show episodes
 
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
  continue reading
 
Bi-Weekly Cyber intellgence briefing, each episode includes update regrading some of the latest events happened in the cyber security world. This podcast is meant for people who wants to listen to a short (5 minute) overview about some of the latest events happened lately in the cyber world. The Podcast is not getting into technical details and anyone can understand.
  continue reading
 
Loading …
show series
 
Stay vigilant against Black Basta’s sophisticated ransomware tactics! In our latest analysis, Black Basta continues to be a leading threat in the cyber landscape, targeting industries, such as healthcare, finance, and manufacturing. Known for exploiting vulnerabilities and using double extortion, this ransomware group applies social engineering to …
  continue reading
 
Stay ahead of cybersecurity trends with CYFIRMA's October 2024 Ransomware Report! This month saw a 42.78% increase in ransomware, led by groups like RansomHub, and new threats emerging, such as Hellcat and Playboy. Manufacturing and Healthcare were heavily impacted, while DragonForce expanded its Ransomware-as-a-Service model. Tactics like “Bring Y…
  continue reading
 
CYFIRMA’s research team has uncovered a new strain of malware known as "Wish Stealer," a sophisticated Node.js-based program targeting Windows users. This malware is designed to steal sensitive information from popular platforms like Discord, various web browsers, and cryptocurrency wallets. It employs advanced techniques, including privilege escal…
  continue reading
 
A recently discovered variant of the SpyNote Remote Access Trojan (RAT) is posing as "Avast Mobile Security for Android." Upon installation, it gains extensive control over your device, silently granting itself permissions and displaying fake system update notifications. This sneaky malware operates in the background, restarts if stopped, and preve…
  continue reading
 
Quishing, a dangerous combination of QR codes and phishing, is emerging as a significant threat that can lead to unauthorized access to sensitive information. Cybercriminals exploit the increasing prevalence of QR codes to trick users into scanning malicious links, resulting in credential theft and data breaches. Given the rapid rise in QR code phi…
  continue reading
 
CYFIRMA's latest research highlights the G700 RAT, a potent malware targeting Android devices, especially in the cryptocurrency and finance sectors. With advanced techniques like privilege escalation, SMS hijacking, and phishing injection, G700 RAT can bypass security and compromise sensitive data. Strengthen your defenses to stay protected! Link t…
  continue reading
 
Critical Alert: Organizations using TeamViewer's Remote Client and Remote Host products on Windows must act now! CVE-2024-7479 and CVE-2024-7481 present a severe risk of privilege escalation. With millions of users potentially affected globally, immediate action is crucial. Both flaws involve improper cryptographic signature verification during dri…
  continue reading
 
Our Q3 2024 APT Quarterly Highlights Report reveals intensified cyber activities from APT groups in Iran, Russia, China, and North Korea, indicating heightened espionage efforts. Iran’s MuddyWater and APT34 leveraged custom malware like BugSleep, while Russia’s APT29 and APT28 capitalized on zero-day vulnerabilities for sophisticated infiltration. …
  continue reading
 
Ivanti Virtual Traffic Manager (vTM) users – A critical authentication bypass flaw (CVSS 9.8) is now being actively exploited! This vulnerability allows unauthenticated attackers to gain admin control over your systems. Patch now to prevent unauthorized access, data theft, or malware deployment. Public exploit code is already circulating. Stay secu…
  continue reading
 
CYFIRMA's investigation uncovered a major data breach at Cisco, led by the notorious threat actor IntelBroker. On October 14, 2024, IntelBroker posted on BreachForum, revealing that critical data such as source code, hard-coded credentials, SSL certificates, API tokens, and confidential documents were stolen. This breach impacts Cisco's B2B clients…
  continue reading
 
The proliferation of stealers, particularly those masquerading as open-source projects, poses significant risks to users. With capabilities to steal sensitive information, such as passwords, cryptocurrency wallets, and browser data, these malware variants not only threaten individual privacy but also create broader cybersecurity challenges. As deve…
  continue reading
 
The Israeli invasion of Lebanon began with the declared goal to remove Hezbollah's military infrastructure from the south of the country so that Israelis living in northern Israel could return to their homes, from which they have been driven by the low-intensity conflict raging on the border since Hamas' raid on Gaza last year. The Israeli army has…
  continue reading
 
