Hackers exploit PowerShell, a built-in scripting tool on Windows (and sometimes Linux), to launch various attacks. PowerShell scripts can download malware, bypass antivirus, steal data, and grant remote access.   The scripts are attractive to attackers because they are easy to write, difficult to detect due to obfuscation techniques (like partial name matching), and leverage legitimate system resources for malicious actions (“living off the land”) but some tools can analyze these PowerShell scripts for safe detonation and step-by-step tracing.  PowerShell scripts are a type of a ..read more

A new cybersecurity threat has emerged as a zero-click remote code execution (RCE) exploit targeting Apple’s iMessage service is reportedly being circulated on various hacker forums. This exploit, which allows hackers to take control of an iPhone without any interaction from the user, poses a significant risk to millions of iMessage users worldwide. Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide A zero-click exploit is a cybersecurity threat that does not require the victim to click on a link, download a file, or take any action to trig ..read more

Hackers exploit LOCKBIT Builder due to its versatility in creating customized ransomware payloads which enable them to tailor attacks to specific targets and evade detection by security measures. DragonForce Ransomware emerged in November 2023, employing double extortion tactics – data theft followed by encryption, with victims’ data leaked if the ransom is unpaid.  Though sharing the name with a Malaysian hacktivist group, the origins of the DragonForce Ransomware are unclear.  Cyble’s cybersecurity researchers’ analysis recently revealed that the DragonForce’s binary is based on th ..read more

A critical flaw has been identified in the popular online code editor, JudgeO. If exploited, this vulnerability could allow attackers to execute arbitrary code with root-level privileges, posing a significant threat to systems and data integrity. Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide The vulnerability, tracked under the identifier, was discovered in the JudgeO online code editor, as reported by GitHub. This tool, widely used by developers and educational institutions for coding and testing purposes, has been found to contain a ..read more

Attackers are employing evasion techniques to bypass detection and extend dwell time on compromised systems. This is achieved by targeting unmonitored devices, leveraging legitimate tools, and exploiting zero-day vulnerabilities.  While defenders are improving detection speed (dwell time decreased from 16 to 10 days), this is partly due to faster ransomware identification and adversary-in-the-middle and social engineering tactics to bypass multi-factor authentication.  Cloud infrastructure is under attack, with attackers even leveraging cloud resources. Both red and purple teams are ..read more

Cisco has released critical security updates to address multiple vulnerabilities in its Adaptive Security Appliance (ASA) devices and Firepower Threat Defense (FTD) software, collectively known as the “ArcaneDoor” vulnerabilities. If exploited, these vulnerabilities could allow a cyber threat actor to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, indicating active exploitation in the wild. Recently, GBHackers on Security reported that a sophisticated cyber espionage c ..read more

Cybersecurity experts at Seqrite Labs have reported a surge in cyberattacks against Indian government entities. These attacks have been attributed to Pakistani Advanced Persistent Threat (APT) groups, which have been intensifying their malicious activities. Attack Methods The recent campaigns uncovered by Seqrite Labs’ APT team reveal a sophisticated level of cyber warfare. Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide The Pakistani-linked APT group SideCopy has been particularly active, deploying its commonly used AllaKore Remote Acce ..read more

In a joint advisory released by cybersecurity agencies across Canada, Australia, and the United Kingdom, IT professionals and managers in government and critical sectors are alerted to sophisticated cyber-attacks targeting CISCO ASA VPN devices. Background on the Cyber Threat The Canadian Centre for Cyber Security and its international counterparts have been monitoring a series of cyber-attacks since early 2024. These incidents have primarily affected CISCO ASA devices, specifically the ASA55xx series running firmware versions 9.12 and 9.14. The attacks believed to be espionage efforts by a st ..read more

Security researchers at Cisco Talos have uncovered a sophisticated cyber espionage campaign dubbed “ArcaneDoor” conducted by a state-sponsored threat actor tracked as UAT4356 (STORM-1849). This campaign targeted government networks globally by exploiting multiple zero-day vulnerabilities in Cisco’s Adaptive Security Appliance (ASA) firewalls. The attack chain leveraged two custom malware implants – “Line Dancer” and “Line Runner” – to gain persistent access and remote control over compromised ASA devices. Line Dancer was an in-memory shellcode interpreter that enabled executing arbitrary paylo ..read more

AI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create refined, individualized campaigns. Protecting data and systems from this democratization of phishing abilities gives a new challenge for the defenders. Zscaler’s Phishing Report 2024 is based on an analysis of more than 2 billion phishing reports that occurred in 2023 and provides insights into future trends, current campaigns, prime targets within various regions/industries/brands as well as threat actors using AI. This report demonstrates the need for constant alertness and zero t ..read more