Velociraptor incident response tool abused for remote access

Joseph Cox and Jaso Koebler report: Hackers have targeted GlobalX Air, one of the main airlines the Trump administration is using as part of its deportation efforts, and stolen what they say are flight records and passenger manifests of all of its flights, including those for deportation, 404 Media has learned. The data, which the…

The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex. “Lotus Blossom has been using the Sagerunex backdoor since at least 2016 and is increasingly employing long-term persistence command shells and…

Categories: Sophos Insights Tags: Sophos AI, Gen AI, Year in Review

Although many ransomware gangs no longer encrypt victims and focus on exfiltration and extortion, some groups continue to encrypt. Anubis RaaS is one of them. SuspectFile reports that Anubis recently attacked Mid South Pulmonary & Sleep Specialists (MSPS) in Tennessee and was willing to answer some questions from SuspectFile. According to the spokesperson, initial access……

Multiple threat activity clusters with ties to North Korea (aka Democratic People’s Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. “The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North…

From NY DFS: New York State Department of Financial Services (DFS) Acting Superintendent Kaitlin Asrow today issued new cybersecurity guidance addressing the risks associated with entities becoming increasingly reliant on third-party service providers (TPSPs). The guidance builds on the Department’s ongoing work to protect New Yorkers and DFS-regulated entities from cybersecurity risks through its nation-leading……