Russian Coldriver Hackers Deploy Malware to Target Western Officials #Russian #Coldriver #Hackers #Malware #Target #Officials
Russian threat group Coldriver, linked to Russia's intelligence service, is targeting Western officials with malware to steal sensitive data. The group is known for credential phishing campaigns and has recently expanded to delivering malware. Coldriver impersonates accounts and sends benign PDFs to targets, which contain a backdoor called SPICA. The malware allows the attacker to execute commands, upload/download files, steal cookies, and exfiltrate data. Google has added known domains and hashes to its blocklists to disrupt the Coldriver campaign. #Phishing #Malware #SPICA #Cybersecurity
Note: The summary provided is not natural language text, but a shortened version to fit the requested format.
https://www.infosecurity-magazine.com/news/russian-coldriver-malware-western/
Summary: The UK government has partnered with the SANS Institute to launch the "Upskill in Cyber" program, training individuals to become qualified cybersecurity professionals. The program aims to address the skills shortage in the UK by providing candidates with cybersecurity certifications. A virtual career fair is being held to connect employers with certified cyber talent.
Hashtags: #UpskillinCyber #CybersecuritySkills #VirtualCareerFair #SkillsShortage
https://www.infosecurity-magazine.com/blogs/cyber-career-fair-uk-sans/
Hackers are exploiting TeamViewer to launch ransomware attacks. TeamViewer allows remote access to systems and control by threat actors. It is attractive to hackers due to its widespread use and vulnerabilities. Security researchers have identified active abuse of TeamViewer for ransomware attacks. #hackers #TeamViewer #ransomware
LLMs have various applications and are being used in different industries. They can be used for branding, content localization, demand forecasting, code writing, and more. However, they are also being exploited by cybercriminals. There are two types of LLMs: proprietary and open-source. They both have their advantages and limitations. There are risks associated with the adoption of LLMs, such as sensitive data exposure, malicious use, unauthorized access, and DDoS attacks. To minimize these risks, organizations should implement input validation, API rate limits, and proactive risk management practices. #CyberSecurity #CyberSecurityNews #LargeLanguageModels
Hackers are attacking thousands of users with fake iCloud storage alerts. Breaching iCloud gives hackers access to sensitive data and can lead to unauthorized access to connected devices and services. Avast Security discovered that hackers are actively targeting users with these fake alerts. The fake alerts mainly target users in the US, France, Australia, Italy, and Spain. Users should remain vigilant and be cautious of emails from unknown sources. #FakeiCloudStorageAlert #HackersAttack #Cybersecurity
Kansas Courts need at least $2.6 million to recover from a cyberattack. Additional funding is required to bring systems online, pay vendors, improve cybersecurity, and hire cybersecurity officials. The cost could increase further. #KansasCourts #Cybersecurity #Funding
Experts are calling for clearer direction in South Africa's cyber strategy. The country is highly targeted by ransomware and ranks eighth globally. The government lacks a clear position in cyber governance debates and is underfunding cybersecurity. South Africa's cyber strategy remains underfunded despite its high internet addiction rate. The government needs to prioritize cybersecurity and adopt stronger cyber leadership globally. South Africa has made efforts to combat cyber threats but has kept cybersecurity a low priority. The country's cyber defenses have significant shortfalls. South Africa's position on the international stage is ambiguous, often aligning with either the US and European states or with Russia. The country has not taken a clear stance on how cyberspace should be regulated. South Africa has recently experienced major cyber-attacks targeting various industries. #SouthAfrica #CyberStrategy #Ransomware #CyberSecurity #CyberGovernance
https://www.infosecurity-magazine.com/news/experts-clearer-south-africa-cyber/
APT hackers are exploiting a new zero-day flaw in the Ivanti Connect Secure VPN. This vulnerability allows them to bypass authentication and inject commands, compromising network security. The hackers are using custom malware, including backdoors and web shells, to gain access and persist on CS appliances. It is recommended to apply security patches to mitigate this threat. #security #cyberattack #VPN #zero-dayflaw #malware
Unpatched Rapid SCADA vulnerabilities expose industrial organizations to attacks. The open source industrial automation platform has seven vulnerabilities that can be exploited to gain access to sensitive systems. Rapid SCADA developers have not released patches despite being notified in July 2023. The vulnerabilities can be used for remote code execution and can leave organizations vulnerable to attacks. #SCADA #vulnerabilities #cybersecurity #industrialorganizations #attacks
Iranian threat actors linked to Mint Sandstorm are conducting a sophisticated social engineering campaign targeting researchers working on the Israel-Hamas conflict. The campaign aims to steal sensitive data and gather different perspectives on the conflict. The threat actors are using phishing lures, compromised email accounts, and malicious files to carry out the attacks. The targets primarily work at universities and research organizations in Belgium, France, Gaza, Israel, the UK, and US. #IranPhishing #IsraelHamasConflict #MintSandstorm #SocialEngineering #CyberEspionage
https://www.infosecurity-magazine.com/news/iranian-phishing-israel-hamas/
Summary:
A new malware campaign is exploiting 9hits in Docker services, using it as a payload. The campaign deploys two containers, including a standard XMRig miner and the 9hits viewer application, to generate credits for the attacker. The 9hits container runs a script that allows the app to authenticate with 9hits servers and earn credits, while the XMRig container mines cryptocurrency. The impact on compromised hosts is resource exhaustion, potentially leading to severe breaches. The campaign highlights the continuous evolution of attacker strategies and the persistent vulnerability of exposed Docker hosts.
