Tag: detection

New Malware Attack Uses LNK Files to Deploy REMCOS Backdoor on Windows Systems

Aug 4, 2025 9:28 PM

Tags: access, attack, backdoor, cyber, cybersecurity, detection, malicious, malware, windows

The investigation began with the detection of two scanning IP addresses, 91.238.181[.]225 and 5.188.86[.]169 sharing a common Secure Shell (SSH) fingerprint (b5:4c:ce:68:9e:91:39:e8:24:b6:e5:1a:84:a7:a1:03). Cybersecurity researchers have uncovered a sophisticated multi-stage malware campaign that leverages malicious Windows LNK shortcut files to deploy the REMCOS backdoor, a potent remote access trojan capable of full system compromise. This fingerprint…
New Plague Linux malware stealthily maintains SSH access

Aug 4, 2025 5:28 PM

Tags: access, authentication, detection, linux, malware

A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-plague-malware-backdoors-linux-devices-removes-ssh-session-traces/
Mozilla Issues Warning on Phishing Campaign Targeting Add-on Developer Accounts

Aug 4, 2025 3:28 PM

Tags: browser, cyber, detection, email, phishing

Mozilla has issued an urgent security warning to Firefox add-on developers following the detection of a sophisticated phishing campaign targeting accounts on the Add-ons Mozilla Organization (AMO) platform. The alert, published by Scott DeVaney from Mozilla’s Add-ons Community team on August 1, 2025, warns developers to exercise extreme caution when receiving emails purporting to be…
Ransomware attacks: The evolving extortion threat to US financial institutions

Aug 4, 2025 2:28 PM

Tags: access, ai, antivirus, attack, backup, banking, breach, business, cloud, communications, compliance, control, credentials, crime, crimes, cyber, cybercrime, cybersecurity, dark-web, data, ddos, defense, detection, edr, email, encryption, endpoint, extortion, finance, firewall, governance, group, identity, incident response, infrastructure, insurance, intelligence, international, korea, law, leak, least-privilege, lessons-learned, linkedin, linux, lockbit, login, malicious, mfa, monitoring, network, north-korea, organized, phishing, ransom, ransomware, resilience, risk, rust, service, soc, social-engineering, software, startup, strategy, supply-chain, tactics, theft, threat, tool, training, update, usa, vmware, vulnerability, warfare, windows, zero-trust

Before sunrise on a chilly November morning, I got the kind of call no security leader ever wants. A mid-sized U.S. bank had been hit overnight hard. Customers couldn’t access their accounts, ATMs were non-functional and every screen in the company’s environment glowed with the same ominous message: their systems were encrypted, and data had…
North Korea Hiding Malware Within JPEG Files to Attack Windows Systems Bypassing Detections

Aug 4, 2025 12:41 PM

Tags: antivirus, attack, cyber, data, detection, group, korea, malicious, malware, north-korea, threat, windows

Security researchers at Genians Security Center have uncovered a sophisticated new variant of the RoKRAT malware, attributed to the North Korean-linked APT37 threat group, which employs steganography to conceal malicious payloads within seemingly innocuous JPEG image files. This technique allows the malware to evade traditional antivirus detections by embedding encrypted shellcode in image data, which…
MCP: securing the backbone of Agentic AI

Aug 4, 2025 11:56 AM

Tags: access, ai, attack, authentication, business, ciso, control, credentials, cyber, data, detection, injection, least-privilege, mfa, monitoring, RedTeam, risk, security-incident, service, supply-chain, training

Four cornerstones for securing MCP servers: CISOs can largely rely on the proven basic principles of cyber security for MCP they just need to adapt them in a few places. Pure checklists fall short here. Instead, a clear, principles-based approach is required. Four central pillars have proven themselves in practice: Strong authentication and clean credential…
A new era of cyberthreats from sophisticated threat actors is here

Aug 4, 2025 9:29 AM

Tags: access, ai, attack, authentication, backdoor, china, cisa, cloud, communications, control, credentials, crowdstrike, data, data-breach, detection, edr, encryption, endpoint, exploit, group, identity, intelligence, Internet, kev, linux, network, password, phishing, ransomware, remote-code-execution, service, siem, social-engineering, tactics, threat, tool, update, vulnerability, vulnerability-management, windows, zero-day

Identity threats: Scattered Spider: Identity-oriented adversaries exploit human weaknesses to leverage compromised credentials obtained through social engineering and AI-based tools to gain access to networks.Voice-based phishing is one identity-based attack tool rising in prominence, having increased in use by 443% last year, according to Myers. “This is on track to double by the end of…
New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft

