Tag: advanced persistent threat
-
The Register: Russian spies use remote desktop protocol files in unusual mass phishing drive
Source URL: https://www.theregister.com/2024/10/30/russia_wrangles_rdp_files_in/ Source: The Register Title: Russian spies use remote desktop protocol files in unusual mass phishing drive Feedly Summary: The prolific Midnight Blizzard crew cast a much wider net in search of scrummy intel Microsoft says a mass phishing campaign by Russia’s foreign intelligence services (SVR) is now in its second week, and…
-
Cisco Talos Blog: Writing a BugSleep C2 server and detecting its traffic with Snort
Source URL: https://blog.talosintelligence.com/writing-a-bugsleep-c2-server/ Source: Cisco Talos Blog Title: Writing a BugSleep C2 server and detecting its traffic with Snort Feedly Summary: This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort. AI Summary and Description: Yes Summary: The text provides an in-depth…
-
METR Blog – METR: METR – Comment on NIST AI 800-1 (Managing Misuse Risk for Dual-Use Foundation Models)
Source URL: https://downloads.regulations.gov/NIST-2024-0002-0022/attachment_1.pdf Source: METR Blog – METR Title: METR – Comment on NIST AI 800-1 (Managing Misuse Risk for Dual-Use Foundation Models) Feedly Summary: AI Summary and Description: Yes Summary: The text provides insights into the National Institute of Standards and Technology’s (NIST) document on managing misuse risk for dual-use AI foundation models. It…
-
The Register: VMware fixes critical RCE, make-me-root bugs in vCenter – for the second time
Source URL: https://www.theregister.com/2024/10/22/vmware_rce_vcenter_bugs/ Source: The Register Title: VMware fixes critical RCE, make-me-root bugs in vCenter – for the second time Feedly Summary: If the first patches don’t work, try, try again VMware has pushed a second patch for a critical, heap-overflow bug in the vCenter Server that could allow a remote attacker to fully compromise vulnerable…
-
Slashdot: European Govt Air-Gapped Systems Breached Using Custom Malware
Source URL: https://it.slashdot.org/story/24/10/11/1811217/european-govt-air-gapped-systems-breached-using-custom-malware?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: European Govt Air-Gapped Systems Breached Using Custom Malware Feedly Summary: AI Summary and Description: Yes Summary: An advanced persistent threat (APT) group named GoldenJackal has been successful in breaching air-gapped government systems in Europe, employing custom tools to steal sensitive information. This activity raises significant concerns about the security…
-
The Register: Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware
Source URL: https://www.theregister.com/2024/10/09/goldenjackal_custom_malware/ Source: The Register Title: Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware Feedly Summary: USB sticks help, but it’s unclear how tools that suck malware from them are delivered A cyberespionage APT crew named GoldenJackal hacked air-gapped PCs belonging to government and diplomatic entities at least twice using two sets of…
-
Hacker News: European govt air-gapped systems breached using custom malware
Source URL: https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/ Source: Hacker News Title: European govt air-gapped systems breached using custom malware Feedly Summary: Comments AI Summary and Description: Yes Summary: This text presents an extensive analysis of the GoldenJackal APT group’s cyberespionage activities, notably their attacks on air-gapped systems within governmental organizations in Europe. It introduces previously undocumented malware tools employed…
-
Slashdot: Chinese Spies Spent Months Inside Aerospace Engineering Firm’s Network Via Legacy IT
Source URL: https://yro.slashdot.org/story/24/09/18/2014240/chinese-spies-spent-months-inside-aerospace-engineering-firms-network-via-legacy-it?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Chinese Spies Spent Months Inside Aerospace Engineering Firm’s Network Via Legacy IT Feedly Summary: AI Summary and Description: Yes **Summary:** This report discusses a major cybersecurity breach involving Chinese state-sponsored spies who infiltrated a U.S. aerospace manufacturer’s network using default credentials on unmanaged IBM AIX servers. The incident highlights…
-
Wired: Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks
Source URL: https://www.wired.com/story/russia-cozy-bear-watering-hole-attacks/ Source: Wired Title: Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks Feedly Summary: Suspected Russian hackers have compromised a series of websites to utilize sophisticated spyware exploits that are eerily similar to those created by NSO Group and Intellexa. AI Summary and Description: Yes Summary: The text discusses the…
-
Hacker News: New 0-Day Attacks Linked to China’s ‘Volt Typhoon’
Source URL: https://krebsonsecurity.com/2024/08/new-0-day-attacks-linked-to-chinas-volt-typhoon/ Source: Hacker News Title: New 0-Day Attacks Linked to China’s ‘Volt Typhoon’ Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a zero-day vulnerability in Versa Director, a software product leveraged by Internet service providers, which is currently being exploited by the Volt Typhoon hacking group, allegedly linked to…