Four victims of Pegasus spyware in the UK have this week filed a criminal complaint with the Metropolitan Police.
This blog post is a response to an investigative news report about a large-scale law-enforcement attack that managed to de-anonymize a user of an old version of the long-retired app Ricochet. This blog post aims to provide insight into what we know so far. Nothing that the Tor Project has learned about this incident suggests that Tor Browser was attacked or exploited. Tor users can continue to use Tor Browser to access the web securely and anonymously.
It lets attackers control Macs remotely.
A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new
Our TDR team has been investigating the WebDAV infrastructure used to distribute the Emmenhtal loader. Here are some key insights:
Following detections from our Managed Threat Detection (CyberSOC) teams, our CERT analysts were able to uncover several recent campaigns leading to CryptBot and Lumma infostealers.
Some of these campaigns are still active and target various organizations worldwide.
These campaigns leverage a little-documented loader we dubbed “Emmenhtal”, (because we are cheese lovers), which hides in the padding of a modified legitimate Windows binary and uses HTA.
Emmenhtal likely surfaced at the beginning of 2024 and is possibly being distributed by several financially motivated threat actors through various means (from traditional email phishing lures to fake videos).
IoCs can be found on our dedicated GitHub page here.
Note: The analysis cut-off date for this report was August 07, 2024.
Australian police say they have infiltrated Ghost, an encrypted global communications app developed for criminals, leading to dozens of arrests.
Europol and law enforcement from nine countries successfully dismantled an encrypted communications platform called
Operation Kraken is a sign that organized criminals are moving away from larger encrypted phone companies to a decentralized collection of smaller players and consumer access apps that the rest of us use.
(6 Months later CZAT 7 Server is offline or changed to another ip address , this post was written 6 months ago, published today 9/2/2024)
I’m a big fan of trains, i like them, but never tough that someday i would take over train traction power substation located in Poland from my home in Costa Rica.
I’m not a train expert/engineer and i had no idea how the train management works , I’m a cyber security professional doing research in the internet about OT Industrial equipment exposed potentially vulnerable or misconfigured.
Everything explained here is just what i learned reading official documentation from the Elester-pkp website . https://elester-pkp.com.pl/
Mastercard today expanded its cybersecurity services with an agreement to acquire global threat intelligence company Recorded Future from Insight Partners for $2.65 billion.
Threat actors called Vanir Ransomware Group posted a few listings in July. Tonight, however, their onion site has a seized message:
” THIS HIDDEN SITE HAS BEEN SEIZED
by the State Bureau of Investigation Baden-Württemberg as a part of a law enforcement action taken against Vanir Ransomware Group “
The cyberattack over Labor Day weekend severely hampered operations at Seattle's airport, which is managed by the Port of Seattle.
VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10.
Bluenoroff or APT38, more commonly referred to as Lazarus Group is a threat group which has been tied to the North Korean government since as early as 2009 primarily being financially motivated utilizing malware custom built for each target.
Early on, the threat group gained notoriety for cyberattacks such as Sony Pictures Hack in 2014 and $81M Bangladesh Bank heist in 2016 and in more recent years has shifted focus to targets in the cryptocurrency industry.
Analytics firms such as TRM and Chainalysis release annual reports summarizing crypto related incidents linked to DPRK and since 2017 they estimate between $3B to $4.1B has been stolen.
UNC2970 is a cyber espionage group suspected to have a North Korea nexus.
The personal information of a million individuals was leaked online following a ransomware attack that in June hit NHS hospitals in London.
Existing low-level access for security solutions will undergo a rework
Nautilus researchers identified a new Linux malware targeting Weblogic servers with running Hadooken malware
Apple’s latest theft-prevention measure went live for beta testers yesterday: Activation Lock for iPhone components. The move is likely to...