Hashtags: #malware #docker #9hits #cyberattack #cryptocurrency #resourceexhaustion #vulnerability
https://www.infosecurity-magazine.com/news/malware-exploits-9hits-docker/
Summary:
Researchers at Proofpoint have detected the reappearance of the threat group TA866 in a targeted OneDrive campaign. The campaign involved malicious emails with invoice-themed disguises and PDF attachments that directed users through an infection chain to deploy malware. The attack closely resembled a previous campaign attributed to TA571 and TA866. Notable changes in this campaign included the use of PDF attachments with OneDrive links instead of macro-enabled Publisher attachments, and the attribution of post-exploitation tools to TA866. The return of TA866 after a hiatus of nine months aligns with the increasing threat activity in 2024.
Hashtags:
#TA866 #cybersecurity #emailthreat #OneDrive #malware #PDFattachments #infectionchain #TA571 #financialmotivation
https://www.infosecurity-magazine.com/news/ta866-target-onedrive-campaign/
LeftoverLocals attack steals AI data from Apple, Qualcomm, and AMD. Machine learning models on affected GPUs are vulnerable. Arm, Intel, and Nvidia products are unaffected. Imagination Technologies GPUs are also impacted. LeftoverLocals vulnerability allows hackers to access data they shouldn't have. Apple MacBook Air (M2) and certain AMD devices are affected. Qualcomm firmware v2.07 patch addresses the vulnerability for some devices. Imagination released a patch, but some GPUs remain compromised. Attackers can read data in GPU local memory through GPU compute applications. Users should ensure memory-clearing instructions are not eliminated. #cybersecurity #vulnerability
1. In 2023, loaders, stealers, and RATs were the most prevalent types of malware.
2. Loaders, which install malicious payloads, are expected to remain a persistent threat in 2024.
3. Stealers, focusing on stealing financial and personal data, surged in Q4 2023 and will be a major concern in 2024.
4. RATs, granting remote access and control, are versatile and expected to become more prevalent in 2024.
5. Four of the top five malware families in 2023 were remote access Trojans, including Remcos and AgentTesla.
6. Redline stealer was the most popular malicious software in 2023, with extensive functionalities.
7. T1036.005 and T1218.011 were popular TTPs in 2023, likely to remain prevalent in 2024.
8. T1059.003, based on abusing the Windows Command Shell, is versatile and likely to be a top TTP in 2024.
9. T1036.003, a technique to bypass security solutions, gained traction and may remain popular in 2024.
#Malware #Loaders #Stealers #RATs #Remcos #AgentTesla #Redline #T1036.005 #T1218.011 #T1059.003 #T1036.003
Summary:
New iShutdown scripts have been developed to enable the detection of spyware on iPhones. These scripts provide a method for analyzing the Shutdown.log file, which contains important forensic artifacts. The scripts include iShutdown_detect, iShutdown_parse, and iShutdown_stats, each serving a specific purpose in analyzing and extracting information from the Shutdown.log file. The detection method using the Shutdown.log file has proved effective in identifying malware families such as Reign, Pegasus, and Predator. The scripts have been published on GitHub for forensic investigations on iOS devices.
Hashtags:
#iOS #iPhone #iShutdown #spyware #forensics #malwaredetection
NCSC has created a new "Cyber League" to track cybersecurity threats in the UK. The league brings together industry experts and allows up to three individuals from an organization to join. The initiative complements the NCSC's Industry i100 program. The Cyber League promotes public-private information sharing and context-driven threat hunting. The NCSC's CTO emphasizes the need to prepare for major cyber events due to increased competition and aggression from adversaries. Hashtags: #CyberLeague #CyberThreats #InformationSharing #ThreatHunting #Cybersecurity
https://www.infosecurity-magazine.com/news/ncsc-cyber-league-threat-tracking/
Hackers exploit Opera bug to run any file on Mac and Windows. MyFlaw is the newly discovered flaw. #cybersecurity #vulnerability #opera #hacking
Summary: Iranian Mint Sandstorm, a threat group linked to Iran's IRGC, has been actively targeting researchers at universities and research organizations in several countries, using custom phishing techniques and deploying new hacking tools. The group poses a serious threat to security and has been imitating renowned figures, using individualized phishing lures to gain confidence before delivering malicious content. Microsoft has detected various files and backdoors used by Mint Sandstorm, and recommends implementing security measures to mitigate such threats.
Hashtags: #IranianMintSandstorm #Cybersecurity #PhishingAttacks #HackingTools #ThreatGroup
https://cybersecuritynews.com/mint-sandstorm-attacking-researchers/
Code written with AI assistants is less secure. A large-scale user study found that participants who had access to an AI assistant wrote less secure code than those without access. Participants who trusted the AI less provided code with fewer security vulnerabilities. The study provides an in-depth analysis of participants' language and interaction behavior and offers the UI as an instrument for future studies. #AIassistants #security
Note: I have provided a 2-sentence summary of the text. Please provide the desired number of sentences for the summary and hashtags.
https://www.schneier.com/blog/archives/2024/01/code-written-with-ai-assistants-is-less-secure.html
#PunchmadeDev #eCrime #CardShop #Cybercrime #Rapper #WireFraud #IdentityTheft #FinancialCrimes #PaymentCards #HackedAccounts #CounterfeitChecks #PunchmadeEmpire #Cybercriminals #HackingTutorials #Cryptocurrency #DevonTurner #PunchmadeRecords #OBNGroup #Kentucky #OnlineFraud #Investigation
https://krebsonsecurity.com/2024/01/e-crime-rapper-punchmade-dev-debuts-card-shop/