Subterms
Image: Shutterstock / BLACKDAY A group of likely state-backed cyber attackers have adopted a new loader to spread five different kinds of ransomware in a bid to hide their true espionage activities. On Thursday, cybersecurity researchers from Secureworks published new research on HUI Loader, a malicious tool that criminals have used widely since 2015. Loaders […] More
Image: Getty Images/iStockphoto Cybersecurity authorities from the US, the UK, and New Zealand have advised businesses and government agencies to properly configure Microsoft’s built-in Windows command-line tool, PowerShell – but not to remove it. Defenders shouldn’t disable PowerShell, a scripting language, because it is a useful command-line interface for Windows that can help with […] More
Image: Shutterstock / fizkes Malware delivered to email accounts rose 196% in 2021 year on year, according to cybersecurity firm Trend Micro, which warns that email remains a major avenue for criminals looking to deliver malware and phish account credentials. Some 74.1% of the all threats blocked by Trend Micro in 2021 were email threats versus […] More
The Linux Foundation At the 2022 Open Source Summit in Austin, Tx, The Linux Foundation, the leading open source, non-profit group with its partners, and Snyk, a leading developer security company, released their first joint research report, The State of Open Source Security, uncovered worrying news. 41% of organizations are not confident in their open source software security. […] More
Ukrainian organizations have been subjected to new hacking attempts tailored to drop malware and malicious Cobalt Strike beacons onto their networks. On June 20, the Computer Emergency Response Team for Ukraine (CERT-UA) published two advisories on the hacking incidents, suspected of being the work of threat groups APT28 — also known as Fancy Bear — and UAC-0098.The phishing campaign, conducted by Russian advanced persistent threat (APT) APT28, sees it attempting to spread a malicious document titled, “Nuclear Terrorism A Very Real Threat” Distribution is suspected of being carried out on June 10. UAC-0098’s hacking attempts also begins with a malicious email. The phishing messages have a malware document attached, “Imposition of penalties.docx,” and its distribution has been described as “persistent” with an original compilation date of June 16. This document is also spread through a password-protected archive, fraudulently passed off as communication from Ukraine’s tax office, with the subject line: “Notice of non-payment of tax.” When opened, both documents automatically download an HTML file that initiates malicious JavaScript code containing an exploit for CVE-2022-30190. Issued a CVSS severity score of 7.8, CVE-2022-30190 is a remote code execution (RCE) vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT). The vulnerability, patched but exploited in the wild, first emerged as a zero-day flaw in May. If the target system has not been protected, victims of Fancy Bear’s attacks will find their systems infected with the CredoMap malware. According to Malwarebytes, CredoMap is an information stealer able to exfiltrate browser data, cookies, and account credentials. Older variants of the malware have previously been used by APT28 against Ukrainian targets. The tax-related doc, however, deploys Cobalt Strike beacons. Cobalt Strike is a legitimate, commercial penetration testing tool that has, unfortunately, been abused for malicious purposes by cyberattackers for many years. The tool’s beacon functionality can facilitate remote connections and can be used for the deployment of shellcode and malware. Since Russia’s invasion of Ukraine began, CERT-UA has pivoted its focus to warning against cyberthreats impacting both Ukrainian businesses and residents. Many campaigns are trying to take advantage of the situation, whether on behalf of the Russian state or just as run-of-the-mill attackers trying to make a profit. The agency has previously warned organizations of Ghostwriter phishing campaigns, Invisimole activities tied to the Russian APT Gamaredon, and frequent misinformation schemes targeting Ukraine’s residents. CERT-UA has also alerted Ukrainian media agencies to phishing campaigns, potentially conducted by the Russian Sandworm hacking group, intended to spread the CrescentImp malware. Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More
Image: Shutterstock Microsoft has revealed how artificial intelligence (AI) technologies are used in the fight against ransomware. Ransomware is one of today’s most prolific and vicious digital threats. Ransomware families including Locky, WannaCry, NotPetya, and Cerber plague consumers and businesses alike, locking up infected systems and demanding payment in return for decryption keys, which may […] More
A phishing and fraud ring that stole millions from victims after duping them into handing over usernames and passwords for their bank accounts has been broken up following an operation by Europol, the Belgian Police and the Dutch Police. Raids that took place on June 21 2022 led to nine arrests in the Netherlands, and […] More
Image: Maria Diaz/ZDNet iPhone and Mac owners could soon bid farewell to online CAPTCHA challenges that aim to test whether you’re a human. Instead, they’ll get ‘Private Access Tokens’. Apple WWDC It looks like Apple will be the first to roll out the new technology, which is included in the first betas of iOS 16 […] More
