Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history

 Malware and Vulnerabilities

Launched in January 2022, a ransomware operation, recently dubbed Royal, was observed attacking corporations through targeted callback phishing campaigns. In the campaign, hackers pose as software providers and food delivery services prompting subscription renewals. The group has been demanding ransom in the range of $250,000 to $2 million.

 Security Tips and Advice

TLP is used to inform recipients of sensitive information on the extent to which they may share the provided data, and relies on four labels to indicate sharing boundaries that recipients can apply.

 Incident Response, Learnings

A massive trove of emails from Mexico’s Defense Department is among electronic communications taken by a group of hackers from military and police agencies across several Latin American countries, Mexico’s president confirmed Friday,

 Malware and Vulnerabilities

Mandiant discovered new espionage-related malware families—VIRTUALPITA and VIRTUALPIE—targeting VMware ESXi on Windows VMs and Linux vCenter servers— to gain persistent administrative access. VirtualPita is a passive backdoor (64-bit) that creates a listener at a hardcoded port number on a VMware ESXi server.   show more ...

VirtualPie is a Python-based backdoor that uses a daemonized IPv6 listener on a hardcoded port at the VMware ESXi server.

 Threat Actors

During the intrusion analysis of DeftTorero’s webshells, researchers noted traces suggesting that the threat actor exploited a file upload form and/or a command injection flaw in a functional or staging website hosted on the target web server.

 Trends, Reports, Analysis

About $22 trillion of global debt rated by Moody's Investors Service has "high," or "very high" cyber-risk exposure, with electric, gas and water utilities, as well as hospitals, among the sectors facing the highest risk of cyberattacks.

 Malware and Vulnerabilities

Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough.

 Feed

A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website. The scale of the

 Feed

The recently discovered Linux-Based ransomware strain known as Cheerscrypt has been attributed to a Chinese cyber espionage group known for operating short-lived ransomware schemes. Cybersecurity firm Sygnia attributed the attacks to a threat actor it tracks under the name Emperor Dragonfly, which is also known as Bronze Starlight (Secureworks) and DEV-0401 (Microsoft). "Emperor Dragonfly

 Feed

The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver (BYOVD) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter)

 Feed

A former U.S. National Security Agency (NSA) employee has been arrested on charges of attempting to sell classified information to a foreign spy, who was actually an undercover agent working for the Federal Bureau of Investigation (FBI). Jareh Sebastian Dalke, 30, was employed at the NSA for less than a month from June 6, 2022, to July 1, 2022, serving as an Information Systems Security Designer

2022-10
Aggregator history
Monday, October 03
SAT
SUN
MON
TUE
WED
THU
FRI
OctoberNovemberDecember