Criminal exploitation of MOVEit Transfer. New skimmer activity. Updates on Russia's hybrid war.
The MOVEit Transfer vulnerability. Website skimmer employed against targets in the Americas and Europe. XeGroup's recent criminal activity. Apple denies FSB allegations of collusion with NSA. Kaspersky investigates compromised devices. NoName057(16) targets Lithuania following the country’s decision to classify Russia’s actions in Ukraine as terrorism. US Department of Defense provides Starlink services to Ukraine.
Backdoor-like issue found in Gigabyte firmware. Credential harvesting campaign impersonates Multimedia Software and Adobe. Dark Pink APT active in SE Asia. Mitiga discovers “significant forensic discrepancy” in Google Drive. "Spyboy" for sale in the C2C souk. A look at Cuba ransomware. Ukrainian hacktivists count coup against the Skolkovo Foundation. FSB says NSA breached iPhones in Russia. Position spoofing and sanctions evasion.
SeroXen, a new elusive evolution of the Quasar RAT. DogeRAT, a cheap trojan targeting Indian Android users. Salesforce ghost sites. Trends in identity security. Survey finds people may be overconfident in their ability to detect deepfakes. Motivations: criminal, hacktivist, and strategic.
New Mirai malware uses low-complexity exploits to expand its botnet in IoT devices. Update on Volt Typhoon. DDoS hits government sites in Senegal. Pentagon's cyber strategy incorporates lessons from Russia's war. The EU draws lessons from Ukraine's performance against Russia. NoName disrupts British airport's system.
CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.
