North Korea’s Lazarus Group Targets Critical Infrastructure with New Malware Variant
In its third major campaign this year, North Korea’s Lazarus Group is targeting healthcare entities and infrastructure backbone companies.
Read More
4 ways that ChatGPT is a clear and present threat to cybersecurity
Organizations that have not yet factored generative AI technologies into their cyber risk matrix might want to do so quickly. Security concerns related to the use of ChatGPT have exploded since Microsoft-backed OpenAI released the AI chatbot in November 2022. ChatGPT set a record of sorts for the fastest adoption of a new technology soon […]
Read More
Chinese APT actor targeting unpatched SonicWall devices in credential stealing campaign
New attacks are similar to those that other China-backed actors have carried out in recent years as part of cyber espionage and data theft campaigns against US companies. A likely China-based threat actor is targeting unpatched SonicWall Secure Mobile Access 100 Series (SMA100) devices with highly persistent malware for stealing user credentials and providing the […]
Read MoreAPT37 using South Korea stampede themed lure to exploit new IE zero-day flaw
Microsoft patched flaw after Google TAG researchers reported it to the company in October. Microsoft has patched a zero-day vulnerability in Internet Explorer’s Jscript engine after researchers from Google’s Threat Analysis Group (TAG) informed the company about seeing North Korea’s APT37 group using it in attacks against South Korean targets. The zero-day flaw (CVE-2022-41128) stems […]
Read MoreDestructive “CryWiper” disk-wiping malware is on the loose
Tool masquerades as ransomware but overwrites and destroys data making it unrecoverable, Kaspersky warns Security researchers at Kaspersky have spotted a new disk wiping malware tool dubbed CryWiper landing on target systems, disguised as ransomware. So far, researchers at the security vendor have only observed the operator of the malware deploy CryWiper in “pinpoint attacks” […]
Read MoreAugust intrusion into LastPass development environment results in 2nd breach
Password management company says a threat actor used information from previous breach to access customer information. When a threat actor manages to gain access to an organization’s software development environment, bad things can happen. The latest to learn that lesson the hard way is password management vendor LastPass which in August 2022 experienced an incident […]
Read MoreMagecart actors ramp up exploit attempts against Magento/Adobe Commerce vulnerability
Sansec says it has observed more probes in November against the now-patched zero-day flaw (CVE-2022-24086) than the rest of the year combined. Seven threat groups affiliated with the Magecart cybercrime syndicate have begun heavily targeting a critical, arbitrary code execution vulnerability in the Magento 2 and Adobe Commerce platform that powers tens of thousands of […]
Read More7 vulnerabilities that federal agencies MUST address by Nov 29
Four of the vulnerabilities are Windows zero-day bugs that Microsoft disclosed in its November security update; three affect Samsung mobile devices. The US Cybersecurity and Infrastructure Security Agency’s (CISA) Binding Operational Directive 22-01 issued in Nov. 2021 requires all federal civilian executive branch agencies to address software bugs that are listed in CISA’s Known Exploited […]
Read MoreAustralian Federal Police say Russian threat actor behind Medibank breach
“We will be holding talks with Russian law enforcement about these individuals,” AFP Commissioner says [300 words]. What: The Australian Federal Police (AFP) has identified the threat actor behind the catastrophic attack on health-insurer Medibank as being a Russia-based group. In a statement Friday, AFP Commissioner Reece Kershaw said that investigators had managed to trace […]
Read MoreRussia’s Iridium group deploying new ransomware payload
Prestige ransomware marks dangerous shift in strategy for threat actor Microsoft says [299 words]. What: Security researchers at Microsoft have spotted Russia-based threat group Iridium dropping a new ransomware payload dubbed “Prestige” on systems belonging to organizations in Ukraine and Poland. The Prestige campaign marks a broadening of focus for Iridium from its usual destructive […]
Read More