On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Kevin Sovey to discuss a blog we recently published about the Budworm espionage group targeting organizations in the U.S. We also discuss another blog we published this week about the Spyder Loader malware being deployed on the machines of government agencies in Hong Kong. We also talk about apparent links between the operators behind Ransom Cartel and the REvil/Sodinokibi ransomware family ..read more

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss a recent blog we published on the Witchetty (aka LookingFrog) espionage group, which has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa, including a new tool that employs steganography. We also discuss the recently discovered Microsoft Exchange Server zero days, the U.S. defense sector being targeted by multiple APT groups, and a newly discovered espionage actor called Metador, which was spotted operating in recent weeks. We also discuss the brea ..read more

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Alan Neville to discuss some of the recent blogs that the Symantec Threat Hunter team has published. We discuss a new wave of espionage activity targeting Asian governments by attackers who were formerly associated with the ShadowPad malware but who appear to have now adopted a new toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries. We also examine the current activities of a group we call Webworm, wh ..read more

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O Gorman are joined by Symantec threat researcher Chris Kiefer to discuss our latest blog about the Bumblebee loader. We discuss this new malware’s place on the cyber crime landscape, its capabilities, and how it is being leveraged by ransomware actors. We also discuss the appearance of new versions of both Raccoon Stealer and LockBit, as well as an FBI warning about deepfakes being used in job interviews. The podcast will be taking a short break for the summer and we will be back with new episodes in September ..read more

In this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss how Russian espionage actors are exploiting the Follina vulnerability, the release of the latest version of Metasploit, and a new phishing campaign that’s been underway on Facebook. We also discuss ransomware extensively, including what authorities were able to find when they took down the Netwalker ransomware gang, the increasing activity of the BlackCat ransomware, and some new research into the Hello XD ransomware. We also speculate about the impact turmoil on the cryptocurrency markets may have on the types of pa ..read more

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the recently discovered Follina vulnerability in Microsoft Office, as well as some recent ransomware stories. One thing we talk about is the apparent break up of the Conti ransomware gang, with evidence pointing to the group folding itself into other ransomware gangs, including Hive, which carried out a recent attack on the health service in Costa Rica. The Clop and REvil names have also appeared in news reports in recent weeks, but are these ransomware gangs really back? And what are the signs of pre-ransomware acti ..read more

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O Gorman discuss the recent in-depth whitepaper the Symantec Threat Hunter team produced about Chinese cyber-espionage activity, which details the most active groups operating out of that country at the moment, as well as the tactics, tools, and procedures they leverage, the custom malware they use, and who their victims tend to be. We also talk about recent warnings from U.S. authorities about North Korean nationals posing as citizens of other countries to gain employment, and threats from the Conti ransomware gang to “overthrow” th ..read more

In the latest Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the recent research published by Symantec’s Threat Hunter Team, including our blog about the activity of North Korean APT group Stonefly, and our latest whitepaper on the topic of Commodity Malware. We also talk about some stories that were in the news over the last week or so, including the possible return of the REvil/Sodinokibi ransomware gang, a new loader called Bumblebee that might be a successor to BazarLoader, and a China-on-Russia intelligence-gathering attack ..read more

On this week’s Cyber Security Brief, Brigid O Gorman is joined by Symantec threat researchers John-Paul Power and Alan Neville. In this week’s podcast we discuss some recent research published by Symantec detailing new activity in the Dream Job campaign carried out by the North Korean Lazarus APT group, as well as continuing attacks aimed at Ukraine carried out by the Russia-linked APT group Shuckworm. Also, we talk about a critical vulnerability in the Windows Remote Procedure Call Runtime (RPC) protocol, the shut down of two well-known dark marketplaces, and the emergence of a new marketplac ..read more

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the research published by Symantec’s Threat Hunter team over the past couple of weeks, including a new Cicada/APT10 espionage campaign targeting government organizations and NGOs in multiple countries worldwide. We discuss the new Verblecon malware, which is being deployed in sophisticated campaigns that appear to have the relatively low-reward goal of cryptocurrency mining as their main objective. We also talk about the Spring4Shell vulnerability that briefly caused a lot of consternation last week, and give ..read more