We are pleased to announce and welcome onboard the first five partners of #VB2024 : Malwation, Cisco Talos Intelligence Group, Fortinet, Cyber Threat Alliance & QI-ANXIN. Find out how to join them and make your company visible among security peers: virusbulletin.com/conference/vb2…

New #StopRansomware advisory provides recently observed #IOCs and #TTPs on Akira ransomware. With FBI and international partners, we published actionable information to help all orgs identify and protect against this ransomware activity. go.dhs.gov/J9n

Microsoft has tracked at least 70 Russian actors engaged in Ukraine-focused disinformation campaigns concentrated on undermining support for Ukraine. Meanwhile, China seeks to exploit societal polarization and diminish faith in US democratic systems: msft.it/6013Y8noc

Cisco Talos researcher Vanja Svajcer writes about the OfflRouter VBA macro virus afecting users in Ukraine. blog.talosintelligence.com/offlrouter-vir…

Zscaler's Roy Tay & Sudeep Singh observed a malvertising campaign pushing the MadMxShell backdoor. The threat actor registered multiple domains spoofing legitimate IP scanners and other software typically used by IT security & network administration teams. zscaler.com/blogs/security…

WithSecure researchers look into Kapeka, likely a new addition to Sandworm’s arsenal, used in attacks against victims in Eastern Europe. Kapeka is a flexible backdoor with all the necessary functionalities to serve as an early-stage toolkit. withsecure.com/en/whats-new/p…

Google Mandiant researchers decided to graduate the Sandworm group into APT44 & release a report that provides additional insights into the group’s new operations, retrospective insights, & context on how the group is adjusting to support Moscow’s war aims cloud.google.com/blog/topics/th…

During a recent investigation into several criminal forums, Sophos X-Ops discovered something interesting: an influx of crude, cheap ransomware, mostly sold as a one-time purchase rather than typical RaaS models. 1/16

Thoughts on how #infosec should view #CTI as more a mindset or practice and less as a specific person or role, and how this can extend the benefits of threat-driven understanding in security:
pylos.co/2024/04/17/the…

Proofpoint's Greg Lesnewich & Crista Giering describe the tactics successfully used by TA427 to gather information on topics of strategic importance to the North Korean regime. proofpoint.com/us/blog/threat…

Splunk researchers look into the tactics, techniques and procedures employed by APT29 in a recent campaign. The attack chain begins with a spear-phishing email leading to the delivery of the WINELOADER backdoor. splunk.com/en_us/blog/sec…

ばらまきメールに潜む死神の悪戯を紐解く

『今回のブログでは、最近観測された多段の感染プロセスを有する日本語のばらまき型攻撃メールの解析内容について解説します。』

blog.itochuci.co.jp/entry/2024/04/…

On March 25, the FBI released an indictment of APT31 hackers. We read it carefully to find new intel, and managed to connect a few dots (including about the RAWDOOR malware family).

Full article and IOCs: harfanglab.io/en/insidethela…

Secureworks CTU researchers look into activity conducted by the INC Ransom group, tracked as GOLD IONIC. secureworks.com/blog/gold-ioni…

G DATA's Banu Ramakrishnan writes about a malicious Android app that masquerades as Google Chrome. The malware takes advantage of the popularity of and trust associated with Chrome to trick users into downloading and installing it. gdatasoftware.com/blog/2024/04/3…

I've just published a new blog post analyzing another macOS 🍎 stealer - CloudChat.
link.medium.com/wzlES5FsOIb
#malware #macos #stealer

The future is here: AI systems are widely available and accessible. But with new systems come new risks. Along with partners, we’re releasing a new set of best practices to help your org stay secure. Read “Deploying AI Systems Securely” now: nsa.gov/Press-Room/Pre…

2024-04-15 (Monday): #ContactForms campaign pushing #SSLoad malware as early as Thursday, 2024-04-11. List of indicators available at bit.ly/49Cz1kL

#Wirshark #Unit42ThreatIntel #TimelyThreatIntel #InfectionTraffic

⚠️ We're calling all open source maintainers to be alert for social engineering takeover attempts and to take steps to protect their open source projects, after a failed credible takeover attempt.

Read our blog post with OpenSSF for details: hubs.la/Q02sQmgl0

AhnLab researchers look into the Linux version of Pupy RAT, an open-source and cross-platform malware continuously used by various attackers, including APT groups. asec.ahnlab.com/ko/64073/