Aug 2, 2025 5:28 PM

Tags: access, authentication, backdoor, credentials, cybersecurity, detection, linux, malicious, theft

Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year.”The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access,” Nextron Systems researcher Pierre-Henri Pezier said.Pluggable Authentication Modules First seen on thehackernews.com Jump…
SafePay Ransomware Strikes 260+ Victims Across Multiple Countries

Aug 1, 2025 8:28 PM

Tags: cyber, detection, extortion, ransomware, service, threat

The SafePay ransomware organization has quickly become a powerful operator since its initial detection in September 2024, marking a startling increase in the cyber threat scenario. Unlike predominant ransomware-as-a-service (RaaS) models that rely on affiliates for dissemination and profit-sharing, SafePay operates autonomously, with its core developers directly orchestrating intrusions and extortion campaigns. This self-contained approach…
How RAG Models Work in AI-Based Vulnerability Scanner

Aug 1, 2025 7:28 PM

Tags: ai, cybersecurity, detection, vulnerability

AI-powered vulnerability scanners are increasingly using Retrieval-Augmented Generation (RAG) models to improve the detection of security issues in infrastructure. RAG is a technique that combines large language models (LLMs) with external knowledge sources, enabling an AI to retrieve up-to-date, domain-specific information and utilize it to generate more accurate and context-aware results. In the cybersecurity domain,……
LockBit Operators Use Stealthy DLL Sideloading to Mask Malicious App as Legitimate One

Aug 1, 2025 6:28 PM

Tags: cyber, detection, exploit, lockbit, malicious, ransomware, tactics

Operators of LockBit ransomware have improved their tactics, methods, and procedures (TTPs) to avoid detection and increase damage in the always changing world of cyberthreats. By exploiting DLL sideloading and masquerading, these attackers disguise malicious activities within legitimate system processes, enabling persistence and seamless integration into compromised environments. DLL sideloading tricks trusted applications into loading…
Lazarus Hackers Weaponize 234 npm and PyPI Packages to Infect Developers

Aug 1, 2025 6:28 PM

Tags: cyber, detection, group, hacker, korea, lazarus, malicious, north-korea, open-source, pypi, software, threat

Sonatype’s automated detection systems have uncovered an expansive and ongoing infiltration of the global open-source ecosystem by the notorious Lazarus Group, a threat actor believed to be backed by North Korea’s Reconnaissance General Bureau. Between January and July 2025, Sonatype identified and blocked 234 malicious software packages deployed through both the npm and PyPI open-source…
Cybercrooks faked Microsoft OAuth apps for MFA phishing

Aug 1, 2025 2:28 PM

Tags: access, authentication, business, cloud, data, detection, email, fido, malicious, mfa, microsoft, phishing, risk, software, threat, unauthorized, update

Microsoft moves to curb the threat: Thousands of malicious messages have been sent from compromised business accounts, as part of the campaign, each impersonating well-known companies. Some lures asked for benign-looking permissions such as “view your profile” and “maintain access to data you have given it access to”.Proofpoint said it reported the observed apps to…
Wie EDR EDR aushebelt

Aug 1, 2025 12:28 PM

Tags: access, cisco, crowdstrike, cyberattack, detection, edr, endpoint, firewall, monitoring, software, tool, vulnerability

Legitime Security-Tools gegeneinander auszuspielen, eröffnet Cyberkriminellen diverse Vorteile.Cybersicherheitsforscher haben einen unheilvollen neuen Angriffsvektor entdeckt. Dabei könnten Angreifer kostenlose Testversionen von Endpoint Detection and Response (EDR)-Software dazu missbrauchen, vorhandene Sicherheits-Tools zu deaktivieren. Die Researcher Ezra Woods und Mike Manrod haben das Phänomen entdeckt und dokumentiert, das sie als “EDR-on-EDR Violence” bezeichnen. Ihre Erkenntnisse haben die Sicherheitsexperten…
Summer: Why cybersecurity must be strengthened as vacations abound

Aug 1, 2025 9:28 AM

Tags: access, ai, attack, authentication, automation, awareness, backup, control, corporate, credentials, cybersecurity, data, detection, email, encryption, exploit, infrastructure, malicious, mfa, monitoring, network, office, password, resilience, risk, theft, threat, tool, training, update, usa, vpn, wifi

