CISA, FBI, and CNMF Identify a New Malware Variant: ComRAT

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense Cyber National Mission Force (CNMF) have identified a malware variant—referred to as ComRAT—used by the Russian-sponsored advanced persistent threat (APT) actor Turla. In Read More …

FBI warning: Trickbot and ransomware attackers plan big hit on US hospitals

US healthcare providers, already under pressure from the COVID-19 pandemic, have been put on high alert over Trickbot malware and ransomware targeting the sector. The warning over an “imminent cybercrime threat to US hospitals and healthcare providers” comes from the Read More …

North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn

The North Korean advanced persistent threat (APT) group known as Kimsuky is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Kimsuky (a.k.a. Hidden Cobra) Read More …

Russian state hackers stole data from US government networks

DHS Cybersecurity and Infrastructure Security Agency (CISA) and the FBI today warned that a Russian state-sponsored APT threat group known as Energetic Bear has hacked and stolen data from US government networks during the last two months. Energetic Bear (also Read More …

IAmTheKing and the SlothfulMedia malware family

On October 1, 2020, the DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would Read More …

Microsoft Addresses Windows TCP/IP RCE/DoS Vulnerability

Microsoft has released a security update to address a protocol vulnerability—CVE-2020-16898—in Windows Transmission Control Protocol (TCP)/IP stack handling of Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement packets. A remote attacker could exploit this vulnerability to take control of Read More …

Hacker groups chain VPN and Windows bugs to attack US government networks

Hackers have gained access to government networks by combining VPN and Windows bugs, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint security alert published on Friday. Attacks have targeted federal Read More …

CISA warns of notable increase in LokiBot malware

The US government’s cyber-security agency has issued a security advisory today warning federal agencies and the private sector about “a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020.” The Cybersecurity and Infrastructure Security Read More …

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers. Patches are currently Read More …