Research Briefing
Recent Episodes
MOVEit file transfer vulnerability. Moonlighter will test cybersecurity in orbit. Criminal smishing campaign expands to the Middle East. New criminal campaign targets Android users who wish to install modified applications. Using vendor and contractor accounts to penetrate networks. Cyclops ransomware as a dual threat. NSA releases advisory on North Korean spearphishing campaigns targeting think tanks, universities, and media organizations. Backdoor-like issue found in Gigabyte firmware. Credential harvesting campaign impersonates Multimedia Software and Adobe. Mitiga discovers “significant forensic discrepancy” in Google Drive.
Barracuda Networks reports 2023 spear phishing trends. New Mirai malware uses low-complexity exploits to expand its botnet in IoT devices. Kimsuky's tailored reconnaissance tools. CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Legion malware upgraded for the cloud. Blacktail, a new ransomware group using recycled ransomware. GoldenJackal, an APT quietly active since 2019.
BlackCat ransomware group uses signed kernel driver to evade detection. AhRat exfiltrates files and records audio on Android devices. ChatGPT-themed fleeceware. Trends and threats in API protection.Lemon Group's pre-infected devices. An update on RedStinger (a.k.a. CloudWizard). Python Package Index temporarily suspended new user and new project registration due to a spike in malicious activity. UNC3944 uses SIM swapping to gain access to Azure admin accounts. CISA adds three Apple vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Lancefly, a new APT with a custom backdoor. Man in the middle phishing attacks are on the rise. Ransomware report: targeting and classification. CISA and FBI release a joint report on PaperCut NG/MF vulnerability exploitation. The Five Eyes disrupt Russia's FSB Snake cyberespionage malware with an interesting tool. A work-around for a March patch. Seven entries added to CISA's Known Exploited Vulnerabilities Catalog. Remote code execution exploits Ruckus in the wild.
PaperCut vulnerability detection methods can be bypassed and Iranian threat actors have joined the fray. CACTUS, a new ransomware leveraging VPNs to infiltrate its target. A new Akira ransomware campaign spreads. Meta observes and disrupts new NodeStealer malware campaign. ReconShark, a new reconnaissance tool deployed in DPRK spearphishing attacks. APT41 subgroup Earth Longzhi uses new techniques to bypass security products. Phishing reports increased by 34% in one year as did phishing with man-in-the-middle attacks.