Episode 299 of the Transatlantic Cable Podcast kicks off with discussion around photo-manipulation apps (aka: filters) on social media. Should they be banned or regulated? From there, discussion moves to news that a entrepreneurial 23 year old has created an AI version of herself which will be your girlfriend for $1 show more ...
In June 2022, Kaspersky researchers found a suspicious shellcode running in the memory of a system process. Based on their reconstruction of the infection chain, they determined that it originated from running an encoded PowerShell script as a task.
The vulnerability, tracked as CVE-2023-21492, impacts Samsung mobile devices running Android 11, 12, and 13 and is due to an insertion of sensitive information into log files.
European foreign affairs organizations are being targeted by a Chinese state-sponsored Camaro Dragon hacking group with a custom malware variant. This group has been found infecting residential TP-Link routers with a specialized malware called Horse Shell. Attackers can execute arbitrary commands, steal files, and even leverage the malware as a SOCKS proxy to facilitate communication between various devices.
There is a growing trend in utilizing Geacon (a Golang implementation of the Cobalt Strike beacon), to target macOS devices, revealed SentinelOne. The package appeared specifically crafted to first verify its execution on a macOS system and subsequently retrieve an unsigned 'Geacon Plus' payload from a C2 server in China.
Security researchers are warning that vulnerabilities patched in the open-source Pimcore platform could have led to the execution of arbitrary code when clicking on a link.
Microsoft has released a new report warning companies about the alarming surge in business email compromise (BEC) attacks and the evolving tactics employed by cybercriminals.
Security experts are warning of surging threat actor interest in voice cloning-as-a-service (VCaaS) offerings on the dark web, designed to streamline deepfake-based fraud.
MalasLocker emerged as a new ransomware operation, since the end of March, targeting Zimbra servers. The group gains access to servers by exploiting vulnerabilities in Zimbra software. Instead of demanding a ransom payment, MalasLocker demands a donation to a charity to provide a decryptor and prevent data leakage. show more ...
Long-running cybercrime cartel FIN7, which has made use of ransomware variants developed by groups including REvil and Maze, has added another strain to its arsenal. This time, its the Cl0p ransomware.
BulletProofLink, also referred to as BulletProftLink or Anthrax, sells access to phishing kits, email templates, hosting, and automated series "at a relatively low cost".
Financially-motivated UNC3944 gang was found using phishing and SIM swapping attacks to hijack Microsoft Azure admin accounts and gain access to virtual machines to steal data from victim organizations. The threat actor gains initial access to an Azure administrator's account by using stolen credentials obtained show more ...
The APT campaign employs a modular framework called CloudWizard. This framework is capable of taking screenshots, keylogging, and recording audio from the microphone. The CloudWizard framework comprises nine modules that enable a variety of hacking capabilities.
Check Point took the wraps off of three malicious Microsoft Visual Studio extensions on May 4, 2023, aimed at exploiting VSCode Marketplace visitors. These extensions named Theme Darcula dark, python-vscode, and prettiest java, were downloaded by Windows developers nearly 46,000 times. Actors could pilfer credentials, collect system information, and establish a remote shell on the victim's machine.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a medium-severity flaw affecting Samsung devices. The issue, tracked as CVE-2023-21492 (CVSS score: 4.4), impacts select Samsung devices running Android versions 11, 12, and 13. The South Korean electronics giant described the issue as an information disclosure flaw that could be exploited by a
The notorious cybercrime group known as FIN7 has been observed deploying Cl0p (aka Clop) ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria Tempest. "In these recent attacks, Sangria Tempest uses the PowerShell script POWERTRASH to load
The identity of the second threat actor behind the Golden Chickens malware has been uncovered courtesy of a fatal operational security blunder, cybersecurity firm eSentire said. The individual in question, who lives in Bucharest, Romania, has been given the codename Jack. He is one of the two criminals operating an account on the Russian-language Exploit.in forum under the name "badbullzvenom,"