Stay ahead of cybersecurity trends with CYFIRMA's September 2024 Ransomware Report. This month’s analysis highlights significant shifts among top ransomware groups like Medusa, which saw a 525% surge in victims, while others like RansomHub and Meow experienced declines. Key industries such as IT and transportation saw notable increases, while secto…
  continue reading
 
Immediate action is required for all organizations using iTunes for Windows! CVE-2024-44193 is a critical local privilege escalation vulnerability that could lead to unauthorized system access. Attackers exploit misconfigured permissions in the AppleMobileDeviceService.exe to elevate privileges and gain control. Given the widespread use of iTunes, …
  continue reading
 
Our latest research dives deep into Yunit Stealer, a sophisticated malware designed to steal sensitive data, such as credentials, cookies, and cryptocurrency wallets. This malware employs advanced evasion techniques, including obfuscation and persistence methods, making it a formidable threat to cybersecurity. Yunit Stealer can disable Windows Defe…
  continue reading
 
A new malware threat, Vilsa Stealer, has surfaced. Discovered on GitHub, this malware is designed to quietly steal your most sensitive information, everything from browser passwords to cryptocurrency wallets and even Discord credentials. What makes it particularly scary is its ability to sneak past security measures and hide in your system, all the…
  continue reading
 
CYFIRMA's latest report delves into a crucial investigation targeting the malicious infrastructure linked to the APT group "Transparent Tribe." Employing open-source intelligence (OSINT), we thoroughly tracked the command-and-control (C2) servers utilized by this persistent threat actor. By leveraging advanced techniques such as JARM fingerprinting…
  continue reading
 
As the U.S. presidential election in November approaches and the campaigns of former President Trump and Vice President Harris ramp up, hackers from Washington's adversaries are intensifying their efforts to disrupt or influence voting. Among these adversaries, Iran is emerging as an increasingly significant player. Link to the Research Report: IRA…
  continue reading
 
Critical Alert: Organizations using Apache OFBiz must act now! CVE-2024-38856 presents a severe risk of remote code execution. With millions of users potentially affected globally, immediate action is crucial. This flaw allows unauthenticated users to bypass security restrictions and execute screen rendering code via specially crafted requests thro…
  continue reading
 
The CYFIRMA research team has examined a variant of the Gomorrah stealer malware, a .NET-based malware that targets a range of sensitive data on infected systems. This report provides a comprehensive analysis of its operational methods and evasion techniques to remain undetected. This information-stealing malware operates within a malware-as-a-serv…
  continue reading
 
CVE-2024-40725 and CVE-2024-40898 are critical vulnerabilities in Apache’s HTTP Server. CVE-2024-40725 affects the mod_proxy module and enables HTTP Request Smuggling attacks, while CVE-2024-40898 allows authentication bypass due to improper SSL configuration. With widespread exposure, these vulnerabilities pose severe risks globally. Immediate pat…
  continue reading
 
The CYFIRMA research team presents an analysis of a new malware, the BLX Stealer, also known as XLABB Stealer, which is targeting sensitive data like credentials, browser information, cryptocurrency wallets, and Discord tokens. Actively promoted on Telegram and Discord, this malware can persist through system reboots and even uses Discord Webhook f…
  continue reading
 
Stay informed with CYFIRMA's Tracking Ransomware-August 2024 Report, highlighting critical shifts in ransomware activities. Emerging groups like RansomHub and Lynx surged, with RansomHub seeing a 57.78% rise in victims and Lynx skyrocketing by 900%. In contrast, established actors like LockBit3 faced a 23.68% decline. The Manufacturing, Finance, an…
  continue reading
 
The CYFIRMA research team explores a new malware, dubbed "Ailurophile Stealer" that targets sensitive browser data, such as passwords, cookies, and browsing history. Distributed via GitHub, this threat uses advanced tactics like UPX packing and command-and-control communication via Telegram to evade detection. The attackers, likely operating from V…
  continue reading
 