Guillermo Fernandez, Sales Engineer for Southern Europe at WatchGuard Technologies. WatchGuard Technologies.Another important point is that, during the summer, attackers know that many IT and cybersecurity teams are operating with more limited resources or with staff on vacation. “They take advantage of this to launch phishing campaigns and other targeted attacks, aware that attention and vigilance often…
Hackers Abuse EDR Free Trials to Bypass Endpoint Protection

Aug 1, 2025 8:28 AM

Tags: attack, cyber, cybersecurity, detection, edr, endpoint, exploit, hacker, software, threat

Cybersecurity researchers have uncovered a concerning new attack vector where threat actors are exploiting free trials of endpoint detection and response (EDR) software to disable existing security protections on targeted systems. This technique, dubbed >>BYOEDR
Attackers wrap phishing links through URL scanning services to bypass detection

Aug 1, 2025 1:28 AM

Tags: access, attack, cybercrime, detection, email, exploit, login, malicious, microsoft, office, phishing, service, software, spam, threat, tool

urldefense.proofpoint.com and url.emailprotection.link (Intermedia).”Link wrapping is designed by vendors like Proofpoint to protect users by routing all clicked URLs through a scanning service, allowing them to block known malicious destinations at the moment of click,” Cloudflare researchers wrote in their report on the attacks. “While this is effective against known threats, attacks can still succeed…
‘EDR-on-EDR Violence’: Hackers turn security tools against each other

Jul 31, 2025 1:28 PM

Tags: access, attack, control, crowdstrike, detection, edr, endpoint, exploit, firewall, guide, hacker, intelligence, malicious, mitre, monitoring, network, software, threat, tool, unauthorized

A growing trend: This EDR abuse represents an evolution of legitimate tool exploitation that security teams are seeing across the threat landscape. The 2024 CrowdStrike Threat Hunting Report documented a 70% year-over-year increase in remote monitoring and management tool abuse, with RMM tool exploitation accounting for 27 percent of all hands-on-keyboard intrusions.The research was sparked…
North Korean APT Hackers Compromise CI/CD Pipelines to Steal Sensitive Data

Jul 31, 2025 10:28 AM

Tags: apt, cyber, data, data-breach, detection, group, hacker, korea, lazarus, malicious, malware, north-korea, open-source, threat

Sonatype’s automated malware detection systems have exposed a large-scale and ongoing cyber infiltration campaign orchestrated by the North Korea-backed Lazarus Group, also known as Hidden Cobra. Between January and July 2025, Sonatype identified and blocked 234 unique malware packages attributed to this state-sponsored threat actor across popular open-source registries like npm and PyPI. These malicious…
Mind the overconfidence gap: CISOs and staff don’t see eye to eye on security posture

Jul 31, 2025 10:28 AM

Tags: ai, attack, awareness, business, ciso, compliance, control, cyber, cybersecurity, data, defense, detection, grc, group, hacker, identity, incident response, intelligence, international, least-privilege, metric, network, phishing, ransomware, risk, risk-assessment, risk-management, soc, strategy, technology, threat, tool, training, update

Misplaced priorities: Investments often favor visibility and compliance over “core capabilities like detection engineering, incident response, and threat containment,” according to Santiago Pontiroli, lead security researcher at cybersecurity vendor Acronis TRU.Delayed adaptation: AI-driven threats demand faster, smarter defenses, but key upgrades (such as behavior-based analytics or automation) are often postponed due to underestimated risk, according…
New AI model offers faster, greener way for vulnerability detection

Jul 31, 2025 8:28 AM

Tags: ai, detection, software, vulnerability

A team of researchers has developed a new AI model, called White-Basilisk, that detects software vulnerabilities more efficiently than much larger systems. The model’s release … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/31/white-basilisk-ai-vulnerability-detection/
Tangled in the web: Scattered Spider’s tactics changing to snare more victims

Jul 31, 2025 5:28 AM

Tags: access, attack, authentication, awareness, business, cisa, control, credentials, cybersecurity, data, defense, detection, google, group, guide, identity, marketplace, mfa, microsoft, mitigation, monitoring, network, nist, password, phishing, phone, social-engineering, software, spear-phishing, tactics, threat, tool, training, vpn

-helpdesk or a type of SSO to add credibility.In some instances, Scattered Spider members purchase employee or contractor credentials on illicit marketplaces to gain access. More commonly, they search business-to-business websites to gather information about specific individuals. Once they identify usernames, passwords, personally identifiable information (PII), and conduct SIM swapping (transferring a victim’s phone number…
From LLM scrapers to AI agents: mapping the AI bot landscape for detection teams

