The Akira ransomware variant has severely impacted more than 250 organizations worldwide, amassing approximately USD 42 million in ransom payments. This information comes from a detailed joint Cybersecurity Advisory issued by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). Evolution of Akira Ransomware Initially detected in early versions written in C++, the Akira ransomware encrypted victims’ files, appending them with a .akira extension. However, a significant shift occurred in August 2023 when the ransomware operators began deploying a new variant named Megazord. Th ..read more

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale on a notorious hacker forum. This exploit, which has not yet been assigned a Common Vulnerabilities and Exposures (CVE) reference, is said to be capable of granting unauthorized users elevated privileges on any Windows system. The asking price for this dangerous tool is a staggering $220,000, indicating its potential severity and the threat actor’s confidence in its effectiveness. Impact on Windows Users The emergence of this exploit is particularly alarming for Windows users, both individual and corporate, as it ..read more

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified as CVE-2024-3400. This zero-day flaw, found in the GlobalProtect Gateway, is currently under active exploitation by attackers. CVE-2024-3400 allows attackers to execute arbitrary OS commands on the affected systems without proper authentication. The threat actors are now actively exploiting this Palo Alto ZeroDay in the wild following the PoC release. Palo Alto ZeroDay Exploited Researchers identified vulnerabilities and developed an exploit for GlobalProtect in three days that targeted Pal ..read more

IT employees in the automotive industry are often targeted by hackers because they have access to sensitive information such as customer data, intellectual property, and critical systems. The connected technologies’ dependence on the automotive industry and the value of their data make them attractive targets for threat actors. BlackBerry analysts recently discovered that the FIN7 hackers are actively attacking the IT employees of the automotive industry. FIN7 Attacking IT Employees According to some BlackBerry evaluations at the end of 2023, there was a spear-phishing campaign against a major ..read more

As Russia’s invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS, APT44) cyber threat group remains highly active and increasingly integrated with Russian conventional military operations in support of Moscow’s war aims.  However, Sandworm’s disruptive operations now span globally across Russian political, military, and economic interests. With 2024 seeing record participation in national elections, the group’s history of attempting to interfere in democratic processes elevates potential near-term threats.  Recently, cybersecurity researchers at Googl ..read more

A new banker, SoumniBot, has recently been identified. It targets Korean users and is incredible by using an unusual method to evade investigation and detection, notably obfuscating the Android manifest. In addition to its unique obfuscation, SoumniBot stands out for its ability to steal Korean online banking keys—something Android bankers hardly do.  This capability enables malicious actors to bypass bank authentication procedures and empty the wallets of unintentional victims.  Researchers say SoumniBot’s creators sadly succeeded because the Android manifest parser code’s validatio ..read more

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity. This groundbreaking product, described as Cisco’s most consequential security solution, introduces a cloud-native, AI-powered approach to securing highly distributed, AI-scale data centers. Integrated directly into the network’s fabric, the Cisco Hypershield represents a radical departure from traditional security models, leveraging the power of hyperscaler security and connectivity for the enterprise. The advent of artificial intelligence (AI) is propelling us into a future of digital abundance ..read more

Malware commonly encrypts its traffic (stolen data sent to a command-and-control server) and internal strings (like URLs and configurations) to prevent security systems from recognizing malicious content.  Cryptography fundamentals, classical ciphers, bitwise operations, XOR functions, and XOR cipher detection and decryption techniques, and showcase a practical example of how to decrypt malware C2 communication encrypted with XOR.  Common encryption methods: XOR Rc4 AES DES 3DES (Tripple DES) Main concepts in encryption are: Plaintext is the raw data that hasn’t been encrypted and ..read more

Authorities have dismantled LabHost, a notorious cybercrime platform that facilitated widespread phishing attacks across the globe. The crackdown on LabHost, which was founded in the UK in 2021, marks a significant victory against cybercriminal networks that have long exploited digital platforms to conduct their illicit activities. LabHost, known for its Phishing-as-a-Service (PhaaS) offerings, allowed criminals, even those with limited IT skills, to create and manage phishing websites designed to mimic legitimate organizations such as banks, healthcare agencies, and postal services. For a mon ..read more

Armis, a leading cybersecurity company, has acquired Silk Security, an AI-powered vulnerability detection firm. The acquisition comes when organizations grapple with a surge of security findings, with no scalable and automated way to prioritize and operationalize remediation. Ineffective processes and inconsistent risk prioritization have resulted in costly and suboptimal remediation efforts, leaving security teams struggling to address the most critical vulnerabilities. Armis to Address Full Exposure Management Lifecycle Silk Security’s capabilities are set to be integrated into the Armis Cen ..read more