Tightening Up the Cybersecurity Web: CISA Deadline for Juniper Fixes – The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies and organizations to mend several security vulnerabilities in Juniper Junos OS by November 17, 2023. – Five vulnerabilities were newly added to the Known Exploited Vulnerabilities (KEV) catalogue due to evidence of
Read More
A New Wave of Ransomware Threat: Hunters International The Rise of Hunters International Ransomware Group Move over Hive, there’s a new colony in town! The threat landscape has a new player, and it’s named Hunters International. Kicked into action with a little help from its retired friends, this new ransomware group has taken charge by
Read More
Malaysian Authorities Squash BulletProofLink, a Phishing-as-a-Service (PhaaS) Operation BulletPoints – Malaysian law enforcement dismantled a Phishing-as-a-Service operation, BulletProofLink. – The Royal Malaysian Police led the effort with support from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on November 6, 2023. – The operation was based on intel hinting the
Read More
Chinese Hacking Groups in Hot Water for Targeting Cambodian Government – Cybersecurity researchers have unveiled malicious cyber activities conducted by two prominent Chinese hacking groups targeted at Cambodian government organizations. – It is speculated that these activities are part of an extensive espionage campaign. – These actions align with the geopolitical goals of China. Behind
Read More
Lazarus Group’s Sub-cluster Sets Up Fake Skills Assessment Site to Breach Security • Lazarus Group sub-cluster associated with various names including Sapphire Sleet, APT38, BlueNoroff, CageyChameleon, and CryptoCore unveiled a new strategy in their cyber espionage campaigns. • This new infrastructure is designed to copy skills assessment portals. • The tactic shows a significant shift
Read More
Russian hacking group Sandworm targeted an electrical substation in Ukraine, causing an outage in October 2022. Google’s Mandiant described the hack as a “multi-event cyber attack” using a unique method to affect industrial control systems (ICS). The attackers used OT-level living-off-the-land (LotL) techniques initially. “Bug Alert: Sandworm’s Power Play in Ukraine” Last year, the notorious
Read More
Stealthy Backdoor “Effluence” Attacks Atlassian Confluence Data Center • A recent discovery by cyber-security researchers unveils a sneaky backdoor named Effluence that hits upon exploiting a security defect in Atlassian Confluence Data Center and Server. • Effluence serves as a permanent backdoor and remains unaffected even when patches are applied to Confluence as indicated by
Read More
Smarter Security Tools: The New Era Automation in Cybersecurity In the thrilling game of cat and mouse that is cybersecurity, companies are always hyped about finding the Merlin’s wand of security tools. If you relate more to quests and wands than security tech and jargon… well, here’s the Decoder’s Ring you’ve been hunting for! Too
Read More
Ali BABA, but Not the 40 Thieves: Iranian Cyber Activity on the Rise Main Points: – A group linked to Iran targeted numerous sectors in the Middle East in October 2023. – Iran’s cyber activities significantly surged following the onset of the Israel-Hamas war. – This surge is attributed to a threat actor known as
Read More
A Cyberwatering Hole: The Emergence of Kamran Android Spyware Main Points: – Gilgit-Baltistan website readers potentially targeted by watering hole attack. – Campaign discovered by cyber security firm ESET, involving the delivery of the previously undisclosed Kamran Android spyware. – Infested site: Hunza News (urdu.hunzanews[.]net), on mobile devices prompts users to install its app. –
Read MoreNo products in the cart.