A fresh wave of attacks tied to North Korea’s infamous Lazarus Group is targeting software developers through fraudulent job recruitment schemes. These attacks are part of the VMConnect campaign, first uncovered in August last year. Malicious actors pretend to be recruiters from top financial services firms, distributing malicious Python packages disguised as coding tests. These packages, which mimic legitimate developer tools, are designed to infiltrate and compromise developer systems. ReversingLabs researchers say the attackers were found using deceptive methods, including fake LinkedIn profiles, to trick developers into downloading and executing malicious code disguised as part of job interview materials. A…
Author: ISB Staff Reporter
Healthcare is no longer just about treating the sick; it’s about safeguarding their most personal information. Unfortunately, today, a slew of threats target this sector, including ransomware, phishing, API vulnerabilities, and the significant complexities of securing interconnected systems and supply chains. So said Nuno Loureiro in his opening remarks during yesterday’s Probely webinar, “Unveiling Hidden APIs and Securing Vulnerabilities in the Healthcare Sector.” The conversation opened with Errol Weiss from Health-ISAC, discussing the common threats and ongoing challenges in the healthcare sector. He said ransomware remains one of the most pressing threats in healthcare. With attackers leveraging social engineering techniques,…
New Attack Technique Using TDSSKiller and LaZagne Disables EDR The RansomHub ransomware group has debuted a novel attack strategy, using a combination of tools to disable endpoint detection and response (EDR) systems and steal credentials. This is a change in its tactics, techniques, and procedures (TTPs), expanding its capabilities in the cybercrime landscape. Malwarebytes ThreatDown Managed Detection and Response (MDR) team recently uncovered this new method, which involves the use of two well-known tools: TDSSKiller, a legitimate rootkit removal utility developed by Kaspersky, and LaZagne, a credential-harvesting tool. While malicious actors have used both tools for years, this is the…
As governments, businesses, and organizations increasingly rely on digital systems, cyberattacks have become more systematic and widespread. These coordinated attacks can disrupt a country’s operations just as much as a physical offensive, making it crucial to understand their possible impact. With this in mind, researchers from vpnMentor examined cyber warfare incidents linked to four major geopolitical conflicts: Russia vs. Ukraine, North Korea vs. South Korea, Iran vs. Israel, and the United States vs. China. The team examined records of the most notable incidents between these countries up to the first half of this year. For the research, they only considered…
A significant data breach at the payment gateway provider SLIM CD has exposed over 1.7 million customers to the risk of identity theft and financial fraud. The breach, which took place between August 2023 and June 2024, compromised sensitive personal and credit card information. Based in Coral Springs, Florida, SLIM CD confirmed that unauthorized individuals infiltrated their network, potentially accessing data such as names, addresses, credit card numbers, and expiration dates. In a “Data Event” notice, the company did not reveal the specific method used in the attack, but experts speculate that phishing, malware, or social engineering tactics could have…
Almost 80 years ago, George Orwell coined the phrase “Big Brother is watching you” in his dystopian thriller, 1984. Even he couldn’t image the advances and capabilities in surveillance that are prevalent today. Geopolitical unrest and extremist ideology are a clear and present danger to the UK. This, combined with increasing rates of in-country criminal activity, has led to a closer partnership between government and the private sector, to counter these challenges. These macro and micro trends have created a significant surveillance market in the UK, generating £18 billion in revenue in 2022, with forecast growth of 21% CAGR to…
Prevalent, a third-party risk management solutions provider, has partnered with Indigocube Security, a cybersecurity consultancy in SA. This collaboration aims to enhance the way organizations in SA manage and mitigate third-party risks, offering comprehensive solutions that enhance security, resilience, and business continuity. Through this partnership, Prevalent and Indigocube Security will combine their expertise to deliver a robust, AI-driven third-party risk management solution tailored to the South African market. This solution will empower businesses to confidently navigate the complexities of third-party risks, ensuring they can maintain secure and sustainable supplier relationships. Tallen Harmsen, Director at Indigocube Security, said the partnership would…
Intellexa’s Predator spyware is back. After facing sanctions and exposure by the US government, the scourge appeared to decline. However, recent findings from Insikt Group, the threat research arm of cyber security company Recorded Future, reveal that Predator’s infrastructure is active again. However, it has come back with modifications designed to evade detection and anonymize its users. This resurgence highlights Predator’s ongoing use by customers in countries such as the Democratic Republic of the Congo (DRC) and Angola, raising serious privacy and security concerns. Infrastructure Changes and Evasion Tactics The Predator spyware operators have revamped their infrastructure, making it harder…
Bitdefender has unveiled Bitdefender Security for Creators, a service specifically designed for digital content producers, online creative professionals, and social media influencers who are prime targets for account takeovers, fraud, and other cybercrimes. Initially the new offering protects YouTube accounts with additional platform support such as Facebook, TikTok, Instagram and others to follow. In the 2024 Consumer Cybersecurity Assessment Report, based on an independent global survey of over 7,000 consumers, nearly a quarter (24.3%) experienced a security incident over the last 12 months, with 44% of those incidents relating to fraud and 42% phishing attempts. In addition, according to Social Blade…
Kaspersky has discovered that an advanced persistent threat (APT) group, Tropic Trooper, also known as KeyBoy and Pirate Panda, has been linked to a series of targeted attacks on a government entity in the Middle East. This is a strategic expansion for the group, which has historically focused on sectors like government, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong. It is now targeting a governmental entity related to human rights studies. New Targets, New Tactics The intrusion campaign began in June last year and was detected in June 2024 when cybersecurity researchers observed a new…
