Voodoo Bear (APT44 - Part 2)
In summary, it can be said that Voodoo Bear is part of the Russian government's ‘Ministry of Defence’ and is therefore state-sponsored. In addition, many different sectors are targeted by the group.
Latest updates and hand-picked resources.
In summary, it can be said that Voodoo Bear is part of the Russian government's ‘Ministry of Defence’ and is therefore state-sponsored. In addition, many different sectors are targeted by the group.
In modern cyber warfare, not only independent hacker groups utilize digital arsenals, but states also deploy these means to enforce their interests.
Wiper is ransomware that pursues destruction as its goal. For example, it deletes the MBR, MFT, overwrites the files or encrypts the files and destroys the decrypt key.
A wiper is a ransomware whose main function is wiping, i.e. deleting or overwriting data, damaging the MBR (Master Boot Record) or MFT (Mater File Table).
It is becoming increasingly common for various media outlets to draw attention to Threat Actor attacks. Due to the political situation in different countries, it often happens that politically motivated hacker attacks are hinted at in such reports.
Alongside Cozy Bear, other groups like APT28 (Fancy Bear), Voodoo Bear, Primitive Bear, and Venomous Bear employ advanced tactics to infiltrate and extract data from their targets.
Microsoft has introduced a new in-browser protection feature for Microsoft Defender for Cloud Apps. This update is designed to strengthen security by offering real-time monitoring and control over user activities in sanctioned and unsanctioned cloud applications.
Advanced Persistent Threat (APT) group APT43, originating from North Korea and known for its espionage activities, is currently exploiting poorly configured or unconfigured DMARC policies.
In the digital age, the threat landscape evolves with alarming speed, and ransomware groups are at the forefront of this change, wreaking havoc on businesses and individuals alike.
The "Mother of All Breaches" (MoAB), a term now synonymous with one of the largest data leaks in the history of cybersecurity, has been a jolting wake-up call for digital security worldwide. This breach encompassed a staggering 12 TB of information, impacting over 26 BN records.
The realm of Artificial Intelligence (AI) is rapidly evolving, ushering in transformative tools like ChatGPT and Microsoft Copilot, which have revolutionized how we interact with technology.
In the dynamic world of cybersecurity, the evolution of attack methods like Evilginx and Evilginx2, designed to bypass robust defenses such as Multi-Factor Authentication (MFA), is closely matched by developments in attack frameworks.
CVE-2023-7028 is a critical vulnerability in GitLab that allows unauthorized account takeovers through a password reset mechanism. It was assigned a CVSS score of 10.0, indicating the highest level of severity.
In the realm of cybersecurity, the advent of QR-code phishing has introduced a novel challenge, reshaping the dynamics of digital threats and defenses. QR-code phishing, or 'Quishing,' is a tactic where QR codes are manipulated to facilitate phishing attacks.
CVE-2023-50164 is a critical vulnerability discovered in Apache Struts 2. This vulnerability is related to a path traversal flaw that allows a remote attacker to upload malicious files to vulnerable servers, potentially leading to Remote Code Execution (RCE) on the target server.
The 2023 LinkedIn security breach, initially perceived as a significant threat, turned out to be less severe due to the inclusion of many fictitious email addresses. This incident, which involved the extraction of large data sets from LinkedIn, highlights the growing concern around data scraping practices by hackers.
CVE-2023-38831 identifies a file extension spoofing vulnerability in WinRAR, a popular Windows tool for compressing and decompressing files. This flaw allowed clever individuals to create ZIP or RAR files that appeared ordinary but were structured in a way that concealed malicious code.
This is a vulnerability in Microsoft Edge (Chromium-based) that could allow an attacker to elevate their privileges on the affected system. The vulnerability has been assigned a high severity rating with a CVSS score of 8.3, indicating that it poses a significant risk.
We see an increasing demand for information on current CVEs, APTs, malware, etc.. The newsletter will be our way to satisfy this demand and focus on threats, which are relevant to our customers.
The cybersecurity landscape has recently been shaken by a significant vulnerability in Ivanti Endpoint Manager Mobile (EPMM), previously known as MobileIron Core. This authentication bypass vulnerability has had a notable impact, affecting 12 ministries in Norway and illustrating its potential for widespread damage.