Posted on Leave a comment

Google  Issues Warning on Attack Attempts By APT28 on 14,000 Gmail Accounts.

Shane Huntley, the head of Google’s Threat Analysis Group which reacts to  Government-Backed Attack warnings that Google delivers to targeted consumers each month due to a limited number of targeted attacks that were prevented.

Google has issued a warning to around 14,000 of its users around multiple businesses  about being targeted in a state-sponsored phishing attack by APT28, a threat organisation linked to Russia.

Google reads the blog post that there is an increase in cyberattacks targeting high-profile persons and … Read more

Posted on Leave a comment

Operation GhostShell Uses MalKamak APT to Target Aerospace And Telco Firms .

Operation GhostShell is a highly targeted cyber espionage campaign that mainly targeted companies in the Middle East and also in the United States, Russia, and Europe. The purpose of the attacks  is to steal information about the victims infrastructure, technology and important resources.

During the investigation, the Nocturnus Team discovered ShellClient, a previously unknown and covert RAT that was used as the main espionage instrument.

“During the investigation, efforts were made to identify instances of the ShellClient code and to Read more

Posted on Leave a comment

New Rootkit Malware Targeting Linux Systems With Advanced Features.

ESET security team had identified a new malware family named “FontOnLake” that are constantly upgraded with new functionality to infect victims with an indication of an active development phase. According to samples uploaded to VirusTotal , the first intrusions involving this threat could have occurred as early as May 2020.

ESET researchers Vladislav Hrka reported that , the Nature of FontOnLake ‘s tools together with their complex design and low usage suggest that they are used in targeted attacks. This … Read more

Posted on Leave a comment

A New UEFI Bootkit That Targets Windows Computers.

Cybersecurity firm ESET had identified a new malware was codenamed “ESPecter” due to its ability to persist on the ESP(EFI System Partition)  as well as  Microsoft Windows Driver Signature Enforcement to load its own unsigned driver that can be used to facilitate espionage activities such as document theft, keylogging, and screen monitoring by periodically capturing screenshots.

After all the years of insignificant changes, those behind ESPecter apparently decided to move their malware from legacy BIOS systems to modern UEFI Read more

Posted on Leave a comment

Honeywell Experion Controllers Have Been Reported With Multiple Critical Flaws

Honeywell noted in an independent security notification published earlier this month Rei Heingman and Nadav Erez of Industrial Cybersecurity Firm Claroty are credited with discovering and reporting the flaws.

A Control Component  Library (CCL) may be modified by a bad actor and loaded to a controller causing the controller to execute malicious code.

The CCL format is a DLL/ELF file wrapper. Its first four bytes are the executable file’s CRC32 (DLL/ELF). The following 128 bytes represent the library’s name and … Read more