The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asyncshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis […]
Category Archives: Uncategorized
Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice. Go to Source Author: Nate Nelson, Contributing Writer
A local government resource for helping Japanese citizens cut ties with organized crime was successfully phished in a tech support scam, and could have dangerous consequences. Go to Source Author: Dark Reading Staff
While the need for cybersecurity talent still exists, the budget may not. Here’s how to maximize security staff despite hiring freezes. Go to Source Author: Karen Spiegelman, Features Editor
The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis […]
Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future’s Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as […]
At least 97 major water systems in the US have serious cybersecurity vulnerabilities and compliance issues, raising concerns that cyberattacks could disrupt businesses, industry, and the lives of millions of citizens. Go to Source Author: Robert Lemos, Contributing Writer
A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection. “The attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a Go to […]
The scale of Beijing’s systematic tapping of private industry and universities to build up its formidable hacking and cyber-warfare capabilities is larger than previously understood. Go to Source Author: Jai Vijayan, Contributing Writer
Building on its broad security portfolio, Microsoft’s new exposure management is now available in the Microsoft Defender portal with third-party-connectors on the way. Go to Source Author: Jeffrey Schwartz, Contributing Writer