CyberSecurityBoard
Sponsor Register Login

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Threat actors may have exploited a zero-day in older iPhones, Apple warns.
Microsoft fixed two zero-day bugs exploited in malware attacks.
Threat actors actively exploit JetBrains TeamCity flaws to deliver malware.
Recent DarkGate campaign exploited Microsoft Windows zero-day.
Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws.
Multiple malware used in attacks exploiting Ivanti VPN flaws.
Ivanti warns of a new actively exploited zero-day.
Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware.
Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell.
Citrix warns admins to immediately patch NetScaler for actively exploited zero-days.
Phemedrone info stealer campaign exploits Windows smartScreen bypass.
Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies.
Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware.
Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw.
Threat actors started exploiting critical ownCloud flaw CVE-2023-49103.
Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748.
Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August.
Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519.
Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform.
UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw.


This Cyber News was published on securityaffairs.com. Publication date: Sun, 26 May 2024 19:13:08 +0000


Cyber News related to CERT-UA warns of malware campaign conducted by threat actor UAC-0006

WinRAR Flaw: LONEPAGE Malware Strikes Ukrainian Firms - In the realm of cybersecurity, vigilance is paramount, and recent developments reveal a persistent threat facing Ukrainian entities. In this blog post, we'll look into the intricate details of the persistent cybersecurity threat posed by LONEPAGE ...
5 months ago Securityboulevard.com
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
1 month ago Securityaffairs.com
Unit 42 Collaborative Research With Ukraine's Cyber Agency To Uncover the Smoke Loader Backdoor - This collaborative research focuses on recent Smoke Loader malware activity observed throughout Ukraine from May to November 2023 from a group the CERT-UA designates as UAC-0006. The SCPC SSSCIP has identified Smoke Loader as a prominent type of ...
3 months ago Unit42.paloaltonetworks.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
6 months ago Feeds.fortinet.com
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor's Activity - By analyzing tools, logs and artifacts left open to the internet, we were able to profile the threat actor and their victims. After analyzing the artifacts we can conclude with moderate confidence that the majority of the threat actor activity ...
6 months ago Thedfirreport.com
UAC Bypass: 3 Methods Used Malware In Windows 11 in 2024 - User Account Control is one of the security measures introduced by Microsoft to prevent malicious software from executing without the user's knowledge. Modern malware has found effective ways to bypass this barrier and ensure silent deployment on the ...
1 month ago Cybersecuritynews.com
APT trends report Q1 2024 - Careto is a highly sophisticated threat actor that has been seen targeting various high-profile organizations since at least 2007. The last operations conducted by this threat actor were observed in 2013. Our private report provided a detailed ...
1 month ago Securelist.com
Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware - Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat. A new report from U.S.-based cybersecurity company Proofpoint exposes a new attack campaign operated by a ...
6 months ago Techrepublic.com
Windows Incident Response: Human Behavior In Digital Forensics, pt III - Digital forensics can provide us insight into a threat actor's sophistication and situational awareness, which can, in turn, help us understand their intent. Observing the threat actor's actions helps us understand not just their intent, but what ...
5 months ago Windowsir.blogspot.com
New Tool Set Found Used Against Organizations in the Middle East, Africa and the US - Unit 42 researchers observed a series of apparently related attacks against organizations in the Middle East, Africa and the U.S. We will discuss a set of tools used in the course of the attacks that reveal clues about the threat actors' activity. We ...
7 months ago Unit42.paloaltonetworks.com
February 2024's Most Wanted Malware: WordPress Websites Targeted by Fresh FakeUpdates Campaign - Our latest Global Threat Index for February 2024 saw researchers uncover a fresh FakeUpdates campaign compromising WordPress websites. These sites were infected using hacked wp-admin administrator accounts, with the malware adapting its tactics to ...
3 months ago Blog.checkpoint.com
India's CERT exempted from freedom of information laws The Register - India's government has granted its Computer Emergency Response Team, CERT-In, immunity from Right To Information requests - the nation's equivalent of the freedom of information queries in the US, UK, or Australia. Reasons for the exemption have not ...
7 months ago Theregister.com
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
5 months ago Thedfirreport.com
PurpleFox malware infected thousands of systems in Ukraine - The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or ...
5 months ago Bleepingcomputer.com
PurpleFox malware infects thousands of computers in Ukraine - The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or ...
5 months ago Bleepingcomputer.com
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
5 months ago Securityintelligence.com
How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
2 months ago Pandasecurity.com
Global malspam targets hotels, spreading Redline and Vidar stealers - The latest global malspam campaign targets the hotel industry, emphasizing the need to stay alert against such attacks at all times. Cybersecurity researchers at Sophos X-Ops have issued a warning to the hospitality industry about a sophisticated ...
6 months ago Hackread.com
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
5 days ago Pandasecurity.com
Qbot malware returns in campaign targeting hospitality industry - The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer. In August, a multinational law enforcement operation called Operation Duck Hunt accessed the QakBot admin's ...
6 months ago Bleepingcomputer.com
Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign - A threat actor known for repeatedly targeting organizations in Ukraine with the RemcosRAT remote surveillance and control tool is back at it again, this time with a new tactic for transferring data without triggering endpoint detection and response ...
5 months ago Darkreading.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 month ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 month ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 month ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 month ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)