Microsoft identified a new variant of BlackCat ransomware malware that uses an open-source communication framework tool to facilitate lateral movement. BlackCat, also known as Alphv, is a Russian-speaking criminal group suspected of being a successor to DarkSide and BlackMatter.
Researchers say a proxy service is routing internet traffic through unsuspecting users' systems that it turns into residential exit nodes, luring them into downloading the proxy application through offers of cracked software and games. Antivirus engines don't detect the application.
The Play ransomware group is targeting security managed service providers to gain initial access and using up to a half-decade-old vulnerabilities in security appliances, warn security researchers with Adlumin. The gang is also using intermittent encryption in a bid to avoid setting off defenses.
Multiple vulnerabilities in data center power management systems and supply technologies enable threat actors to gain unauthorized access and perform remote code injection. The attackers can chain multiple vulnerabilities to gain full access to data center systems.
Threat actors are taking control of cloud-based Microsoft 365 accounts of C-suite executives using a multifactor authentication phishing tool. Proofpoint researchers say attackers use automation to identify in real time whether a phished user is a high-level profile company official.
A recently identified security vulnerability in PaperCut print management software holds the potential for high-severity outcomes and could let unauthorized hackers run code remotely. The software is used in a wide array of environments, including large printer fleets supporting over 100,000 users.
The U.S. federal government acknowledged that it is lagging behind on border gateway protocol security practices. Officials from several government agencies, ISPs and cloud content providers organized a workshop to understand the latest security improvements underway.
The U.S. government is urging computer manufacturers to improve the security of firmware architecture that boots up devices after a powerful bootkit sparked concerns over permanent malware infections. Among its recommendations are that all UEFI developers implement dedicated PKI for updates.
A Russian espionage group attacked multiple organizations to steal credentials using Microsoft Teams chats that appear to originate from technical support. Microsoft on Wednesday attributed the campaign to a threat actor originating in the Russian Foreign Intelligence Service.
A multistage malware campaign is targeting industrial organizations in Eastern Europe with the objective of pilfering valuable intellectual property, including data from air-gapped systems. Researchers at Kaspersky identified two campaigns it has attributed to the Beijing-aligned APT31 group.
A malware downloader is spoofing Italian organizations, including the tax agency, to deliver a banking Trojan to target Italian companies, said researchers. Proofpoint callsthe downloader WikiLoader; it ultimately leads to the Ursnif banking Trojan.
Government-backed North Korean hackers are posting convincing U.S. military job recruitment documents to lure Korean-speaking victims into downloading malware staged from legitimate but compromised South Korean websites, according to security researchers.
The highly active, North Korea-linked Lazarus Group is targeting unpatched Microsoft Internet Information Services servers to escalate privileges and distribute malware. Researchers spotted the group using watering hole techniques to fool victims in South Korea.
The U.S. federal government says hacker abuse of valid credentials is the most successful method for gaining access to systems and the technique is responsible for slightly more than the half of critical infrastructure attacks that occurred over a yearlong period.
Cybercriminals are using an evil twin of OpenAI's generative artificial intelligence tool Chat GPT. It's called FraudGPT, it's available on criminal forums, and it can be used to write malicious code and create convincing phishing emails. A similar tool called WormGPT is also available.