admin

admin

  • Joined: September 10, 2024
  • Articles: 8132

Experts Reveal Year-Long Cyber Assault on IT Firm Using Custom Malware RDStealer

A sophisticated cyber attack targeting an East Asian IT company involved the use of a custom malware, RDStealer, developed in Golang. “The operation spanned over a year, aimed at stealing credentials and data,” stated Bitdefender security researcher Victor Vrabie in a report shared with The Hacker News. Evidence from the Romanian cybersecurity firm indicates that the operation, dubbed RedClouds, began in early 2022 and reflects the interests of China-based threat actors. Initially, the campaign utilized common remote access and post-exploitation tools such as AsyncRAT and Cobalt Strike, but it later shifted to custom malware in late 2021 or early 2022 to evade detection. A key evasion strategy involved using Microsoft Windows folders typically excluded from security scans, like System32 and Program Files, to conceal the malware.

Experts Uncover Extended Cyber Attack Targeting East Asian IT Firm with Custom Malware RDStealer June 20, 2023 In a significant security breach, cybersecurity experts have revealed a prolonged and sophisticated cyber attack on an information technology firm located in East…

NY Man and Company Ordered to Pay $228M in Ponzi Scheme Settlement

Blockchain & Cryptocurrency, Cryptocurrency Fraud, Fraud Management & Cybercrime Highlights: Coinbase’s Misconfigured Smart Contract, GMX Repayment Plans Rashmi Ramesh (rashmiramesh_) • August 21, 2025 Image: Shutterstock Each week, Information Security Media Group compiles notable cybersecurity incidents in the realm of…

BREAKING: Law Enforcement Dismantles 7,000-Device Botnet Fueled by IoT and End-of-Life Systems in U.S. – Joint Dutch Operation

May 09, 2025
IoT Security / Network Security

In a coordinated effort, Dutch and U.S. authorities have successfully dismantled a vast proxy network powered by thousands of compromised Internet of Things (IoT) and end-of-life (EoL) devices. This botnet was exploited to provide anonymity for malicious activities. In addition to seizing the domains associated with the operation, the U.S. Department of Justice (DoJ) has charged Russian nationals Alexey Viktorovich Chertkov, 37; Kirill Vladimirovich Morozov, 41; Aleksandr Aleksandrovich Shishkin, 36; and Kazakhstani national Dmitriy Rubtsov, 38, for profiting from the proxy services. The DoJ revealed that users subscribed to the service for monthly fees between $9.95 and $110, resulting in over $46 million in revenue for the criminal network, which is believed to have been active since 2004.

Breaking: Criminal Proxy Botnet Utilizing IoT and End-of-Life Devices Dismantled in Collaborative U.S.-Dutch Operation On May 9, 2025, a significant joint operation by Dutch and U.S. law enforcement successfully dismantled a sophisticated criminal proxy network that exploited thousands of compromised…

Thrive Introduces Network Detection and Response Solutions

BOSTON, Aug. 21, 2025 (GLOBE NEWSWIRE) — Thrive, a prominent global provider of technology outsourcing specializing in cybersecurity, cloud services, and traditional managed services, has unveiled a new Network Detection and Response (NDR) service aimed at bolstering cybersecurity for businesses.…

295 Malicious IPs Coordinate Brute-Force Assaults on Apache Tomcat Manager Interfaces

Date: June 11, 2025
Category: Network Security / Threat Intelligence

Threat intelligence firm GreyNoise has issued a warning about a “coordinated brute-force activity” aimed at Apache Tomcat Manager interfaces. On June 5, 2025, a significant uptick in brute-force and login attempts was observed, suggesting an organized effort to “identify and access exposed Tomcat services at scale.” A total of 295 unique malicious IP addresses were detected executing brute-force attempts against Tomcat Manager. In the last 24 hours alone, 188 unique IPs have been recorded, predominantly from the United States, the United Kingdom, Germany, the Netherlands, and Singapore. Furthermore, 298 IPs were noted conducting login attempts against Tomcat Manager instances, with all 246 flagged IPs in the past day classified as malicious and hailing from the same locations.

295 Malicious IPs Initiate Coordinated Brute-Force Attacks on Apache Tomcat Manager June 11, 2025 Network Security / Threat Intelligence GreyNoise, a prominent threat intelligence organization, has issued an alert regarding significant coordinated brute-force attacks aimed at Apache Tomcat Manager interfaces.…

Google Issues Android Security Patch to Address 3 Actively Exploited Vulnerabilities

Date: July 7, 2023

In its latest security update, Google has addressed 46 new vulnerabilities in the Android operating system, highlighting three that are actively exploited in targeted attacks. Notably, CVE-2023-26083 pertains to a memory leak issue in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall architectures. This vulnerability was previously exploited in December 2022, allowing spyware to infiltrate Samsung devices. Its severity prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching directive for federal agencies in April 2023. Additionally, CVE-2021-29256 represents a high-severity flaw affecting certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers, enabling an unprivileged user to access sensitive data and escalate privileges to the root level.

Google Addresses Critical Vulnerabilities in Latest Android Update On July 7, 2023, Google rolled out its monthly security updates for the Android operating system, patching a total of 46 newly identified vulnerabilities. Notably, three of these vulnerabilities have been confirmed…

The Enduring Issue: Why Exposed Credentials Go Unaddressed—and Solutions for Change

May 12, 2025
Secrets Management / DevSecOps

Detecting leaked credentials is only part of the solution. The real challenge—and often the overlooked aspect—is the follow-up after detection. New insights from GitGuardian’s State of Secrets Sprawl 2025 report highlight a concerning trend: a significant number of exposed company secrets found in public repositories remain active for years post-discovery, expanding the attack surface that many organizations neglect. GitGuardian’s analysis of public GitHub repositories reveals that a worrisome percentage of credentials identified as far back as 2022 are still valid today. “Detecting a leaked secret is just the beginning,” notes GitGuardian’s research team. “The true test is prompt remediation.”

Understanding Why Exposed Secrets Persist

This ongoing validity raises two alarming possibilities: either organizations are oblivious to their exposed credentials (indicating a security visibility issue)…

The Persistence Problem: The Ongoing Risk of Exposed Credentials and Strategies for Mitigation May 12, 2025 In the realm of cybersecurity, identifying leaked credentials marks only the initial phase of a much larger challenge. The critical follow-up—how organizations manage and…

Ex-Black Basta Members Employ Microsoft Teams and Python Scripts in 2025 Cyber Attacks

June 11, 2025
Ransomware / Cybersecurity

Former affiliates of the Black Basta ransomware group are reportedly sticking to familiar tactics, utilizing email bombing and Microsoft Teams phishing to gain sustained access to targeted networks. Recent reports from ReliaQuest, shared with The Hacker News, reveal that attackers have begun incorporating Python script execution along with these methods, using cURL requests to retrieve and deploy malicious payloads. This evolution indicates that threat actors are adapting and reorganizing despite challenges faced by the Black Basta identity following the public leak of its internal communications earlier this February. The cybersecurity firm found that 50% of Teams phishing incidents recorded between February and May 2025 originated from onmicrosoft[.]com domains, with breached domains contributing to 42% of all attacks during that timeframe. This approach proves particularly stealthy, enabling attackers to masquerade as legitimate traffic.

Former Black Basta Operatives Leverage Microsoft Teams and Python in 2025 Cyber Attacks June 11, 2025 A resurgence of cybercrime tactics has emerged from erstwhile operations linked to the Black Basta ransomware group, with recent attacks revealing a continued reliance…