An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. “While this activity occurred around the same time and in some instances even simultaneously…
Category: The Hacker News
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. “Deadglyph’s architecture is unusual as it consists of cooperating components – one a native x64…
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. “The…
Apple and Chrome Zero-Days Exploited to Hack Egyptian ex-MP with Predator Spyware
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. “The…
New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. “The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and…
How to Interpret the 2023 MITRE ATT&CK Evaluation Results
Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluation. This testing is critical for evaluating…
Iranian Nation-State Actor OilRig Targets Israeli Organizations
Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as OilRig in 2021 and 2022. The campaigns, dubbed Outer Space and Juicy Mix, entailed the use of two previously documented first-stage backdoors called Solar…
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider said that the four high-severity flaws were fixed in new…
Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list…
Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunic koation providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time (JIT) compiler for the Lua…