The rise of Deepfake technology brings both opportunities and challenges. Our new report, Deepfake Defense: Strategic Solutions, explores the complex risks Deepfakes pose to privacy, security, and public trust and offers actionable strategies to defend against them. Discover how we can safeguard society in this new digital age. Read the full report…
  continue reading
 
The CYFIRMA research team presents an analysis of a new keylogger that uses PowerShell scripts to silently capture sensitive information, such as passwords and credit card details. This sophisticated malware employs techniques, including system discovery, command execution, and encrypted C2 communication. The attackers also use anonymized networks …
  continue reading
 
Since Israel launched its invasion of Gaza following the October 7 Hamas attack on Israel, Israel, and Hezbollah have also traded blows on the southern border of Lebanon in a low-intensity conflict. Many Israeli officials see full-scale war as inevitable. The situation could quickly change and escalate into a war, inadvertently based on miscalculat…
  continue reading
 
The CYFIRMA research team provides an analysis of the Mekotio Trojan. Our study uncovers how it conceals its operations, interacts with command-and-control servers, and maintains persistence on infected systems. Check out our full report to gain a better understanding and combat this evolving threat. Link to the Research Report: Analyzing the Mekot…
  continue reading
 
The CYFIRMA research team presents their latest report! Organizations using Microsoft Windows Wi-Fi Drivers must act now! CVE-2024-30078 presents a severe risk of remote code execution. With billions of Microsoft Windows Wi-Fi Drivers potentially affected globally, immediate action is crucial. Learn more with insights into this vulnerability. Safeg…
  continue reading
 
The CYFIRMA research team reveals a critical update in the malware landscape: We have recently identified a dropper binary that deploys an information-stealing malware known as "Angry Stealer." This malware is making its rounds on various platforms, including websites and Telegram, where it's being advertised. Angry Stealer is essentially a rebrand…
  continue reading
 
CYFIRMA research team’s latest report explores the tactics of hacktivists - ransomware variants, stealer logs, and strategic alliances - and examines their motivations; be they geopolitical, financial, cultural, or racial. It also shows how social media is being leveraged for recruitment, coordination, and monetization via theft or extortion, what …
  continue reading
 
CYFIRMA’s research team have just published a new report on the QWERTY Info Stealer malware. Our analysis reveals how this malware collects and sends sensitive data from infected systems while using advanced techniques to avoid detection. Stay informed about this threat to better protect your data and systems. Link to the Research Report: QWERTY IN…
  continue reading
 
U.S. water systems deliver safe and affordable drinking water to millions of people, while also supporting agriculture, industry, and power generation. However, this critical infrastructure faces significant challenges from aging facilities, increasing demand, and emerging cyberthreats. Our report outlines the key threats to water infrastructure, t…
  continue reading
 
Stay informed with CYFIRMA's Tracking Ransomware-July 2024 Report, highlighting the latest cybersecurity trends. RansomHub and LockBit3 have seen significant surges in activity, with LockBit3 experiencing a remarkable 245.5% increase. While the manufacturing sector saw a 10.9% decline, Education faced a staggering 250% rise in attacks. The US conti…
  continue reading
 
The CYFIRMA research team is actively monitoring the ongoing fallout from the CrowdStrike Blue Screen of Death (BSOD) incident. Our updated report offers a comprehensive analysis of the tactics, techniques, and procedures (TTPs) used by threat actors exploiting this situation. In this updated report, we provide further insights, including a detaile…
  continue reading
 
CVE-2024-6387 Alert! A critical vulnerability in OpenSSH's server (sshd) allows unauthenticated remote code execution with root access, affecting over 4.8 million internet-exposed instances. This flaw poses a significant risk across various industries and geographies and is being actively exploited in the wild, as confirmed by CISA’s Known Exploite…
  continue reading
 
The death of Hamas leader Ismail Haniyeh in Tehran, and the announcement of the death of Hamas military wing commander Muhammad Daif on the same day is likely to escalate the ongoing cyberwar as Iran vows revenge. The dire humanitarian situation in Gaza will continue to fuel pro-Palestinian sentiment and inspire further hacktivist action, while the…
  continue reading
 
