SAS 2021: Operation Software Concepts- Tempemail

During the ‘Operation Software Concepts: A Beautiful Envelope for Wrapping Weapon‘ talk on SAS-at-Home 2021, Rintaro Koike, Shogo Hayashi and Ryuichi Tanabe from NTT Security (Japan) will cover a new APT campaign named Operation Software Concepts. They will share details about this multi-stage attack campaign targeting Russian and Mongolian governments Continue Reading

Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation – Tempemail

Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. “With over 100 available Continue Reading

Security operation for Queen’s death includes social media blackouts | The Queen- Tempemail

The UK government’s vast security operation to manage the immediate aftermath of the death of the Queen include official social media blackouts and a ban on retweets. The secret documents, codenamed Operation London Bridge and seen by Politico, reveal the scale of the plans for the funeral and government anxieties Continue Reading

Operation TunnelSnake: formerly unknown rootkit used to secretly control networks of regional organizations- Tempemail

Windows rootkits, especially those operating in kernel space, are pieces of malware infamous for their near absolute power in the operating system. Usually deployed as drivers, such implants have high privileges in the system, allowing them to intercept and potentially tamper with core I/O operations conducted by the underlying OS, Continue Reading

Researchers Uncover Iranian State-Sponsored Ransomware Operation – Tempemail

Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis. “Iran’s Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign through an Iranian contracting company called ‘Emen Net Pasargard’ (ENP),” cybersecurity firm Flashpoint said in its Continue Reading

Facebook Busts Palestinian Hackers’ Operation Spreading Mobile Spyware – Tempemail

Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware. The social media giant attributed the attacks to a network connected to the Preventive Security Service (PSS), the security apparatus of the Continue Reading

Researchers Uncover Cyber Espionage Operation Aimed At Indian Army – Tempemail

Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed “Operation SideCopy” by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an advanced persistent threat (APT) group that Continue Reading

I’m a freelance writer. A Russian media operation targeted and used me | Technology

On 8 July 2020, I was contacted via direct message (DM) on Twitter by a man who introduced himself as an associate editor for PeaceData. @Alex_Lacusta described his organization as a “young, progressive global news outlet that was seeking young and aspiring writers” and was looking to grow its presence Continue Reading

Operation PowerFall: CVE-2020-0986 and variants- Tempemail

In August 2020, we published a blog post about Operation PowerFall. This targeted attack consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer 11 and an elevation of privilege exploit targeting the latest builds of Windows 10. While we already described the exploit for Internet Explorer Continue Reading

Internet Explorer and Windows zero-day exploits used in Operation PowerFall- Tempemail

Executive summary In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an Continue Reading