Skip to main content

Posts

Unmasking the Cyber Underworld: The Rise of HTTP/2 Rapid Reset Attacks

  In the dark alleys of the internet, a new breed of cybercriminals is quietly perfecting their art. Meet the villains behind the alarming surge in HTTP/2 rapid reset attacks, a phenomenon that's casting shadows over online security. In a world driven by technological advances, the internet is the lifeblood of our daily routines. From streaming videos to online shopping, we depend on a seamless digital experience. But hidden from plain sight, cybercriminals have been orchestrating attacks that threaten this very experience.
Recent posts

Unleashing Chaos: Craxs Rat Update V5 Introduces Terrifying New Features

The notorious Craxs Rat malware has recently unleashed its latest version, Update V5, introducing a range of new features and enhancements. This update further strengthens the capabilities of Craxs Rat, posing an increased threat to individuals and organizations alike. In this article, we delve into the details of the updated features of Craxs Rat V5, shedding light on its improved functionality and potential impact on cybersecurity.

GoldenJackal APT group: A threat to government and diplomatic entities in the Middle East and South Asia

A new report from the cybersecurity firm Securelist has identified a new APT group that has been active since at least 2019. The group, which is named GoldenJackal , is believed to be based in Iran and is known for targeting government and diplomatic entities in the Middle East and South Asia. GoldenJackal has used a variety of techniques to compromise its targets, including phishing, spear phishing, and watering hole attacks. The group has also been known to use custom malware, including backdoors, stealers, and wipers.

BlackLotus UEFI Bootkit: A New Threat to Windows Security

In March 2023, security researchers from ESET announced the discovery of a new UEFI bootkit called BlackLotus . This bootkit is capable of bypassing UEFI Secure Boot, a security feature that is designed to prevent malware from infecting a computer's firmware. Once BlackLotus is installed, it can give an attacker complete control over the computer, including the ability to steal data, install other malware, and disrupt the computer's operation. BlackLotus is a sophisticated piece of malware that is difficult to detect and remove. It is also relatively new, so there is limited information about how it works. However, ESET researchers have been able to learn a lot about BlackLotus, and they have published a detailed analysis of the malware.

Recent updates to Prometei botnet reveal enhanced modules and expanded capabilities

The Prometei botnet has been an ongoing threat since Cisco Talos first reported on it in 2020. As of November 2022, the botnet has improved its infrastructure components and capabilities, including certain submodules of the execution chain that automate processes and challenge forensic analysis methods. Based on data obtained by sinkholing the DGA domains over a one-week period in February 2023, the Prometei v3 botnet is estimated to be of medium size, with more than 10,000 infected systems worldwide. The actors have been actively spreading improved Linux versions of the bot, continuously improving the current version.

Chinese Spy Balloon Spotted Over Central US, Secretary of State Blinken Postpones Trip to China

The US Pentagon announced on Friday that it had detected a Chinese spy balloon flying over the central United States. The US rejected China's claim that the balloon was a weather research airship and described it as a surveillance vehicle. Brig. Gen. Pat Ryder, the Pentagon press secretary, stated that the balloon was at an altitude of 60,000 feet, was maneuverable and posed no threat at the moment. The US Secretary of State Antony Blinken postponed a planned trip to China in response to the discovery of the balloon. The balloon was spotted over Montana, which is home to one of America's nuclear missile silo fields. The US prepared fighter jets, including F-22s, to shoot down the balloon, but ultimately decided against it due to the potential risks to people on the ground. China expressed regret for the balloon's entry into US airspace and said it was a civilian airship used mainly for meteorological research.

Prilex: The Most Advanced PoS Malware with the Ability to Block Contactless Payments

Prilex is a highly advanced malware that has evolved from ATM-focused malware into a unique modular PoS malware, known to be the most advanced PoS threat seen so far. It has a unique cryptographic scheme, performs real-time patching in target software, forces protocol downgrades, manipulates cryptograms, performs GHOST transactions and performs credit card fraud. Recently, three new versions of Prilex have been discovered with the ability to block contactless payment transactions, which have become popular due to the pandemic. These new versions block NFC-based transactions and force victims to use their physical card by inserting it into the PIN pad reader, which allows the malware to capture the data coming from the transaction.