […]