intelligence gathering

Recently, a global attack campaign launched by the notorious North Korea-linked cyber threat group "Lazarus Group" was disclosed. This operation was named "Operation Blacksmith" and was characterized by exploiting the Log4j vulnerability (CVE-2021-44228, also known as Log4Shell) to deploy a previously unknown remote access Trojan (RAT) on target systems.

In the evolving world of cybersecurity, ransomware attacks have become a serious and widespread threat. Among the different forms of ransomware, a trend called Ransomware-as-a-Service (RaaS) is becoming increasingly prominent. This worrying development changes the cybercrime landscape, enabling individuals with limited technical capabilities to carry out destructive attacks.

New research has found that more than 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking. "Jacob Baines, CTO of VulnCheck (…

According to reports, North Korean state-level hacker groups Kimsuky, Lazarus Group and Andariel have stolen approximately $3 billion worth of cryptocurrency in the past six years. The hackers primarily targeted cryptocurrency exchanges, but also targeted individual users and venture capital firms.

"This malware family is written using the .NET framework and leverages the Domain Name Service (DNS) protocol to create...

Espionage groups invest time and effort in avoiding detection and persisting on compromised networks.
The Mantis cyber espionage group (aka Arid Viper, Desert Falcon, APT-C-23), a threat actor believed to operate within the Palestinian territories, is conducting ongoing attacks, deploying an updated toolset and sparing no effort in targeting targets. Maintain a persistent presence on the web.
The group is known for targeting organizations in the Middle East, but the recent activity discovered by Symantec, a subsidiary of Broadcom Software, is focused on organizations in the Palestinian territories. The malicious activity began in September 2022 and continued until at least February 2023. moon. This kind of targeting is not unprecedented for the Mantis group, which previously revealed attacks against individuals located in the Palestinian territories in 2017.

Google Chrome is a web browser developed by Google. It is based on an open source kernel (such as WebKit) and aims to improve stability, speed and security, with a simple and efficient interface. However, by using XSL stylesheets and external entity references in SVG image links, an attacker can read arbitrary files on the victim's computer.

The latest analysis released by Kaspersky security researcher Mert Degirmenci shows that the Web Shell is a dynamic link library (DLL) named "hrserv.dll" with complex functions, such as custom encoding methods for client communication and memory execution. . An investigation by the Russian cybersecurity firm Kaspersky found artifacts dating back to early 2021 based on their compilation timestamps...

Recently, a new research report released by Duke University has attracted widespread attention, which reveals how cyber attackers can easily obtain sensitive information about U.S. military personnel at a low price, thus posing serious risks to national security. This study found that cyberattackers can start from several...

Terminology explanation: SDK is the abbreviation of English Software Development Kit, that is, software development tool kit, which has various types. If developing a software system is compared to building a house with "three bedrooms and one living room", then different SD...