ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC
The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor’s capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. ChamelGang was first outed by Russian cybersecurity firm Positive Technologies in September 2021,
Fuite de données : le gouvernement Suisse s’inquiète !
Le gouvernement suisse a récemment averti la population que des données opérationnelles gouvernementales pourraient avoir été compromises lors d’une attaque visant une société informatique. Cette attaque, revendiquée par le groupe de rançongiciels Play, a visé Xplain, une société suisse fournissant des services à plusieurs agences fédérales du pays.
Activities in the Cybercrime Underground Require a New Approach to Cybersecurity
As Threat Actors Continuously Adapt their TTPs in Today’s Threat Landscape, So Must You Earlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground. The research stems from an analysis of Cybersixgill’s collected intelligence items throughout 2022, gathered from the deep, dark and clear web. The report examines the continuous
Nouvelle technique d’attaque utilisant OpenAI ChatGPT pour distribuer des packages malveillants
Les chercheurs ont récemment découvert une nouvelle technique d’attaque qui exploite les capacités du modèle de langage OpenAI ChatGPT. Cette technique permet aux attaquants de distribuer des packages malveillants dans les environnements de développement.
20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona
The U.S. Department of Justice (DoJ) on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa. Ruslan Magomedovich Astamirov, 20, of Chechen Republic has been accused of perpetrating at least five attacks between August 2020 and March 2023. He was […]
Les dernières mises à jour de sécurité de Microsoft : protégez-vous contre les vulnérabilités
Microsoft a récemment publié ses mises à jour mensuelles. Le lot de correctifs de juin 2023 résout un total de 78 failles, dont 38 pouvant potentiellement entraîner l’exécution de code à distance.
Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack
Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is yet to be assigned a CVE identifier, also concerns an SQL injection vulnerability that « could lead to escalated privileges and potential unauthorized access to the environment. » The
Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency
Ransomware actors and cryptocurrency scammers have joined nation-state actors in abusing cloud mining services to launder digital assets, new findings reveal. « Cryptocurrency mining is a crucial part of our industry, but it also holds special appeal to bad actors, as it provides a means to acquire money with a totally clean on-chain original source, » blockchain […]
Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway
A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway (ESG) appliances since October 2022. « UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People’s Republic of China, » Google-owned Mandiant said in a new report published today, […]
Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities
The threat actors behind the Vidar malware have made changes to their backend infrastructure, indicating attempts to retool and conceal their online trail in response to public disclosures about their modus operandi. « Vidar threat actors continue to rotate their backend IP infrastructure, favoring providers in Moldova and Russia, » cybersecurity company Team Cymru said in a new analysis […]