February’s crippling ransomware attack against Change Healthcare, which saw prescription orders delayed across the United States, continues to have serious consequences. The cybercriminal group RansomHub published a portion of what it claims to be the many millions of patient records it stole in the attack on the dark web, including medical information, insurance records, and…

Read More

Apr 18, 2024NewsroomIncident Response / Cyber Espionage Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform. “The documents contained…

Read More

Oracle released its quarterly Critical Patch Update Advisory for April 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  Users and administrators are encouraged to review the following Critical Patch Update Advisory and apply the necessary updates:   Source link…

Read More

Apr 18, 2024NewsroomCyber Attack / Malware The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak). “FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights,” the BlackBerry…

Read More

A severe vulnerability (CVE-2024-31497) has been discovered in PuTTY, a widely used SSH and Telnet client. This flaw could allow attackers to steal users’ NIST P-521 private keys, potentially granting them unauthorized access to servers protected by those keys. Vulnerability Details The vulnerability lies in PuTTY’s generation of electronic signatures using Elliptic Curve Digital Signature…

Read More

Extended BPF emerged in the last decade as a way to interact with the Linux kernel via a sandboxed runtime layer without needing to modify the kernel itself. Now widely adopted across the industry, eBPF makes it possible to see what’s happening at kernel level in real-time, critical to cloud monitoring and security in Kubernetes…

Read More

International support for a coordinated takedown The operation, according to the statement, had begun in June 2022 after Met detectives received intelligence on LabHost from Cyber Defence Alliance (CDA), an international non-profit for cyber threat intelligence. “Once the scale of site and the linked fraud became clear the Met’s Cyber Crime Unit joined forces with…

Read More

As many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called LabHost that has been used by criminal actors to steal personal credentials from victims around the world. Described as one of the largest Phishing-as-a-Service (PhaaS) providers, LabHost offered phishing pages targeting banks, high-profile organizations, and other…

Read More

Apr 18, 2024NewsroomMobile Security / Malware A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is “notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest,” Kaspersky researcher Dmitry…

Read More

Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations. Detecting Threats in PDFs…

Read More