cybersecurity incident response – Page 3

From The Hacker News – Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware

A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases. The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw

shaikh Saqib February 20, 2025

News

From The Hacker News – Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks

The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor's malicious payload into an external process, waitfor.exe,

shaikh Saqib February 18, 2025

News

From Cyber Security News – SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild Following PoC Release

A critical authentication bypass vulnerability in SonicWall firewalls, tracked as CVE-2024-53704, is now being actively exploited in the wild, cybersecurity firms warn. The surge in attacks follows the public release…

shaikh Saqib February 16, 2025

News

From The Hacker News – Microsoft: Russian-Linked Hackers Using ‘Device Code Phishing’ to Hijack Accounts

Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas

shaikh Saqib February 14, 2025

News

From The Hacker News – North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks

A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors. The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet

shaikh Saqib February 13, 2025

Articles

From Schneier on Security – DOGE as a National Cyberattack

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of…

shaikh Saqib February 13, 2025

News

From Security Week – Cisco Says Ransomware Group’s Leak Related to Old Hack

[[{"value":"A fresh post on the Kraken ransomware group’s leak website refers to data stolen in a 2022 cyberattack, Cisco says. The post Cisco Says Ransomware Group’s Leak Related to Old…

shaikh Saqib February 12, 2025

News

From Cyber Security News – Hackers Exploiting Ivanti Connect Secure RCE Vulnerability to Install SPAWNCHIMERA Malware

A critical vulnerability in Ivanti Connect Secure (CVE-2025-0282) is being actively exploited by multiple threat actors to deploy an advanced malware variant known as SPAWNCHIMERA. This vulnerability, disclosed in January…

shaikh Saqib February 12, 2025

News

From Cyber Security News – Penetration Testers Arrested by Police During Authorized Physical Penetration Testing

A routine physical penetration test conducted by cybersecurity professionals took an unexpected turn when armed police arrested two security experts during a simulated breach at a corporate office in Malta.…

shaikh Saqib February 10, 2025