AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks
Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT
Final Round of Negotiations Set to Begin on MondayA draft international cybercrime treaty set to enter a final round of negotiations at the United Nations Monday drew condemnation from civil society groups that said it will criminalize security research and promote indiscriminate police surveillance.
The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data. [...]
Refined tactics, increased collaboration between groups, and continued success exploiting zero-days is helping ICS ransomware attackers inflict more damage, researchers find.
Also: Ivanti Exploitation Continues; Apple Fixes First Zero-Day of 2024This week, U.S. short seller lender EquiLend Holdings was hacked, the Ivanti exploitation continued, Apple addressed the first zero-day of 2024, Ukraine said hackers had hit a Russian research center, Kasseika ransomware evolved, North Korean hackers were active, and Trello experienced a data leak.
Security researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition. [...]
Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC
Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours. [...]
Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks
The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team
Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster
With the rush to adopt large language models, companies have not thought through all of the security implications to their businesses. Two groups of researchers tackle the questions.
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits. [...]
Researchers have released exploit code for a critical bug in managed file transfer software Fortra GoAnywhere
Study Looks at Impact of AI on Tasks Requiring Visual ProcessingArtificial intelligence may not steal our jobs just yet, but only because humans are currently cheaper to employ. Many of the human jobs that could be replaced with AI are not "economically beneficial" to automate - at least for now - say researchers at MIT.
Cybercrime Groups Hire VexTrio to Help Route Victims to Their Malicious ContentAs if the cybercrime ecosystem wasn't already damaging enough, security researchers have discovered a malicious traffic broker named VexTrio, which affiliates hire to route victims to their malicious content that is often disguised via fake dating site profiles, tech support or browser updates.
The nation's new AI council will be responsible for developing policies and strategies related to research, infrastructure, and investments in AI.
Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms. [...]
Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023
Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers. [...]