Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that’s designed to fly under the radar and drop additional payloads onto a compromised host.
“It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM (anti-sandbox) techniques as they could find,” Minerva Labs researcher Natalie Zargarov said.
“One such technique

In an ideal world, security and development teams would be working together in perfect harmony. But we live in a world of competing priorities, where DevOps and security departments often butt heads with each other.
Agility and security are often at odds with each other— if a new feature is delivered quickly but contains security vulnerabilities, the SecOps team will need to scramble the release

A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine.
Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056.
“The malware is written in Go and is designed to harvest a wide

Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts.
The attackers “use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer,” Trend Micro researchers Aliakbar

A Sydney man has been sentenced to an 18-month Community Correction Order (CCO) and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers.
The unnamed individual, 19 when arrested in October 2022 and now 20, used the leaked records stolen from the security lapse to orchestrate an SMS-based extortion scheme.
The suspect

After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data.
The emergence of the new variant was reported by a system administrator on an online forum, where another participant stated that files larger than 128MB

Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM.
Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which “an attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed

A previously unknown threat actor has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information.
Enterprise security company Proofpoint, which is tracking the activity cluster under the name Screentime, said the group, dubbed TA866, is likely financially motivated.
“TA866 is an organized actor able to perform well thought-out attacks at

The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications.
“The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators,” NIST said.

The advanced persistent threat (APT) actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022.
The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It’s also the second attack aimed at Group-IB, the first of which took place in March 2021.
Tonto Team,