1. NightEagle APT Exploits Zero-Day in Microsoft Exchange to Target Chinese Defense and Tech Sectors Overview A new advanced persistent threat group, dubbed NightEagle (also called APT-Q-95), is being linked to a string of attacks. These attacks are targeting Microsoft
1. Hackers Exploit TikTok Videos to Spread Vidar and StealC Malware Via ClickFix Technique Overview Cybercriminals just recently adapted the ClickFix social engineering technique. It’s a technique that helps with spreading malwares, Vidar and StealC, as it uses TikTok videos
DragonRank Targets IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects Overview Reports assert there has been a brand new wave of cyberattacks attacking Asian Internet Information Services (IIS). The attackers are suspected to be Chinese-speaking as they
Evolving Strategies for Managing Expanding Attack Surfaces Overview As remote work gained incredible traction and an already-existing digital transformation accelerated, the domain of attack surface management, as previously understood, has changed profoundly. Modern infrastructures are normally spread over multiple endpoints, cloud services
Palo Alto Networks Warns of Potential RCE Vulnerability in PAN-OS Management Interface Overview Palo Alto Network has disclosed a potential RCE vulnerability in the PAN-OS management interface. Information is still scarce on this particular vulnerability, but we are monitoring it
New Android Malware ‘ToxicPanda’ Conducts Fraudulent Money Transfers Overview In the latest news, this Android banking malware, dubbed ToxicPanda, has been discovered, targeting 1,500+ Android devices. The malware is designed to assist with a type of fraud scheme known as on-device fraud (ODF),
New LightSpy Spyware Variant Poses Increased Threat to iPhone Users Overview Recent analysis reveals an enhanced version of the iOS spyware, LightSpy. It targets iPhones with advanced surveillance features and destructive capabilities. Basically, detected for the first time in 2020, LightSpy is
Evasive Panda Exploits CloudScout Toolset to Hijack Cloud Service Sessions in Taiwan Overview A recent cybersecurity report disclosed an advanced cyber espionage campaign conducted by the China-affiliated threat actor, Evasive Panda, deploying a novel malware toolset called CloudScout. The operation targets government and religious
Chinese Nation-State Hackers APT41 Target Gambling Industry for Financial Gain Overview The Gambling and Poker industry experienced a sophisticated cyber attack last month, orchestrated by the notorious Chinese nation-state group APT41 ( AKA Brass Typhoon, Earth Baku, Wicked Panda or Winnti). This
Hackers Exploit EDRSilencer to Evade Security Detection Overview Threat actors have been observed abusing the EDRSilencer tool as part of their bypass techniques against endpoint detection and response (EDR) solutions to carry out attacks against targeted organizations successfully. EDRSilencer is an open-source
