Month: August 2024
The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. WPS Office is a productivity suite developed by the Chinese firm Kingsoft that is popular in Asia. Reportedly, it has over 500 million active users…
Read More
Image: MidjourneyThe APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates. As Microsoft security researchers observed, the threat group (also tracked as Peach Sandstorm and Refined Kitten), which operates on behalf…
Read More
Internet of Things In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors 27 Aug 2024 • , 4 min. read Outdated devices are often easy targets for attackers, especially if they have vulnerabilities that can be exploited and no patches are available due to their end-of-life status. Hacks of…
Read More
A former core infrastructure engineer at an industrial company headquartered in Somerset County, New Jersey, was arrested after locking Windows admins out of 254 servers in a failed extortion plot targeting his employer. According to court documents, company employees received a ransom email titled “Your Network Has Been Penetrated” on November 25, around 4:44 PM EST. The…
Read More
The U.S. Department of State and the Secret Service have announced a reward of $2,500,000 for information leading to Belarusian national Volodymyr Kadariya (Владимир Кадария) for cybercrime activities. The 38-year-old man is wanted for his participation in various malware and online scam operations, including the Angler Exploit Kit, for which he managed malvertising operations between…
Read More
HP will ‘continue to invest in our partners so they can take advantage of this opportunity,’ CEO Enrique Lores tells CRN in an interview. HP CEO Enrique Lores called the emerging artificial intelligence PC market “an incredible growth opportunity” for solution providers and encouraged them to leverage the computer maker’s certification resources to get ready…
Read More
The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for the operation of security solutions and making restoration harder. Though Trend Micro had warned about this functionality added on Poortry since May 2023, Sophos has…
Read More
Poortry/BurntCigar, first discovered by Mandiant, is a malicious kernel driver used in conjunction with a loader dubbed Stonestop that attempts to bypasses Microsoft Driver Signature Enforcement. Both the driver and the loader are heavily obfuscated by commercial or open-source packers, such as VMProtect, Themida or ASMGuard. The driver tries to disguise itself by using the…
Read MoreImage: MidjourneyThe APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates. As Microsoft security researchers observed, the threat group (also tracked as Peach Sandstorm and Refined Kitten), which operates on behalf…
Read More
The research firm says GenAI-powered attacks and AI-related data leaks are two growing concerns that are fueling security investments. Spending on cybersecurity-related services will continue on its growth tear in 2025 as both the cyber talent shortage and cyberattacks—including threats powered by generative AI—remain top concerns for organizations, according to Gartner. The research firm released…
Read More