SEARCH
All Articles
Lazarus APT Uses Updated Malware in Potential Supply Chain Attacks
The Lazarus group has been recently observed “building supply-chain attack capabilities” by targeting a legitimate South Korean security software and an IT asset monitoring solution vendor.
Emerging Loader Delivered Via Hijacked Email Threads
Researchers shed light on a malware loader that's been spotted consistently being spread via email spam messages over the past month.
Nation-State Attackers Sharpen Focus on Governments, NGOs
New data from Microsoft shows that Nobelium, Thallium, and other nation-state attack groups are increasingly focusing on government agencies and NGOs.
Microsoft Warns of Ongoing Nobelium Supply Chain Attacks
Microsoft said that the threat group has used phishing and password-spraying attacks to compromise at least 14 IT service providers this year.
Decipher Podcast: Courtney Nash
Courtney Nash of Verica joins Dennis Fisher to talk about the new Verica Open Incident Database, which centralizes reports of software outages, security incidents, and near misses, and why studying the way systems fail is so valuable.
Researcher Discovers Private Keys to Decrypt Rogue Cobalt Strike Beacon Communications
Didier Stevens has discovered several shared keypairs used by rogue Cobalt Strike implementations used by malicious actors.
TodayZoo Phishing Kit Used to Swipe Microsoft Credentials
Microsoft researchers said TodayZoo, used for a massive campaign aimed at stealing victims’ credentials, was pieced together from an old phishing kit template.
U.S. Export Controls Crack Down on Surveillance Tools
A newly proposed interim final rule is the result of 2017 negotiations as part of the Wassenaar Arrangement after initial export rules were met with criticism.
Google Disrupts Cookie Theft Malware Attacks
Google researchers point to a resurgence in a decades-old session hijacking tactic, as seen in a recent phishing campaign.
New TA551 Email Campaign Installs Sliver Red-Team Tool
A new email hijacking campaign by the TA551 attack group is installing the legitimate Sliver red-team tool as a payload, possibly for use in future ransomware operations.
Q&A: Genevieve Stark and Joshua Shilko
Mandiant threat intelligence researchers give Decipher editor Lindsey O'Donnell-Welch a behind-the-scenes look at how they began tracking recently discovered ransomware group FIN12 - and what's next for the group.
Telecom Firms Compromised in LightBasin Cyberattacks
A well-known attack group has compromised at least 13 telecommunications organizations since 2019, relying on custom toolsets and a novel C2 persistence method.
BlackMatter Ransomware Actors Targeting Critical Infrastructure
The BlackMatter ransomware operators are targeting critical infrastructure operators in the U.S., including food suppliers.
FinCEN Warns of Evolving Ransomware Money Laundering Efforts
A Financial Crimes Enforcement Network (FinCEN) report showed cybercriminals switching up their money laundering efforts, in order to avoid detection by law enforcement.
Ransomware Groups Hit Three Wastewater Facilities This Year
Ransomware actors hist three wastewater facilities in the U.S. in the last few months, accessing SCADA devices and disrupting operations, CISA said.