P2Pinfect is a rust-based malware analyzed extensively by Cado Security in the past. It is a reasonably sophisticated malware sample that uses a peer-to-peer (P2P) botnet for its command and control mechanism. Upon initial discovery, the malware mainly appeared dormant. It would spread primarily via Redis and a limited SSH spreader, but ultimately, it did not seem to have an objective other than to spread. Recently, we observed a new update to P2Pinfect that introduced ransomware and crypto
All Articles (2533)
Sort by
After spending five years in detention in London's high-security H M Prison Belmarsh, a Category A men’s prison in Thamesmead, WikiLeaks founder Julian Assange has made a plea deal with the US Government. He will plead guilty to one charge of espionage and return home to Australia after years of fighting extradition from Britain. US authorities have agreed to drop their demand for Assange to be extradited from Britain after reaching a plea deal with the WikiLeaks founder.
In return for pleading
The US military recently launched a groundbreaking initiative to strengthen ties with the commercial space industry. The aim is to integrate commercial equipment into military space operations, including satellites and other hardware. This would enhance cybersecurity for military satellites. As space becomes more important to the world’s critical infrastructure, the risk increases that hostile nation states will deploy cyber-attacks on important satellites and other space infrastructure. Targ
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding an ongoing phone-based impersonation fraud campaign where scammers are masquerading as CISA staff. In a brief notification, the agency stated it is "aware of recent impersonation scammers claiming to represent the agency."
The CISA warning https://www.cisa.gov/news-events/alerts/2024/06/12/phone-scammers-impersonating-cisa-employees explicitly states that its employees "will never contact you with a
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate
Spyware is malicious software engineered to covertly monitor and gather information from a user’s computer without their awareness or consent. It can record activities like keystrokes, browsing behavior, and personal information, often transmitting this data to a third party for espionage or theft.
Researchers at FortiGuard Labs recently detected an attack exploiting the CVE-2021-40444 vulnerability in Microsoft Office. This flaw allows attackers to execute malicious code via specially crafted
Threat actors have exploited hacked high-ranking legitimate websites to enable BadSpace malware backdoor distribution on Windows machines. The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases, a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system. BadSpace is a backdoor Trojan that secretly installs itself on a computer, giving cybercriminals remote access and control. It can
Researchers at Graz University of Technology could spy on users’ online activities simply by monitoring fluctuations in the speed of their internet connection. This vulnerability, known as SnailLoad, does not require malicious code to exploit, and the data traffic does not need to be intercepted. All types of end devices and internet connections are affected.[1]
SnailLoad attack setup:
- The victim communicates with a server.
- The server has a fast Internet connection, and the victim’s last-mile
A hack into software maker CDK Global has disrupted operations at auto dealerships across the US, the latest in a series of hacks where ransom-demanding cybercriminals target big companies by breaching behind-the-scenes software suppliers. CDK makes software that is commonly used by car dealerships to process sales and other transactions. Considering the hack, many dealers have started processing transactions manually, according to local press reports.[1]
Here is more about BlackSuit, the hack
A major cyber-attack occurred just before the Fourth of July holiday in 2021, affecting at least 200 US companies. The attack was a ransomware attack that occurred first at Kaseya, a Florida-based IT company, and then spread through the corporate networks that use its software. The attack affected multiple managed service providers and their customers. The REvil ransomware gang was behind the attack. Please stay vigilant during all holiday times.
At least 200 US companies were hit by a major
On 26 June, Evolve Bank and Trust, a financial institution that’s popular with fintech startups, announced that it had been victim of a cyberattack and data breach that could have affected its partner companies as well. The incident, according to the company’s statement, involved “the data and personal information of some Evolve retail bank customers and financial technology partners’ customers.”
Evolve’s communications chief Thomas Holmes said that the incident involves “a known cybercriminal
On 8 March 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted. Meanwhile, their attorney has admitted that the person Radaris named as the CEO from its incepti
Our friends at FortiGuard Labs recently captured a new phishing campaign that demonstrates the spread of a new Agent Tesla variant, specifically targeting Spanish-speaking people. Agent Tesla is a well-known. Net-based Remote Access Trojan (RAT) is designed to stealthily infiltrate victim’s computers and steal their sensitive information, such as their computer’s hardware information, login user information, keystrokes, email contacts, web browser cookies files, system clipboard data, screensho
A controversial proposal put forth by the European Union (EU) to scan users' private messages for detection of child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused messaging service of the same name. "Mandating mass scanning of private communications fundamentally undermines encryption. Full Stop," Whittaker said in a statement on 17 June 2024. "Whether this happ
The notorious Russia-based ransomware gang Lockbit 3.0 has claimed responsibility for a cyber-attack on the US Federal Reserve. The attack, which was announced on 23 June via a post on a site associated with the ransomware gang, allegedly saw the gang infiltrate the systems of the US Federal Reserve and exfiltrate 33 TB of sensitive banking information.
In the post, which was entitled 'federalreserve.gov', the gang explained how the Federal Reserve is structured, and its role in distributing mo
Back in the 1960’s, there were a string of western movies called Spaghetti Westerns, because they were made in Italy by local directors and producers. In 1966, a famous movie called The Good, the Bad and the Ugly was shown across the US and it became a cult classic, starring a then unknown actor: Clint Eastwood. Below Sentinel Labs exposed modern day hacking robbers, hopefully on their way to US federal prison for a long time.
The Good - Dark Marketplace Operators Face Life Sentences for $
Non-human Identity (NHI) lifecycle firm Entro Security (https://entro.security) has raised $18 million in a Series A funding round led by Dell Technologies Capital and including angel investors. The funds will be used to scale the firm’s global operations, including increasing its headcount from 35 to around 80 by the end of 2024.
Entro’s platform is designed to bring order to the increasingly chaotic management of non-human identities. Identity management has always been problematic, but the g
The LockBit ransomware group has claimed a significant increase in attack volume in May 2024, which would once again make it the most active ransomware gang, a new report from NCC Group shows. The LockBit ransomware operation was disrupted in February when law enforcement agencies in North America, Europe, and Asia seized 34 servers, took over the gang’s Tor-based leak site, froze its cryptocurrency wallets, and collected technical information on the group’s infrastructure.
The US government ha
Qilin, the ransomware group behind an attack that has disrupted healthcare across London, has listed the victim organization Synnovis on its darknet extortion site. The attack earlier this month on Synnovis, a business providing pathology services for hospitals and local clinics in the capital, prompted major disruptions to services, with blood tests in South East London operating at approximately 10% normal capacity. “Half of this capacity has been ringfenced to support patients in the acute
SpaceX is inviting some customers to buy a new Starlink Mini receiver for its satellite broadband service offered as a portable option, with an introductory price tag of $599 in the US.
Customer emails sent by the space company this week invited select customers to buy its latest antenna, described as a "compact, portable kit that can easily fit in a backpack, designed to provide high-speed, low-latency internet on the go."
Stream 4K movies while out camping out, anyone? Cool, huh? The compan
