Mehmet Kadir CIRIK’s Post

🚨Alert! Hackers are using emojis to control malware in a sophisticated espionage campaign targeting Indian government organizations! They're utilizing a Discord-based malware called Disgomoji which uses the Dirty Pipe Line Linux bug (CVE-2022-0847) to gain unauthorized access and to control systems remotely. While this campaign specifically targets Indian government organizations, its methods and implications resonate globally, emphasizing the need for unified global efforts in cybersecurity resilience. Read: https://bit.ly/3VUpm5E #BreachWatch #Malware #Emoji #Discord #CyberAware #ThreatActors

Threat actors are taking advantage of the flawed design of Foxit PDF Reader’s alerts to deliver malware via booby-trapped PDF documents, Check Point Software researchers have warned. The researchers have analyzed several campaigns using malicious PDF files that are targeting Foxit Reader users. https://lnkd.in/der4ie9Y #PDF #Malware #Exploit #FoxitPDFReader #CybersecurityNews #InfosecNews #ITsec

🤔 Do you know how cybercriminals are leveraging DNS over HTTPS to hide their tracks? Watch this video to see how threat actors use command and control (C2) infrastructure to communicate with malware, and how DNS encryption is making it harder to detect these threats. This is how our Don’t Talk to Strangers (#DTTS)® solution solved this in 2018 already! https://bit.ly/3ziozCK Stay tuned to see how our new DoH module of adam:ONE provides proactive defense mechanism against encrypted C2 communications - Allowing you to enjoy the benefits of DoH without abdicating control of your network rules.🛡 #NetworkSecurity #CyberDefense #DataProtection #CyberThreats #InternetSecurity #Malware #Ztconnectivity

Here is your weekly cybersecurity update featuring major news, #vulnerabilities, #ransomware attacks, and industry insights: ⚠️ Cybercriminals are leveraging Stack Overflow to spread #malware by answering user questions and promoting a malicious PyPi package named 'pytoileur.' 📢 An international law enforcement initiative dubbed 'Operation Endgame' has dismantled over 100 servers used by major malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. 💻 Over 600,000 small office/home office (SOHO) routers have been rendered inoperable following a cyber attack by unidentified actors, disrupting internet access for many users in the U.S. Get all the details and much more in our full report: https://bit.ly/4c1IDY7

🔍 𝗧𝗵𝗶𝘀 𝗪𝗲𝗲𝗸'𝘀 𝗖𝘆𝗯𝗲𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗧𝗵𝗿𝗲𝗮𝘁𝘀 𝗳𝗿𝗼𝗺 𝗖𝘆𝗯𝗲𝗿𝗶𝗻𝘁: 𝗕𝗿𝗲𝗮𝗰𝗵𝗲𝘀, 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 & 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝘀 The cybercrime landscape is ever-evolving, and this week's report highlights various threats targeting different industries. 1️⃣ A major crypto exchange suffers a hefty Bitcoin heist, while a cloud data warehouse experiences a data breach exposing customer information. 2️⃣ Hackers are leveraging popular platforms like Stack Overflow to spread malware, urging caution when seeking online solutions. 3️⃣ New vulnerabilities have emerged in Check Point Security Gateways and TP-Link routers, requiring immediate patching. Stay vigilant and update your systems regularly! Learn more about how Cyberint can help your organization stay ahead of cyber threats. #cybersecurity #infosec #databreach #malware #exploits 

#Cyberthreats What's DragonEgg malware? DragonEgg, a spyware malware, infiltrates Android operating systems, leveraging multiple downloaded modules for surveillance activities. Its inception dates back to January 2021, marking its prolonged presence in the cyber threat landscape. Attributed to the Chinese state-sponsored cyber-espionage faction APT41, also known as BARIUM, Double Dragon, and Winnti, DragonEgg signifies a novel venture into mobile device targeting for the group. This evolution underscores APT41’s adaptability and expanding reach in the realm of cyber warfare. DragonEgg has been associated with the iOS surveillance tool LightSpy due to similar configuration patterns, command-and-control server communications, and runtime structure and plugins Read more at https://lnkd.in/eT8kCjde #threats #malware #Spyware #DragonEgg #APT41

Ivanti Connect Secure hackers hide in plain sight, evading protections Mandiant researchers estimate thousands of devices have been exploited, and are urging users to check their systems with a newly updated tool. A patch issued to mitigate vulnerabilities in Ivanti Connect Secure does not eradicate the threat if a malicious actor previously gained access to their computer network, researchers from Mandiant warned on Tuesday. A suspected espionage actor linked to the People’s Republic of China has utilized living off the land techniques and deployed novel malware to in an attempt to maintain persistence despite system upgrades, factory resets and patch deployment, according to Mandiant. Nebulosity activeSENTINEL™ Digital Twin Security ... Patrolling unGUARDED™ network segments for LOTL! #activeSENTINEL™ , #nebulositycloud , #ransomware , #digitaltwinsnetwork, #counteroffense , #unGUARDED™ , #LOTL

🔎 HYAS THREAT REPORT - #TURKIYE Dynamic DNS services are widely used for legitimate purposes, including remote access to home networks, managing internet-connected devices, and enabling consistent access to websites or services hosted on networks with dynamic IP addresses. However, the same features that make dynamic DNS useful for legitimate users can also be exploited by threat actors for malicious purposes. Using #HYASInsight, the HYAS Threat Intelligence team revealed the prevalence of #DarkComet malware in dynamic DNS - specifically originating in Turkey from Q1 and Q2 of 2024 For Detail : https://lnkd.in/ecFn_kWD #HYAS #Cyberrey #Botnet #Malware #DarkComet #DNSSecurity #DynamicDNS #IOCs

Did you know that in 2023, nearly 6 of 10 state and local government organizations were hit with #ransomware attacks? Thankfully, #Cohesity is now #StateRAMP Authorized to protect their data! This marks a new era of security, resilience, and trust for state and local governments. https://lnkd.in/e86N22bh

Raspberry Robin malware now uses one-day exploits for vulnerabilities in Microsoft services like CVE-2023-36802 and CVE-2023-29360. Discovered in 2021, it spreads via USB drives and has connections to multiple threat actors. Recent updates involve distributing through Discord, employing new evasion methods, and preventing system shutdowns. Raspberry Robin hides its control addresses using random Tor domains, and Check Point notes its swift acquisition of exploits from external sources. The report provides indicators of compromise: malware hashes, Tor domains, and Discord URLs. Read more: https://lnkd.in/gg5AHw-g For more information, please contact us: Phone: +855 (92) 282 412 Email: [email protected] Telegram: @TechnovageSolution Follow us on telegram for more news and discussion Our Channel: https://lnkd.in/gqMPM8iA Our Group: https://lnkd.in/gKb9CT7d #technovage #solution #security #malware