Lara De Jong
-
TruffleNet Infrastructure Abuses AWS for Large-Scale Financial Fraud
An attacker infrastructure named TruffleNet is using stolen credentials and open-source tools to systematically compromise AWS environments, abusing the AWS Simple Email Service (SES) for Business Email Compromise (BEC) attacks and financial fraud.
-
Cloudflare Data Shows Major Internet Shifts in Turkmenistan, Corroborating Reports of Unblocking and Firewall Testing
Cloudflare’s network data reveals a significant increase in HTTP requests from Turkmenistan starting mid-June 2024, aligning with reports of the nation unblocking billions of IP addresses. The analysis also uncovers major shifts in TCP connection patterns, suggesting the possible testing of a new national firewall system.
-
Remote Monitoring Tools Weaponized in Escalating Cargo Freight Hijacks
Threat actors are increasingly weaponizing legitimate remote monitoring and management (RMM) tools to hijack cargo freight, leading to significant disruptions in global supply chains. This sophisticated cyber-physical attack strategy involves compromising broker load boards, deploying phishing campaigns, and leveraging RMM tools to orchestrate the physical theft of goods, often in collaboration with organized crime groups.…
-
SleepyDuck Malware Redefines C2 Resilience with Ethereum Blockchain
A dangerous new remote access trojan (RAT), dubbed SleepyDuck, is leveraging an Ethereum blockchain contract to maintain an incredibly resilient command and control (C2) infrastructure. This isn’t just another piece of malware; it’s a sophisticated threat that can update its C2 server address on the fly, making it notoriously difficult to shut down. This innovative,…
-
New Vulnerabilities Found in Windows Graphics Core, Raising Security Concerns
Security researchers have uncovered critical vulnerabilities in Microsoft’s Windows Graphics Device Interface (GDI), potentially allowing remote code execution and information disclosure. Patches have been released, but continuous vigilance is crucial for Windows users.
-
New TEE.fail Side-Channel Attack Compromises Intel and AMD Trusted Execution Environments
A new low-cost physical side-channel attack, TEE.fail, bypasses Intel and AMD Trusted Execution Environments, allowing cryptographic key extraction and subversion of secure attestation, according to researchers. This attack highlights critical vulnerabilities in confidential computing architectures.
-
New Android Trojans BankBot-YNRK and DeliveryRAT Target Financial Data
Cybersecurity researchers have identified BankBot-YNRK and DeliveryRAT, two sophisticated Android trojans actively exfiltrating sensitive financial data and cryptocurrency assets. These threats employ advanced evasion techniques and malware-as-a-service models, with a related trend of NFC misuse for payment data theft.
-
Russian Missile Strikes on Ukraine’s Energy Infrastructure Reach Two-and-a-Half-Year High
Russian missile attacks against Ukraine’s energy infrastructure surged in October, marking the highest monthly total in over two and a half years and signaling an intensified campaign as winter approaches.
-
Ukraine Alleges Rosatom Coordinated Strikes on Nuclear Plant Substations
Ukrainian Foreign Minister Andrii Sybiha alleges that Russia’s Rosatom coordinated drone and missile strikes on substations linked to Ukrainian nuclear power plants, raising severe nuclear safety concerns.
-
Ukrainian Intelligence Operation Pinpoints Over 300 Abducted Children in Russia
Ukrainian intelligence agencies have identified over 300 abducted children in Russia, providing specific names and addresses to support international efforts for their return and to counter Russian denials. This initiative aligns with ongoing international legal actions against war crimes.