New Attack Technique Using TDSSKiller and LaZagne Disables EDR The RansomHub ransomware group has debuted a novel attack strategy, using a combination of tools to disable endpoint detection and response (EDR) systems and steal credentials. This is a change in its tactics, techniques, and procedures (TTPs), expanding its capabilities in the cybercrime landscape. Malwarebytes ThreatDown Managed Detection and Response (MDR) team recently uncovered this new method, which involves the use of two well-known tools: TDSSKiller, a legitimate rootkit removal utility developed by Kaspersky, and LaZagne, a credential-harvesting tool. While malicious actors have used both tools for years, this is the…
ISB Staff Reporter
As governments, businesses, and organizations increasingly rely on digital systems, cyberattacks have become more systematic and widespread. These coordinated attacks can disrupt a country’s operations just as much as a physical offensive, making it crucial to understand their possible impact. With this in mind, researchers from vpnMentor examined cyber warfare incidents linked to four major geopolitical conflicts: Russia vs. Ukraine, North Korea vs. South Korea, Iran vs. Israel, and the United States vs. China. The team examined records of the most notable incidents between these countries up to the first half of this year. For the research, they only considered…
A significant data breach at the payment gateway provider SLIM CD has exposed over 1.7 million customers to the risk of identity theft and financial fraud. The breach, which took place between August 2023 and June 2024, compromised sensitive personal and credit card information. Based in Coral Springs, Florida, SLIM CD confirmed that unauthorized individuals infiltrated their network, potentially accessing data such as names, addresses, credit card numbers, and expiration dates. In a “Data Event” notice, the company did not reveal the specific method used in the attack, but experts speculate that phishing, malware, or social engineering tactics could have…
Almost 80 years ago, George Orwell coined the phrase “Big Brother is watching you” in his dystopian thriller, 1984. Even he couldn’t image the advances and capabilities in surveillance that are prevalent today. Geopolitical unrest and extremist ideology are a clear and present danger to the UK. This, combined with increasing rates of in-country criminal activity, has led to a closer partnership between government and the private sector, to counter these challenges. These macro and micro trends have created a significant surveillance market in the UK, generating £18 billion in revenue in 2022, with forecast growth of 21% CAGR to…
Prevalent, a third-party risk management solutions provider, has partnered with Indigocube Security, a cybersecurity consultancy in SA. This collaboration aims to enhance the way organizations in SA manage and mitigate third-party risks, offering comprehensive solutions that enhance security, resilience, and business continuity. Through this partnership, Prevalent and Indigocube Security will combine their expertise to deliver a robust, AI-driven third-party risk management solution tailored to the South African market. This solution will empower businesses to confidently navigate the complexities of third-party risks, ensuring they can maintain secure and sustainable supplier relationships. Tallen Harmsen, Director at Indigocube Security, said the partnership would…
Intellexa’s Predator spyware is back. After facing sanctions and exposure by the US government, the scourge appeared to decline. However, recent findings from Insikt Group, the threat research arm of cyber security company Recorded Future, reveal that Predator’s infrastructure is active again. However, it has come back with modifications designed to evade detection and anonymize its users. This resurgence highlights Predator’s ongoing use by customers in countries such as the Democratic Republic of the Congo (DRC) and Angola, raising serious privacy and security concerns. Infrastructure Changes and Evasion Tactics The Predator spyware operators have revamped their infrastructure, making it harder…
Bitdefender has unveiled Bitdefender Security for Creators, a service specifically designed for digital content producers, online creative professionals, and social media influencers who are prime targets for account takeovers, fraud, and other cybercrimes. Initially the new offering protects YouTube accounts with additional platform support such as Facebook, TikTok, Instagram and others to follow. In the 2024 Consumer Cybersecurity Assessment Report, based on an independent global survey of over 7,000 consumers, nearly a quarter (24.3%) experienced a security incident over the last 12 months, with 44% of those incidents relating to fraud and 42% phishing attempts. In addition, according to Social Blade…
Kaspersky has discovered that an advanced persistent threat (APT) group, Tropic Trooper, also known as KeyBoy and Pirate Panda, has been linked to a series of targeted attacks on a government entity in the Middle East. This is a strategic expansion for the group, which has historically focused on sectors like government, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong. It is now targeting a governmental entity related to human rights studies. New Targets, New Tactics The intrusion campaign began in June last year and was detected in June 2024 when cybersecurity researchers observed a new…
A newly discovered PyPI hijack technique called “Revival Hijack” has been exploited in the wild, posing a significant threat to thousands of Python packages. Identified by JFrog’s security research team, the method takes advantage of a loophole in the PyPI software registry that allows attackers to re-register package names that have been removed by their original owners. Jfrog researchers Andrey Polkovnichenko and Brian Moussalli said this technique has the potential to affect over 22,000 packages, putting countless systems at risk. What is the “Revival Hijack” Technique? The Revival Hijack method allows attackers to take control of package names that have been deleted…
The US Department of Justice has disrupted a covert Russian government-sponsored influence operation targeting audiences within its borders and other nations. The operation, dubbed “Doppelganger,” involved using influencers, AI-generated content, and paid social media advertisements to spread disinformation aimed at undermining international support for Ukraine and influencing the 2024 US Presidential Election. Authorities revealed the seizure of 32 internet domains used by Russian entities, including Social Design Agency (SDA), Structura National Technology (Structura), and ANO Dialog. These companies, directed by Sergei Kiriyenko, a key figure in President Vladimir Putin’s inner circle, employed tactics like cybersquatting to impersonate legitimate news outlets…