"Long-Existing Bandook RAT Targets Windows Machines"

"Long-Existing Bandook RAT Targets Windows Machines"

Fortinet researchers discovered a new variant of the Bandook Remote Access Trojan (RAT) being used in phishing attacks against Windows users. Bandook has been used by different threat actors in several campaigns since 2007. The new variant, discovered in October 2023, spreads through phishing messages involving a PDF file containing a shortened URL that leads to the download of a password-protected .7z file. When the malware is extracted from the archive, it injects its payload into msinfo32.exe. This article continues to discuss the new variant of the Bandook RAT.

Submitted by Gregory Rigby on

"DHS S&T Announces New Solicitation for Synthetic Data Generator Solutions"

"DHS S&T Announces New Solicitation for Synthetic Data Generator Solutions"

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) is seeking solutions for generating synthetic data that models and replicates the shape and patterns of real data while protecting privacy and mitigating security risks. Synthetic data enables DHS to train Machine Learning (ML) models using synthetic data when real-world data is unavailable or would pose privacy and security risks. Real-world data may contain sensitive information, such as Personally Identifiable Information (PII).

Submitted by Gregory Rigby on

"US Mortgage Lender loanDepot Confirms Ransomware Attack"

"US Mortgage Lender loanDepot Confirms Ransomware Attack"

​Leading U.S. mortgage lender loanDepot has revealed that a cyber incident over the weekend was a ransomware attack that led to data encryption.  loanDepot is a major nonbank mortgage lender in the United States, with over $140 billion in serviced loans and roughly 6,000 employees.  After detecting the security breach, loanDepot started an investigation with the help of external cybersecurity experts and began notifying relevant regulators and law enforcement agencies.

Submitted by Adam Ekwall on

"'Swatting' Becomes Latest Extortion Tactic in Ransomware Attacks"

"'Swatting' Becomes Latest Extortion Tactic in Ransomware Attacks"

Threat actors are targeting medical institutions through their patients, using a tactic called "swatting" in order to push hospitals to pay ransom demands. Swatting is a form of prank-calling in which police are repeatedly called about a specific individual (e.g., a patient) regarding bomb threats or other serious allegations, making authorities show up at the homes of these unknowing victims heavily armed.

Submitted by Gregory Rigby on

"Escalating Cyber Threats: Bots, Fraud Farms, and Cryptojacking Surge, Urgently Requiring Attention"

"Escalating Cyber Threats: Bots, Fraud Farms, and Cryptojacking Surge, Urgently Requiring Attention"

The motivations and methods behind cyberattacks are varied. Cybercriminals exploit flaws in cybersecurity defenses as they try to compromise sensitive data, disrupt critical systems, or hold organizations hostage for the purpose of financial gain, political agendas, or pure malice. Therefore, it is essential to stay ahead of cyber adversaries by understanding current threats and using a proactive approach to anticipating and mitigating future risks. Help Net Security has provided excerpts from cyberattack surveys covered in 2023.

Submitted by Gregory Rigby on

"Capital Health Attack Claimed by LockBit Ransomware, Risk of Data Leak"

"Capital Health Attack Claimed by LockBit Ransomware, Risk of Data Leak"

The LockBit ransomware operation has recently claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow.  Capital Health is a primary healthcare service provider in New Jersey and parts of Pennsylvania, operating two major hospitals and several satellite and specialty clinics.  Last November, the organization experienced an IT systems outage following a cyberattack on its network, warning that the incident would impact its operations for at least a week.

Submitted by Adam Ekwall on

10th International Conference on Automation, Robotics and Applications (ICARA)

"The 10th International Conference on Automation, Robotics, and Applications (ICARA 2024) provides a platform for researchers, engineers, and industry professionals to exchange knowledge, share research findings, and discuss the latest advancements in the field."

Topics of interest include, but are not limited to security.

"KyberSlash Attacks Put Quantum Encryption Projects at Risk"

"KyberSlash Attacks Put Quantum Encryption Projects at Risk"

According to researchers at Cryspen, multiple implementations of the Kyber Key Encapsulation Mechanism (KEM) for quantum-safe encryption are vulnerable to a set of flaws called KyberSlash that enable secret keys to be recovered. CRYSTALS-Kyber is the official implementation of the KEM and a part of the CRYSTALS (Cryptographic Suite for Algebraic Lattices) algorithm suite. It was designed for general encryption and is part of the algorithms selected by the National Institute of Standards and Technology (NIST) to withstand attacks from quantum computers.

Submitted by Gregory Rigby on

"Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals"

"Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals"

The "Anonymous Arabic" threat group released Silver RAT, a Remote Access Trojan (RAT) capable of bypassing security software and silently launching hidden applications. According to the cybersecurity company Cyfirma, the developers maintain an active and sophisticated presence on multiple hacker forums and social media platforms. The actors, who are believed to be of Syrian origin and linked to the development of another RAT known as S500 RAT, also operate a Telegram channel that offers leaked databases, carding activities, and more.

Submitted by Gregory Rigby on

"Turkish Cyberspies Targeting Netherlands"

"Turkish Cyberspies Targeting Netherlands"

A state-supported cyberespionage group likely affiliated to Turkey has recently been observed targeting numerous public and private entities in the Netherlands for intelligence gathering, Dutch incident response provider Hunt & Hackett reports.  The company noted that over the past year, the advanced persistent threat (APT) actor, tracked as Sea Turtle, Cosmic Wolf, Marbled Dust, Silicon, and Teal Kurma, targeted government, telecommunications, media, and NGO entities, along with ISPs and IT services providers in the country, as part of multiple espionage campaigns.

Submitted by Adam Ekwall on
Subscribe to