Researchers have observed a new post-exploitation attack framework in the wild. Manjusaka, as it's called, can be deployed as an alternative to the popular Cobalt Strike toolset — or parallel to it for redundancy.
A new report from Palo Alto's Unit 42 found it only takes 15 minutes after the publication of a new CVE for the first cybercriminals to begin scanning potentially vulnerable targets. Within a few hours, the first active exploitation attempts have already started.
Security researchers have discovered that QBot malware is now using the legitimate Windows Calculator app for DLL side-loading attacks. The method continues to be used in current malspam campaigns.
The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that locked staff out of internal systems and encrypted data. The small town of around 7,500 residents appears to be the second such target to be attacked by LockBit in just over a week.
A new version of MLNK Builder, a link generation tool popular among cybercriminals, has emerged on the dark web. The updated feature set focuses on antivirus evasion and masquerading techniques, using icons of popular legitimate applications and file formats.
Symbiote is a new Linux malware that steals users’ data and provides a backdoor to threat actors. It was discovered in June, 2022 and is characterized as a very stealthy malware. It uses a lot of evasion techniques, such as hooking functions, capturing TCP traffic and hiding its own files. It collects users' data and exfiltrates it on DNS servers.
The Knauf Group, a German-based multinational producer of construction materials, has announced that it's been the target of a cyberattack. The incident took place on the night of June 29, forcing its global IT team to shut down email systems, although communications were still possible via mobile devices and Microsoft Teams.
An ongoing heatwave in Europe has sent temperatures above 40 degrees Celsius / 110 degrees Fahrenheit. Among other problems, this has stressed cooling systems at various data centers across the continent. Oracle and Google have both had to contend with heat-related failures in their UK cloud data centers.
In April 2022, ESET researchers found a yet-unknown backdoor on macOS. It was named CloudMensis due to the fact that it uses different public cloud storage for C2 communication. CloudMensis looks for different types of documents, captures keyboard input, searches local emails and can take screen captures.
The FBI, CISA and U.S. Department of the Treasury have issued a joint advisory warning of alleged North-Korean-backed threat actors using Maui ransomware in attacks against healthcare and public health (HPH) organizations.
The Japanese video game giant Bandai Namco, known for publishing franchises like Elden Ring, Pac-Man and Tekken, has been hit by BlackCat/AlphV ransomware.
SHI International, one of the world’s 15 largest IT service providers (with over 5,000 employees and annual sales of $12.3 billion in 2021), has fallen victim to a "coordinated and professional malware attack."