"Global Infostealer Malware Operation Targets Crypto Users, Gamers"

"Global Infostealer Malware Operation Targets Crypto Users, Gamers"

An infostealer malware operation spanning 30 campaigns targeting different demographics and system platforms has been attributed to "Marko Polo," a cybercriminal group. The threat actors spread 50 malware payloads, including "AMOS," "Stealc," and "Rhadamanthys," via malvertising, spearphishing, and brand impersonation. According to Recorded Future's Insikt Group, the malware campaign has affected thousands, potentially resulting in millions of dollars in losses. This article continues to discuss new findings regarding the Marko Polo malware operation.

Submitted by Gregory Rigby on

"New PondRAT Malware Hidden in Python Packages Targets Software Developers"

"New PondRAT Malware Hidden in Python Packages Targets Software Developers"

North Korea-linked threat actors are using poisoned Python packages to spread "PondRAT" malware as part of an ongoing campaign. Palo Alto Networks' Unit 42 found that PondRAT is a lighter version of "POOLRAT," also known as "SIMPLESEA," a macOS backdoor previously used by the "Lazarus Group" in attacks related to the 3CX supply chain compromise last year. This article continues to discuss findings regarding the new PondRAT malware.

Submitted by Gregory Rigby on

"Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities"

"Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities"

The cybersecurity community started warning about remote hacker attacks on Automatic Tank Gauge (ATG) systems nearly a decade ago, but critical vulnerabilities remain. ATG systems are widely deployed in gas stations, monitoring the parameters in a storage tank, including volume, pressure, and temperature. In 2015, some cybersecurity companies found that ATGs could be remotely hacked, warning that honeypot data revealed hackers had targeted these devices. Earlier this year, researchers at Bitsight found that the situation regarding vulnerabilities and exposed devices has not improved.

Submitted by Gregory Rigby on

"Unpatched Vulnerabilities Expose Riello UPSs to Hacking: Security Firm"

"Unpatched Vulnerabilities Expose Riello UPSs to Hacking: Security Firm"

CyberDanube, an Austrian industrial cybersecurity company, says hackers can take control of Riello Uninterruptible Power Supply (UPS) devices by exploiting unpatched vulnerabilities. The Italy-based Riello Elettronica is an electrical manufacturing sector company, leading in the UPS market. CyberDanube reports that the vendor has failed to fix two vulnerabilities in its NetMan 204 network communications card, which integrates Riello UPS systems into medium or large networks. The first issue is a SQL injection vulnerability that can modify log data without authentication.

Submitted by Gregory Rigby on

"Kryptina Ransomware Resurfaces in Enterprise Attacks By Mallox"

"Kryptina Ransomware Resurfaces in Enterprise Attacks By Mallox"

SentinelLabs presented research at LABScon 2024 that brought attention to the resurfacing of "Kryptina," a Ransomware-as-a-Service (RaaS) tool, in enterprise attacks. The tool, which was initially available for free on dark web forums, has been adopted by "Mallox" ransomware group affiliates. The Kryptina platform, first released in December 2023, did not gain much attention among cybercriminals, but in May 2024, a Mallox affiliate leaked server data, revealing the use of a modified version of Kryptina to be used in Linux-based ransomware attacks.

Submitted by Gregory Rigby on

"Iranian APT Operating as Initial Access Provider to Networks in the Middle East"

"Iranian APT Operating as Initial Access Provider to Networks in the Middle East"

Mandiant further explored "UNC1860," an Iranian Advanced Persistent Threat (APT) actor that serves as an initial access provider to high-profile networks in the Middle East. According to Mandiant, UNC1860 is a state-sponsored hacking group targeting Middle Eastern government and telecommunications entities. It shares similarities with other Iran-linked threat actors and appears to be affiliated with Iran's Ministry of Intelligence and Security (MOIS). This article continues to discuss findings regarding UNC1860's operations and tools.

Submitted by Gregory Rigby on

"Russian Cyber-Attacks Home in on Ukraine's Military Infrastructure"

"Russian Cyber-Attacks Home in on Ukraine's Military Infrastructure"

According to a new mid-year cyber report from Ukraine authorities, Russian-aligned threat actors are shifting away from broad information-stealing campaigns across the country and toward cyber espionage targeting military infrastructure. Cyberattacks on Ukraine's security and defense sectors doubled between the second half of 2023 and the first half of 2024, according to an analysis by Ukraine's State Service of Special Communications and Information Protection (SSSCIP).

Submitted by Gregory Rigby on

"CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF"

"CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF"

Carnegie Mellon University's (CMU) CERT Coordination Center (CERT/CC) published an advisory for a critical flaw, discovered by Amazon Element55's Andrue Coombes, in the Microchip Advanced Software Framework (ASF). The framework is a free and open source code library used for the company's microcontrollers. According to the US semiconductor supplier, the product is for evaluation, prototyping, design, and production. CERT/CC says the issue stems from ASF's implementation of the Tinydhcp server. It enables Remote Code Execution (RCE) using specially crafted DHCP requests.

Submitted by Gregory Rigby on

"Threat Actors Shift to JavaScript-Based Phishing Attacks"

"Threat Actors Shift to JavaScript-Based Phishing Attacks"

According to security researchers at HP Wolf Security, cybercriminals are using a wider-than-ever range of malicious documents to spread malware and gain initial access to target systems.  The researchers noted that attackers are now prioritizing script-based phishing techniques over approaches based on traditional malicious documents.  The researchers found that 39.23% of malware deliveries came from an archive file in the second quarter of 2024, compared to 27.89% in the previous reported period.  

 

Submitted by Adam Ekwall on
Subscribe to