Technology

A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, who goes by the handle mrd0x on Twitter, the method takes advantage of […]

Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444)

An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it’s typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that the cyber crime cartel

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker

ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. According to a new report published by Trend Micro, the botnet’s “main purpose is to build an infrastructure for

The Security Service of Ukraine (SBU) said it has detained a “hacker” who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory. The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take

Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers. “By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds

As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident. Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making effective decisions. However, keeping a cool head and

The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. “The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation,” Avast researcher Martin Chlumecký said in a report published Wednesday. “One worm

In what’s yet another act of sabotage, the developer behind the popular “node-ipc” NPM package shipped a new version to protest Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users