Pierluigi Paganini

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

An Iran-linked APT group tracked as Mint Sandstorm is behind a string of attacks aimed at US critical infrastructure between late 2021 to mid-2022. Microsoft has linked the Iranian Mint Sandstorm APT (previously tracked by Microsoft as PHOSPHORUS) to a series of attacks aimed at US critical infrastructure between late 2021 to mid-2022. The IT giant reported Mint […]

The post Iran-linked Mint Sandstorm APT targeted US critical infrastructure appeared first on Security Affairs.

April 19, 2023
0 comment
Read More >>

PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. A new report from Citizen Lab states that the Israeli surveillance firm NSO Group used at least three zero-click zero-day exploits to deliver its Pegasus spyware. In 2022, the Citizen Lab analyzed the NSO Group activity after finding […]

The post PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022 appeared first on Security Affairs.

April 19, 2023
0 comment
Read More >>

Experts temporarily disrupted the RedLine Stealer operations

Security experts from ESET, have temporarily disrupted the operations of the RedLine Stealer with the help of GitHub. ESET researchers announced to have temporarily disrupted the operations of the RedLine Stealer with the help of GitHub. The two companies teamed up with Flare to curb the operations of the malware operators. The experts discovered that […]

The post Experts temporarily disrupted the RedLine Stealer operations appeared first on Security Affairs.

April 18, 2023
0 comment
Read More >>

CISA adds bugs in Chrome and macOS to its Known Exploited Vulnerabilities catalog

US Cybersecurity and Infrastructure Security Agency (CISA) added Chrome and macOS vulnerabilities to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog: According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to […]

The post CISA adds bugs in Chrome and macOS to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

April 18, 2023
0 comment
Read More >>

The intricate relationships between the FIN7 group and members of the Conti ransomware gang

A new malware, dubbed Domino, developed by the FIN7 cybercrime group has been used by the now-defunct Conti ransomware gang. IBM Security X-Force researchers recently discovered a new malware family, called Domino, which was created by developers associated with the FIN7 cybercriminal group (tracked by X-Force as ITG14). FIN7 is a Russian criminal group (aka Carbanak) that has […]

The post The intricate relationships between the FIN7 group and members of the Conti ransomware gang appeared first on Security Affairs.

April 18, 2023
0 comment
Read More >>

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

The Israeli surveillance firm QuaDream is allegedly shutting down its operations after Citizen Lab and Microsoft uncovered their spyware. Last week Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. The victims include journalists, political opposition figures, and an NGO worker […]

The post Israeli surveillance firm QuaDream is shutting down amidst spyware accusations appeared first on Security Affairs.

April 18, 2023
0 comment
Read More >>

New QBot campaign delivered hijacking business correspondence

Kaspersky researchers warn of a new QBot campaign leveraging hijacked business emails to deliver malware. In early April, Kaspersky experts observed a surge in attacks that QBot malware attacks (aka Qakbot, QuackBot, and Pinkslipbot). QBot has been active since 2008, it is used by threat actors for collecting browsing data and banking credentials, and other […]

The post New QBot campaign delivered hijacking business correspondence appeared first on Security Affairs.

April 17, 2023
0 comment
Read More >>

China-linked APT41 group spotted using open-source red teaming tool GC2

China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization. Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control (GC2) in an attack against an unnamed Taiwanese media organization. The APT41 group, aka Winnti, Axiom, Barium, Blackfly, […]

The post China-linked APT41 group spotted using open-source red teaming tool GC2 appeared first on Security Affairs.

April 17, 2023
0 comment
Read More >>

Vice Society gang is using a custom PowerShell tool for data exfiltration

Vice Society ransomware operators have been spotted using a PowerShell tool to exfiltrate data from compromised networks. Palo Alto Unit 42 team identified observed the Vice Society ransomware gang exfiltrating data from a victim network using a custom-built Microsoft PowerShell (PS) script. Threat actors are using the PowerShell tool to evade software and/or human-based security detection mechanisms. PS scripting […]

The post Vice Society gang is using a custom PowerShell tool for data exfiltration appeared first on Security Affairs.

April 17, 2023
0 comment
Read More >>

Experts warn of an emerging Python-based credential harvester named Legion

Legion is an emerging Python-based credential harvester and hacking tool that allows operators to break into various online services. Cado Labs researchers recently discovered a new Python-based credential harvester and hacking tool, named Legion, which was sold via Telegram. At this time, the sample analyzed by Cado Labs has a low detection rate of 0 […]

The post Experts warn of an emerging Python-based credential harvester named Legion appeared first on Security Affairs.

April 17, 2023
0 comment
Read More >>