Targets
Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS
Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts. “The attacker used a modified version of XMRig with a hard-“coded configuration, allowing them to avoid suspicious command-line arguments that are often flagged by defenders,” Wiz researchers Yaara Shriki and Gili Tikochinski…
DragonForce targets rivals in a play for dominance
DragonForce is not just another ransomware brand – it’s a destabilizing force trying to reshape the ransomware landscape. Counter Threat Unit (CTU) researchers are actively tracking the evolution of the threat posed by the group. Enter the dragon DragonForce is involved in high-impact attacks targeting both traditional IT infrastructure and virtualized environments (e.g., VMware ESXi),…
Trump Revenge Tour Targets Cyber Leaders, Elections – Krebs on Security
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs’s employer SentinelOne, comes as…
DeceptiveDevelopment targets freelance developers
Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. After all, what better time to strike than when the potential victim is distracted by the possibility of getting a job? Since early 2024, ESET researchers have observed a series of malicious North Korea-aligned activities,…
Australian Cyber Security Centre Targets Bulletproof Hosting Providers To Disrupt Cybercrime Networks
Overview The Australian Cyber Security Centre (ACSC) has issued a detailed warning regarding Bulletproof Hosting Providers (BPH). These illicit infrastructure services play a critical role in supporting cybercrime, allowing malicious actors to conduct their operations while remaining largely undetectable. The Australian government’s growing efforts to combat cybercrime highlight the increasing difficulty for cybercriminals to maintain…
Sliver Implant Targets German Entities With DLL Sideloading And Proxying Techniques – Cyble
Key Takeaways Cyble Research and Intelligence Labs (CRIL) has identified an ongoing cyberattack – targeting organizations in Germany. The attack is initiated through a deceptive LNK file embedded within an archive. When executed by an unsuspecting user, this LNK file triggers cmd.exe to copy and run wksprt.exe, a legitimate executable. This executable sideloads a malicious…
_Antony_Cooper_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop&w=600&resize=600,400&ssl=1 "EagerBee Backdoor Takes Flight Against Mideast Targets")
EagerBee Backdoor Takes Flight Against Mideast Targets
An unknown attacker is wielding an updated version of a backdoor malware that was previously deployed against high-profile Southeast Asian organizations in targeted attacks, this time against ISPs and governmental entities in the Middle East. Researchers at Kaspersky have detected a new variant of the EagerBee backdoor outfitted with various new components in attacks that…