Critical Alert: Organizations relying on ServiceNow must act now! CVE-2024-4879 poses a grave risk of remote code execution and unauthorized data access. With extensive global use, swift action is imperative. Attackers exploit Jelly template injections to trigger code execution, risking sensitive data and service disruptions. Update ServiceNow, mon…
  continue reading
 
The CYFIRMA research team has examined a variant of the Mint Stealer malware and provides a comprehensive analysis of this information-stealing malware operating within a malware-as-a-service (MaaS) framework. Designed to target sensitive data, Mint Stealer employs sophisticated techniques to evade detection. This report explores its evasion tactic…
  continue reading
 
The Cyfirma research team has investigated the Flame Stealer, which is maintaining a strong presence with predominantly Portuguese speakers. This malware is designed to stealthily extract data from a wide range of sources, including discord tokens, browser cookies, credentials, etc. Flame Stealer employs advanced techniques such as covert data extr…
  continue reading
 
Our Q2 2024 APT Quarterly Highlights report reveals a surge of dynamic and innovative cyber activities from Iranian, Russian, Chinese, and North Korean APT groups, challenging the global cybersecurity landscape. Detailed analysis reveals escalating cyber threats from Iran's Void Manticore and APT42 targeting critical sectors, to Russia's APT28 and …
  continue reading
 
A critical vulnerability (CVE-2024-24919) with a CVSS score of 8.6 has been discovered in EOL Check Point devices, allowing remote attackers to read arbitrary files. The Hacktivist group "Ghost Clan Malaysia" has shared affected IP addresses worldwide. Upgrade to supported versions and apply necessary hotfixes immediately to protect your data and i…
  continue reading
 
Braodo Info Stealer, a Python-based malware, is targeting users in Vietnam and several other countries. This sophisticated threat spreads possibly through phishing emails, uses GitHub for hosting malicious code, and exfiltrates stolen data via Telegram channels. Learn more about this emerging threat impacting global cybersecurity. Link to the Resea…
  continue reading
 
Stay informed about the latest developments in cybersecurity with CYFIRMA's Tracking Ransomware-June 2024 Report. This month's report highlights key trends, including a decrease in ransomware attacks by groups like Play and RansomHub, while Akira and Qilin increased their operations. Discover significant changes in targeted industries, with most se…
  continue reading
 
Critical Alert: Organizations using PHP in CGI mode must act now! CVE-2024-4577 presents a severe risk of remote code execution. With millions of websites potentially affected globally, immediate action is crucial. Attackers can exploit CGI argument injection to execute arbitrary commands, leading to unauthorized access or server compromise. Update…
  continue reading
 
The CYFIRMA team has uncovered "Kematian-Stealer," a sophisticated info stealer targeting Windows systems, hosted on GitHub. This open-source malware is designed to stealthily extract data from a wide range of sources, including browsers, cryptocurrency wallets, messaging apps, gaming platforms, VPNs, and email clients. Kematian-Stealer employs adv…
  continue reading
 
This year’s Olympic games come at a heightened moment for international conflict & terrorism. The potential for a jihadi group or individuals inspired by one to take the world’s attention with a potential attack or for Russia to try to embarrass France with acts of sabotage are very high. Link to the Research Report: Paris Olympics - CYFIRMA #Geopo…
  continue reading
 
Cyfirma research team has examined a variant of Lumma Stealer malware, and this report provides a comprehensive analysis of this advanced information-stealing malware, explores the tactics employed by threat actor to evade detection on the system and over the network, as well as their techniques for concealing malicious code and activities. Lumma S…
  continue reading
 
CYFIRMA's latest investigation reveals how terrorist groups in Kashmir are still exploiting digital platforms to spread propaganda and influence people. Their psychological operations (Psy Ops) aim to manipulate public perception, spread fear, and destabilize the region. Despite a reduction in physical presence, groups like TRF and Kashmir Tigers a…
  continue reading
 
Stay informed about the latest trends in the ransomware landscape with CYFIRMA's May 2024 Ransomware report. This edition highlights significant increases in ransomware activity, with LockBit3 surging tremendously and Play rising by 10.34%. Incransom's activity doubled, while RansomHub and Medusa also showed notable activity. Manufacturing, real es…
  continue reading
 
Loading …

Quick Reference Guide