Recent developments surrounding the BlackCat ransomware group have raised significant concerns within the cybersecurity community, as the actors appear to have executed a strategic exit from their operations. Following the upload of a fraudulent law enforcement seizure banner, BlackCat has reportedly shuttered its darknet presence, a move indicative of a…
Void Banshee APT Exploits Microsoft MHTML Vulnerability in Information Theft Campaign An advanced persistent threat (APT) group known as Void Banshee has been detected leveraging a newly identified security vulnerability in the Microsoft MHTML browser engine. This zero-day exploit is being used to distribute an information-stealing malware known as Atlantida.…
Cyber Security Landscape Amidst Rising Threats: Insights from the 2024 Breaches Survey The recently released 2024 Cyber Security Breaches Survey paints a concerning picture for UK businesses grappling with escalating cyber threats. As the frequency and sophistication of cyber-attacks continue to rise, particularly targeting larger enterprises, organizations are increasingly challenged…
On Tuesday, Microsoft released a set of critical updates addressing a total of 90 security vulnerabilities within its software, including ten zero-day exploits. Notably, six of these zero-days are actively being leveraged in real-world attacks, raising significant concerns regarding the potential for widespread exploitation in the wild. The vulnerabilities span…
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a significant vulnerability related to Jenkins to its Known Exploited Vulnerabilities (KEV) catalog due to its exploitation in ransomware attacks. This vulnerability, designated as CVE-2024-23897 with a critical CVSS score of 9.8, is classified as a path traversal flaw that…
Cybersecurity experts have identified a significant vulnerability in Jenkins, a widely-used continuous integration and delivery platform. Attackers can exploit improperly configured Jenkins Script Console instances to facilitate malicious activities, including cryptocurrency mining. Shubham Singh and Sunil Bharti from Trend Micro recently detailed this risk, noting that misconfigurations related to authentication…
ViperSoftX Malware Exploits eBook Distribution for Stealthy PowerShell Execution The sophisticated malware known as ViperSoftX has recently been detected in a new distribution method involving the use of eBooks shared through torrent sites. Since its first identification by Fortinet in 2020, ViperSoftX has become notorious for its ability to exfiltrate…
Cyber threat actors are now actively taking advantage of a critical vulnerability that has been recently patched in Atlassian Confluence Data Center and Confluence Server software. This vulnerability has been leveraged to facilitate unauthorized cryptocurrency mining on vulnerable systems. According to Trend Micro’s researcher Abdelrahman Esmail, the attackers have employed…
New Malware Campaign Targets Japanese Organizations: A Deep Dive into the Cuckoo Spear Campaign Recent intelligence from Israeli cybersecurity firm Cybereason has unveiled a sophisticated malware campaign that poses significant threats to organizations in Japan. This operation is led by a nation-state actor from China, which has been leveraging advanced…
