Tag: 2024-08-20

A previously undiscovered backdoor malware, Backdoor.Msupedge, has been deployed in an attack against a university in Taiwan. This backdoor utilizes an atypical technique, communicating with a command-and-control server through DNS traffic. It receives commands by resolving structured host names, a…

Proofpoint security researchers identified an Iranian threat group known as TA453 targeting a prominent religious figure through a sophisticated social engineering campaign. The threat actors impersonated a legitimate organization and invited the target to participate in a podcast interview. Upon e…

An analysis uncovered a malicious installer dubbed 'UULoader', which employs creative techniques to evade detection, including file header stripping, side-loading legitimate executables, and obfuscation. This multi-staged approach to payload delivery proves effective at evading static detection, as…

The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…

Rapid7 observed a shift in tools utilized by threat actors in an ongoing social engineering campaign. The initial lure involves an email bombing followed by calls to users offering fake solutions. Once connected remotely, threat actors deploy payloads for credential harvesting, establishing command…

CloudSEK's threat research team uncovered a ransomware attack impacting banks and payment providers in India. The attack, initiated through a compromised Jenkins server at Brontoo Technology Solutions, is attributed to the RansomEXX ransomware group. This sophisticated threat actor employs tactics …