* Mandiant tracked 55 zero-day vulnerabilities that we judge were exploited in 2022. Although this count is lower than the record-breaking 81 zero-days exploited in 2021, it still represents almost triple the number from 2020. * Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022, which is consistent with previous years. * We identified four zero-day vulnerabilities exploited by financially motivated threat actors. 75% of these instances appear to be linked to ransomware operations. * Products from Microsoft, Google, and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with previous years. The most exploited product types were operating systems (OS) (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (6).

We have been seeing notable changes to TTPs used in GOOTLOADER operations since 2022.

Google Ads is one of the most popular advertising platform, but it's also a target for cybercriminals. Learn how they are using it to spread malware.

A newly uncovered technique to abuse Google’s ad-words powerful advertisement platform is spreading rogue promoted search results in mass. Pointing to allegedly credible advertisement sites that are fully controlled by threat actors, those are used to masquerade and redirect ad-clickers to malicious phishing pages gaining the powerful credibility and targeting capabilities of Google’s search results. Adding customized malware payloads, threat actors are raising the bar for successful malware deployments on Personal PCs with ad words like Grammarly, Malwarebytes, and Afterburner as well as with Visual Studio, Zoom, Slack, and even Dashlane to target organizations.

How Finland Is Teaching a Generation to Spot Misinformation The Nordic country is testing new ways to teach students about propaganda. Here’s what other countries can learn from its success.

* Ukraine has released an instruction video for Russian soldiers on surrendering to a drone. * It's part of the "I Want to Live" hotline, which entices Russians to stop fighting in Ukraine. * The video suggests that surrendering via drone may become increasingly common.

As part of our research into the cryptomining botnet kmsdbot, we rendered it useless.

We see that one of our vulnerabilities is exploited in the wild Link. So we decided to public the detail analysis of our two bug chains. Any customer has enough information to mitigate these bugs. The vendor also released all patches a week ago. This blog post shares the detail

After inadvertently finding that InfoSys leaked an AWS key on PyPi I wanted to know how many other live AWS keys may be present on Python package index. After scanning every release published to PyPi I found 57 valid access keys from organisations like: Amazon themselves 😅 Intel Stanford, Portland and Louisiana University The Australian Government General Atomics fusion department Terradata Delta Lake And Top Glove, the worlds largest glove manufacturer 🧤

We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses. The sample was first uploaded to VT on November 23, 2022 and tagged by the VT community as a possible variant of the Pandora Ransomware. The assumed connection to the Pandora Ransomware was due to some similarities between the CatB and Pandora ransom notes. However, the similarities pretty much end there. The CatB ransomware implements several anti-VM techniques to verify execution on a “real machine”, followed by a malicious DLL drop and DLL hijacking to evade detection.

Suite à un piratage, Adecco a lancé début novembre une enquête. La société donne de plus amples informations : « certaines de vos données personnelles présentes dans un de nos systèmes d’informations (noms, prénoms, adresses email...

More than 200 local governments, schools and hospitals in the U.S. were affected by ransomware in 2022, according to research conducted by cybersecurity firm Emsisoft. The annual “State of Ransomware in the US” report found that 105 local governments; 44 universities and colleges; 45 school districts; and 25 healthcare providers operating 290 hospitals dealt with ransomware attacks last year.

A comprehensive analysis of the year's new malware

If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022). $ pip3 uninstall -y torch torchvision torchaudio torchtriton $ pip3 cache purge PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices.

The U.S. military's Cyber Command hunted down foreign adversaries overseas ahead of this year's mid-term elections, taking down their infrastructure before they could strike, the head of U.S. Cyber Command said. U.S. Army General Paul Nakasone said the cyber effort to secure the vote began before the Nov. 8 vote and carried through until the elections were certified. "We did conduct operations persistently to make sure that our foreign adversaries couldn't utilize infrastructure to impact us," Nakasone, who is also the director of the U.S. National Security Agency, told reporters.

With the ongoing war in Ukraine, in the Polish cyberspace, there are more and more occurrences classified as computer incidents, including attacks perpetrated by Russian hackers. This is a response of the Russian Federation to the Poland’s support provided to Ukraine and an attempt to destabilise the situation in our country.

New YouTube Bot Malware Spotted Stealing User’s Sensitive Information

Italians Users Targeted By PureLogs Stealer Through Spam Campaigns

Meet Toka, the Israeli cyber firm founded by Ehud Barak, that lets clients hack cameras and change their feeds – just like in Hollywood heist movies

The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow.

A watchdog is to investigate Twitter after a hacker claimed to have private details linked to more than 400 million accounts.

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) observed activity targeting employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia. Based on the observed tradecraft, infrastructure, tooling, and account affiliations, MSTIC attributes this campaign with high confidence to ZINC, a state-sponsored group based out of North Korea with objectives focused on espionage, data theft, financial gain, and network destruction.

ReversingLabs Malware Researcher Joseph Edwards takes a deep dive into ZetaNile, a set of open-source software trojans being used by Lazarus/ZINC.