Author Archives: Ravie Lakshmanan

Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process.
“The covert self-developed tool and the associated C2 commands seem … Continue reading Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update→

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released two Industrial Control Systems (ICS) advisories pertaining to severe flaws in Advantech R-SeeNet and Hitachi Energy APM Edge appliances.
This consists of three weakne… Continue reading CISA Warns of Critical Flaws Affecting Industrial Appliances from Advantech and Hitachi→

The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees.
Active since at least 2007, Winnti (aka APT41, Barium, Bronze Atlas, and Wi… Continue reading Chinese ‘Spyder Loader’ Malware Spotted Targeting Organizations in Hong Kong→

Law enforcement authorities in France, in collaboration with Spain and Latvia, have disrupted a cybercrime ring that leveraged a hacking tool to steal cars without having to use a physical key fob.
“The criminals targeted vehicles with keyless entry a… Continue reading European Police Arrest a Gang That Hacked Wireless Key Fobs to Steal Cars→

HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update to address a remote code execution vulnerability that could allow an attacker to take control of targeted systems.
Cobalt Strike is a comm… Continue reading Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software→

The threat actors behind the Black Basta ransomware family have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks.
The development marks the first time the nascent adversary simula… Continue reading Black Basta Ransomware Hackers Infiltrates Networks via Qakbot to Deploy Brute Ratel C4→

New research has disclosed what’s being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm.
“The [Office 365 Message Encryption] messages are encrypted … Continue reading Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages→

A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige.
“The activity shares victimology with recent Russian state-aligned activity, specificall… Continue reading New Prestige Ransomware Targeting Polish and Ukrainian Organizations→

Zimbra has released patches to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances.
Tracked as CVE-2022-41352 (CVSS score: 9.8), the issue affects … Continue reading Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite→

The International Criminal Police Organization, also called the Interpol, has announced the arrests of 75 individuals as part of a coordinated global operation against an organized cyber crime syndicate called Black Axe.
“‘Black Axe’ and other West Af… Continue reading INTERPOL-led Operation Takes Down ‘Black Axe’ Cyber Crime Organization→