Barracuda Networks reports 2023 spear phishing trends. New Mirai malware uses low-complexity exploits to expand its botnet in IoT devices. Kimsuky's tailored reconnaissance tools. CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Legion malware upgraded for the cloud. Blacktail, a new ransomware group using recycled ransomware. GoldenJackal, an APT quietly active since 2019.
BlackCat ransomware group uses signed kernel driver to evade detection. AhRat exfiltrates files and records audio on Android devices. ChatGPT-themed fleeceware. Trends and threats in API protection.Lemon Group's pre-infected devices. An update on RedStinger (a.k.a. CloudWizard). Python Package Index temporarily suspended new user and new project registration due to a spike in malicious activity. UNC3944 uses SIM swapping to gain access to Azure admin accounts. CISA adds three Apple vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Lancefly, a new APT with a custom backdoor. Man in the middle phishing attacks are on the rise. Ransomware report: targeting and classification. CISA and FBI release a joint report on PaperCut NG/MF vulnerability exploitation. The Five Eyes disrupt Russia's FSB Snake cyberespionage malware with an interesting tool. A work-around for a March patch. Seven entries added to CISA's Known Exploited Vulnerabilities Catalog. Remote code execution exploits Ruckus in the wild.
PaperCut vulnerability detection methods can be bypassed and Iranian threat actors have joined the fray. CACTUS, a new ransomware leveraging VPNs to infiltrate its target. A new Akira ransomware campaign spreads. Meta observes and disrupts new NodeStealer malware campaign. ReconShark, a new reconnaissance tool deployed in DPRK spearphishing attacks. APT41 subgroup Earth Longzhi uses new techniques to bypass security products. Phishing reports increased by 34% in one year as did phishing with man-in-the-middle attacks.
CISA releases ICS advisory for 10 Mitsubishi Electric automation products. CISA added three exploited vulnerabilities to its catalog. ViperSoftX info-stealer now targets password managers as well as cryptowallets. LOBSHOT, a cryptowallet stealer abusing Google Ads. Known CCTV vulnerability is currently being exploited. FDA warns of vulnerability affecting biomedical devices.