Author Archives: Ravie Lakshmanan

A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyber espionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines.
Slovak cybersecurity firm ESET… Continue reading Chinese ‘Mustang Panda’ Hackers Spotted Deploying New ‘Hodur’ Malware→

Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia.
Attributing the attacks to a group tracked as Storm Cloud, cybe… Continue reading New Variant of Chinese Gimmick Malware Targeting macOS Users→

Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years. 
According to a new piece of research published by Avast, a crypto… Continue reading Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns→

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained “limited access” to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake o… Continue reading Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group→

The U.S. government on Monday once again cautioned of potential cyber attacks from Russia in retaliation for economic sanctions imposed by the west on the country following its military assault on Ukraine last month.
“It’s part of Russia’s playbook,” … Continue reading U.S. Government Warns Companies of Potential Russian Cyber Attacks→

Microsoft and authentication services provider Okta said they are investigating claims of a potential breach alleged by the LAPSUS$ extortionist gang.
The development, which was first reported by Vice and Reuters, comes after the cyber criminal group … Continue reading LAPSUS$ Hackers Claim to Have Breached Microsoft and Authentication Firm Okta→

Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software’s InsydeH2O and HP U… Continue reading New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems→

A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks.
According t… Continue reading New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable→

Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been deceiving unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips.
Cybersecuri… Continue reading ‘CryptoRom’ Crypto Scam Abusing iPhone Features to Target Mobile Users→

Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022.
Cybersecurity firm Trellix attributed the campaign with mode… Continue reading South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau→