New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts

2022-06-25 - A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities

Source: Tweakers.net, Ravie Lakshmanan

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

2022-06-25 - A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora,

Source: Tweakers.net, Ravie Lakshmanan

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

2022-06-24 - The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched,

Source: Tweakers.net, Ravie Lakshmanan

Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside

2022-06-24 - A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity

Source: Tweakers.net, Ravie Lakshmanan

Manual vs. SSPM: Research on What Streamlines SaaS Security Detection & Remediation

2022-06-23 - When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline the detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, while companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in the 2022 SaaS Security Survey Report.  The survey report,

Source: Tweakers.net, The Hacker News

Ett stort företag börjar från små.
Grundades 2015
Hi,
let's talk about your project

Innehållet i detta e-postmeddelande är konfidentiellt och avsett endast för den mottagare som anges i meddelandet.