The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack.
ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers.
Yesterday, cybersecurity vendor GTSC Cyber Security dropped a blog saying they had detected exploitation of a new Microsoft Exchange zero…
Le droit à la vie privée est de plus en plus menacé par l’utilisation de technologies numériques modernes en réseau, dont les caractéristiques en font de formidables outils de surveillance, de contrôle et d’oppression, selon un nouveau rapport de l’ONU. Il est donc essentiel que ces technologies soient encadrées par une réglementation efficace reposant sur le droit international des droits de l’homme et les normes applicables en la matière
PDF Document link
This work is the result of a collaboration with EU DisinfoLab an independent non-profit organization focused on tackling sophisticated disinformation campaigns targeting the EU.
EU DisinfoLab has during the past three months been investigating a large disinformation campaign targeting western audience with pro-Russian propaganda. While our partner has focused on the actual disinformation being spread, Qurium has looked into the technical infrastructure in use to better understand how the campaign has been setup and operated.
The complete report from EU Disinfo Lab can be found here: Doppelganger.
Below follows the results of Qurium’s digital forensics investigation and a list of more than 50 domains used in the disinformation campaign.
The Russian government is planning “massive cyberattacks” against Ukrainian critical infrastructure facilities to “increase the effect of missile strikes on electrical supply facilities,” the Ukrainian government said Monday.
For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice.
Black Lotus Labs, the threat intelligence arm of Lumen Technologies, recently uncovered a multifunctional Go-based malware developed for Windows and Linux
Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.
Espionage group begins using new backdoor that leverages rarely seen steganography technique.
In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.
The National Cyber Security Centre’s CEO Lindy Cameron delivered a keynote speech at the Chatham House security and defence conference 2022.
Lindy Cameron discussed the cyber dimension of the Russia-Ukraine conflict, focusing on what the NCSC has observed and the UK’s response.
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. BumbleBee has been identified as an initial access vector utilized by several ransomware affiliates. …
NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.
CISA received seven files for analysis. Six Java Server Pages (JSP) webshells and a Bourne Again SHell (bash) file. Five JSP webshell files are designed to parse inbound requests for commands for execution, download files, and upload files. One JSP webshell file contains a form with input fields that prompts the attacker to enter the command in the input box and click "run" to execute. The command output will be displayed in a JSP page. The bash file is designed to perform ldapsearch queries and store the output into a newly created directory.
First Coinbase, now Crypto.com. Lazarus campaign targets more crypto exchange platform job seekers with multi-stage malware.
New research shows how third-party apps could be exploited to infiltrate these sensitive workplace tools.
HUMAN's Satori Threat Intelligence and Research Team uncovered a network of 89 Android and iOS apps committing various flavors of ad fraud.
Analysis of APT28/Fancy Bear PowerPoint mouse-over campaign
Multiple self-proclaimed hacktivist groups are conducting attacks in support of Russian interests.
