Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that’s designed to fly under the radar and drop additional payloads onto a compromised host.
“It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM (anti-sandbox) techniques as they could find,” Minerva Labs researcher Natalie Zargarov said.
“One such technique

In an ideal world, security and development teams would be working together in perfect harmony. But we live in a world of competing priorities, where DevOps and security departments often butt heads with each other.
Agility and security are often at odds with each other— if a new feature is delivered quickly but contains security vulnerabilities, the SecOps team will need to scramble the release

A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas.
Cisco Talos said it “observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389.”
The attacks, per the cybersecurity company,

Bad actors love to deliver threats in files. Persistent and persuasive messages convince unsuspecting victims to accept and open files from unknown sources, executing the first step in a cyber attack. 
This continues to happen whether the file is an EXE or a Microsoft Excel document. Far too often, end users have an illusion of security, masked by good faith efforts of other users and (

The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting continued evolution of the group’s features and tactics.
APT37, also tracked under the monikers Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is linked to North Korea’s Ministry of State Security (MSS) unlike the Lazarus and

The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications.
“The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators,” NIST said.

The advanced persistent threat (APT) actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022.
The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It’s also the second attack aimed at Group-IB, the first of which took place in March 2021.
Tonto Team,

The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks.
Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to “read memory contents or enact a denial-of-service,” the maintainers said in an advisory.
The

The recently published Security Navigator report of Orange Cyberdefense shows there has been a  rapid increase of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That’s to be expected, as production systems are commonly connected to ordinary corporate networks at this point. Though the data

The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason.
The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors abusing the foothold to deliver Cobalt Strike and SystemBC for post-exploitation.
“The threat actor