German law enforcement takes down dark web giant "Kingdom Market," specializing in narcotics and malware sales to tens of thousands of users.

Beware of phishing emails with invoice-themed attachments! Attackers are using an old Office vulnerability (CVE-2017-11882) to spread the Agent Tesla

MuddyC2Go framework and custom keylogger used in attack campaign.
Iranian espionage group Seedworm (aka Muddywater) has been targeting organizations operating in the telecommunications sector in Egypt, Sudan, and Tanzania.

Seedworm has been active since at least 2017, and has targeted organizations in many countries, though it is most strongly associated with attacks on organizations in the Middle East. It has been publicly stated that Seedworm is a cyberespionage group that is believed to be a subordinate part of Iran’s Ministry of Intelligence and Security (MOIS).

At least 6000 computer systems have been impacted by the Ukrainian Blackjack-led Russian water utility cyberattack.

Judge says hacker remains a high risk through his skills and motivation to carry out cyber crime.

Operation HAECHI IV emphasizes the key role of INTERPOL in enabling police worldwide to address the growing complexity of cyber-enabled scams

ESO Solutions, a provider of software products for healthcare organizations and fire departments, disclosed that data belonging to 2.7 million patients has been compromised as a result of a ransomware attack.

Novel Terrapin attack uses prefix truncation to downgrade the security of SSH channels.

The Rhysida ransomware gang publishes 98 per cent of leaked data minutes after the ransom deadline passes – Wolverine game files included.

Qakbot, a versatile malware threat, returned after a takedown in August. The new campaign targets the hospitality industry with IRS-themed phishing emails containing malicious PDFs. Microsoft identified the attack, offering two IP addresses for blocking and a way to detect the malware's digital signature.

Our open-source vulnerability impact scoring system is now available and enhances incident response capabilities. Here's how VISS is unique.

DanaBot is a sophisticated banking trojan targeting financial institutions and their customers. Now, a new global campaign has put more users at risk.

Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used.

Data for almost 36 million customers now in the hands of unknown hackers.

The Justice Department announced today a disruption campaign against the Blackcat ransomware group — also known as ALPHV or Noberus — that has targeted the computer networks of more than 1,000 victims and caused harm around the world since its inception, including networks that support U.S. critical infrastructure.

The FBI says it has released a decryption tool allowing hundreds of ALPHV/BlackCat victims to restore their scrambled files.

The U.S.-based owner of apparel brands including Vans, Supreme and The North Face says it cannot fulfill customer orders after a cyberattack.

Using machine learning to target stockpiled malicious domains, the results of our detection pipeline tool highlight campaigns from phishing to scams.

Reconstructing the Attack from a 4th party collector’s point of view
Hamid Kashfi

[Update: December 18th, 2023]: On 18th December, Predator Sparrows launched a second
attack against the fuel distribution system in Iran, similar to their previous operation in 2021.
Since 2021, Iranian officials or third-party security vendors have not published any analysis or
technical details about the original attack, which is not unusual. Their screenshots from the
latest attacks provide some clues that only confirm our previous work, indicating connections to
the “Yaas Arghavani” company, a VSAT and POS service provider for the fuel distribution
system. The following is an old draft from December 2021, which I wrote for peer eyes rather
than public view. The original draft focused on the first attack against the fuel distribution
system. Still, some remarks remain valid and relevant to the recent attack on 18 Dec 2023, as
little has changed regarding how the system works. The same infrastructure, same suppliers,
and same 3rd party vendors, so we are likely just talking about a different attack vector and
entry point from the previous case. I will probably draft a new note about the recent attack from
scratch soon and when more details are gathered rather than updating the old speculative work.

Since it appeared in July 2022, Play ransomware has launched devastating attacks on municipalities and critical infrastructure, agencies said.