Cyberattackers Exploit Google Sheets for Malware Control in Global Espionage Campaign – OfficialSarkar

Cyberattackers Exploit Google Sheets for Malware Control in Global Espionage Campaign – OfficialSarkar

Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control (C2) mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeting over 70 organizations worldwide by means of a bespoke tool called Voldemort that’s…

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns – OfficialSarkar

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns – OfficialSarkar

Aug 30, 2024Ravie LakshmananCryptojacking / Vulnerability Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances. “The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints,…

Iranian Hackers Set Up New Network to Target U.S. Political Campaigns – OfficialSarkar

Iranian Hackers Set Up New Network to Target U.S. Political Campaigns – OfficialSarkar

Aug 30, 2024Ravie LakshmananCyber Threat / Cyber Espionage Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns. Recorded Future’s Insikt Group has linked the infrastructure to a threat it tracks as GreenCharlie, an Iran-nexus cyber threat group that overlaps…

New Malware Masquerades as Palo Alto VPN Targeting Middle East Users – OfficialSarkar

New Malware Masquerades as Palo Alto VPN Targeting Middle East Users – OfficialSarkar

Aug 30, 2024Ravie LakshmananMalware / Network Security Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that disguises itself as Palo Alto Networks GlobalProtect virtual private network (VPN) tool. “The malware can execute remote PowerShell commands, download and exfiltrate files, encrypt communications, and bypass sandbox solutions, representing…

Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals – OfficialSarkar

Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals – OfficialSarkar

The most dangerous vulnerability you’ve never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others are far more nuanced, but still pose an…

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads – OfficialSarkar

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads – OfficialSarkar

Aug 30, 2024Ravie LakshmananCyber Espionage / Threat Intelligence Chinese-speaking users are the target of a “highly organized and sophisticated attack” campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. “The attackers managed to move laterally, establish persistence and remain undetected within the systems for more than two weeks,” Securonix…

A Call to Action for Securing ICS/OT Environments – OfficialSarkar

A Call to Action for Securing ICS/OT Environments – OfficialSarkar

Aug 30, 2024The Hacker NewsICS Security / OT Security A comprehensive guide authored by Dean Parsons emphasizes the growing need for specialized ICS security measures in the face of rising cyber threats. With a staggering 50% increase in ransomware attacks targeting industrial control systems (ICS) in 2023, the SANS Institute is taking decisive action by…

North Korean Hackers Target Developers with Malicious npm Packages – OfficialSarkar

North Korean Hackers Target Developers with Malicious npm Packages – OfficialSarkar

Aug 30, 2024Ravie LakshmananCryptocurrency / Malware Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating “coordinated and relentless” efforts to target developers with malware and steal cryptocurrency assets. The latest wave, which was observed between August 12 and 27, 2024, involved packages named…

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack – OfficialSarkar

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack – OfficialSarkar

Aug 29, 2024Ravie LakshmananBrowser Security / Vulnerability Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. “These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices,” Google Threat Analysis Group…

Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32 – OfficialSarkar

Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32 – OfficialSarkar

Aug 29, 2024Ravie LakshmananCyber Espionage / Malware A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster known as APT32, a Vietnamese-aligned hacking crew that’s also known as APT-C-00, Canvas Cyclone…