2022-06-03 - An analysis of leaked chats from the notorious Conti ransomware group earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices. "Control over firmware gives attackers virtually unmatched powers both to directly cause damage and to enable other long-term strategic goals,"
Source: Tweakers.net, Ravie Lakshmanan
2022-06-03 - The threat actor known as SideWinder has added a new custom tool to its arsenal of malware that's being used in phishing attacks against Pakistani public and private sector entities. "Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang," Singapore-headquartered cybersecurity
Source: Tweakers.net, Ravie Lakshmanan
2022-06-03 - The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of three domains used by cybercriminals to trade stolen personal information and facilitate distributed denial-of-service (DDoS) attacks for hire. This includes weleakinfo[.]to, ipstress[.]in, and ovh-booter[.]com, the first of which allowed its users to traffic hacked personal data and offered a searchable database
Source: Tweakers.net, Ravie Lakshmanan
2022-06-02 - As the threat landscape evolves and multiplies with more advanced attacks than ever, defending against these modern cyber threats is a monumental challenge for almost any organization. Threat detection is about an organization’s ability to accurately identify threats, be it to the network, an endpoint, another asset or an application – including cloud infrastructure and assets. At scale, threat
Source: Tweakers.net, The Hacker News
2022-06-02 - As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns. Called Ransomware for IoT or R4IoT by Forescout, it's a "novel, proof-of-concept ransomware that exploits an IoT device to gain access and move laterally in an IT [information technology] network and impact the OT [
Source: Tweakers.net, Ravie Lakshmanan