Jul 30, 2025 7:29 PM

Tags: ai, detection, fraud, hacker, LLM

AI bots, AI scrapers, AI agents”, you’ve seen these terms thrown around in product announcements, Hacker News posts, and marketing decks. But behind the hype, what do these bots actually do? And more importantly, how are they changing the fraud and bot detection landscape? This article introduces First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/from-llm-scrapers-to-ai-agents-mapping-the-ai-bot-landscape-for-detection-teams/
Qilin Ransomware Uses TPwSav.sys Driver to Bypass EDR Security Measures

Jul 30, 2025 6:27 PM

Tags: cyber, cybercrime, data, detection, edr, endpoint, exploit, extortion, ransom, ransomware, service, tactics, vulnerability

Cybercriminals affiliated with the Qilin ransomware-as-a-service (RaaS) operation have demonstrated advanced evasion techniques by exploiting a previously undocumented vulnerable driver, TPwSav.sys, to disable Endpoint Detection and Response (EDR) systems through a bring-your-own-vulnerable-driver (BYOVD) attack. First observed in July 2022, Qilin employs double extortion tactics, exfiltrating data for leakage on dedicated sites if ransoms remain unpaid,…
Game changer: How AI simplifies implementation of Zero Trust security objectives

Jul 30, 2025 5:28 PM

Tags: access, ai, api, automation, cloud, computing, cyber, data, detection, firewall, infrastructure, network, service, software, strategy, technology, threat, tool, vmware, vulnerability, zero-trust

“You may think, oh that’s good enough,” Rajagopalan said. “I’ll protect my critical apps through Zero Trust and not worry about non-critical apps. But that ‘partial Zero Trust’ approach won’t work. Modern attackers identify less-secure environments and systems, enter through them, and then move laterally toward high value assets. True Zero Trust demands that every…
Ransomware upstart Gunra goes cross-platform with encryption upgrades

Jul 30, 2025 3:27 PM

Tags: attack, breach, control, data, detection, encryption, endpoint, group, healthcare, linux, ransomware, update, vmware, windows

-r” or “ratio” parameter. The “-l” or the “limit” parameter is used to control how much of the file gets encrypted. If no value is provided, the entire file is encrypted,” Trend Micro added.Additionally, the variant offers flexible key-storage options for RSA-encrypted keys. Using the “-s” or ““, store” parameter makes the ransomware save each…
Data Breach Costs Fall for First Time in Five Years

Jul 30, 2025 1:28 PM

Tags: breach, data, data-breach, detection, ibm

IBM found that the global average cost of a data breach has fallen by 9% compared to 2024, driven by improved detection and containment First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/data-breach-costs-fall/
Cisco Talos at Black Hat 2025: Briefings, booth talks and what to expect

Jul 30, 2025 12:28 PM

Tags: cisco, detection, incident response, threat

Cisco Talos is back at Black Hat with new research, threat detection overviews and opportunities to connect with our team. Whether you’re interested in what we’re seeing in the threat landscape, detection engineering or real-world incident response, here’s where and how to find us. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/cisco-talos-at-black-hat-2025-briefings-booth-talks-and-what-to-expect/
How CISOs can scale down without compromising security

Jul 30, 2025 10:28 AM

Tags: breach, business, ciso, compliance, control, cybersecurity, data, detection, finance, framework, gartner, governance, intelligence, jobs, metric, open-source, regulation, resilience, risk, soc, strategy, threat, tool, training, vulnerability

Strategic risk (high, medium, low): What’s the actual exposure if this control fails?Business alignment: Which functions are enabling revenue, customer trust, or compliance?No-brainers: These are redundant tools, shelfware, or “security theatre” controls that look good on paper but deliver no measurable protection.For this assessment, Mahdi brings together a cross-functional team that includes business unit leaders,…
New Microsoft Guidance Targets Defense Against Indirect Prompt Injection

Jul 30, 2025 8:28 AM

Tags: ai, cyber, defense, detection, injection, LLM, microsoft, strategy, threat

Microsoft has unveiled new guidance addressing one of the most pressing security challenges facing enterprise AI deployments: indirect prompt injection attacks. This emerging threat vector has become the top entry in the OWASP Top 10 for LLM Applications & Generative AI 2025, prompting the tech giant to develop a multi-layered defense strategy spanning prevention, detection,…