The recent uptick in malicious cyber activity has highlighted critical sectors at risk, particularly in the realm of Critical Infrastructure Security, Cyberwarfare and Nation-State Attacks, and Fraud Management & Cybercrime. National Security Officials Share Intelligence on a Cyberespionage Campaign Mathew J. Schwartz (euroinfosec) • November 25, 2024 Chinese hackers are…
A recent phishing campaign has come to light, actively distributing remote access trojans (RATs) dubbed VCURMS and STRRAT through a malicious Java-based downloader. This attempt highlights a troubling trend in cybercrime, where attackers strategically utilize accessible cloud platforms, such as Amazon Web Services and GitHub, to host malicious content while…
Emergence of XWorm Malware Utilizing Rust-Based Injector Recent analyses reveal the rise of XWorm, a commodity malware deployed by malicious actors employing a legitimate Rust-based tool known as Freeze[.]rs. This significant development in cybercrime was flagged by Fortinet FortiGuard Labs on July 13, 2023, marking a novel attack strategy using…
Iranian Threat Actor APT34 Launches Phishing Campaign Featuring SideTwist Backdoor Recent cybersecurity reports indicate that the Iranian threat group known as APT34 has initiated a new phishing campaign directed at various sectors, leading to the deployment of a backdoor variant named SideTwist. This latest tactic highlights the group’s sophistication in…
Surge in Credential Stuffing Attacks Raises Alarm for Online Services In a recent advisory, Okta, a prominent identity and access management (IAM) service provider, has reported a significant increase in the frequency and scale of credential stuffing attacks targeting online services. These aggressive attempts are reportedly leveraging easily accessible residential…
Healthcare organizations are facing increasing cyber threats, prompting a critical need to reevaluate their security strategies, particularly concerning insider threats, cyber awareness training, and the protection of mobile applications and devices. This insight was shared by Ryan Witt, Vice President of Industry Solutions at Proofpoint, in light of findings from…
Emergence of ExelaStealer: A New Player in Cybercrime A newly identified information-stealing malware, dubbed ExelaStealer, has emerged in a saturated market already teeming with tools designed to exfiltrate sensitive information from compromised Windows systems. This evolving threat, flagged by FortiGuard Labs, showcases how cybercriminals continually adapt their tactics and tools…
In a revealing report, UK cybersecurity firm Sophos has highlighted a prolonged and intricate battle with a group of hackers based in Chengdu, China. This confrontation, which has persisted for over five years, underscores a troubling reality in the cybersecurity landscape: devices that are designed to shield organizations from cyber…
Recent reports reveal that state-sponsored hackers, associated with China, successfully compromised 20,000 Fortinet FortiGate systems globally by exploiting a critical vulnerability between 2022 and 2023. This breach appears to have far-reaching implications that were previously underestimated. The Dutch National Cyber Security Centre (NCSC) disclosed that the attackers had prior knowledge…
