Introduced in 2019, AsyncRAT is classified as a remote access trojan (RAT) that primarily functions as a tool for stealing credentials and loading various malware, including ransomware. This RAT boasts botnet capabilities and features a command and control (C2) interface, granting operators the ability to manipulate infected hosts from a remote location.

ToddyCat deploys advanced tools for industrial scale data theft, hackers use eScan updates to spread GuptiMiner malware, and Russia’s APT28 exploits a Windows Print Spooler flaw.

On April 24, 2024, Cisco Talos and several government security agencies published details on a sophisticated threat campaign focused on espionage and gaining unauthorized access to sensitive information from targeted government entities and organizations in critical infrastructure. As part of that publication, Cisco disclosed CVE-2024-20353 and CVE-2024-20359, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, which were actively exploited in the documented campaign.

A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit, Rhysida, and BlackSuit, it still presents a serious threat to organizations.

Ransomware-as-a-service (RaaS) threat groups are placing severe and continuous pressure on the financial and government services sectors in Latin America, according to data compiled by the elite Trustwave SpiderLabs team. RaaS is where developers working for threat actors manage and update the malware while affiliates carry out the actual ransomware attacks.

Global optics manufacturer Hoya had business operations at its headquarters and several business divisions impacted and is now facing a “No Negotiation / No Discount Policy” $10 million ransom decision to make.

In the ever-evolving landscape of cybersecurity threats, the recent breach by the notorious hacker group R00TK1T serves as a stark reminder of the vulnerabilities faced by even the most established organizations. As the Foresight Threat Team delves into the details of this alarming incident, it becomes imperative to shed light on the implications and lessons to be learned from this breach.

On Friday, April 12, 2024, Palo Alto Networks PAN-OS was found to have an OS command injection vulnerability (CVE-2024-3400). Due to its severity, CISA added it to its Known Exploited Vulnerabilities Catalog. Shortly after disclosure, a PoC was published.

Learn about careers with us and search open job opportunities here. In Q4 2023, Kroll identified an uptick in engagements involving Akira ransomware, a trend that has continued into 2024. Kroll observed that in the majority of cases, initial activity could be tracked back to a Cisco ASA VPN service.

On April 18th, the United States’ Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) issued an urgent advisory about Akira ransomware’s recently exhibited malicious behavior (as of February 2024). Detailed information about these threats and the associated IOCs and TTPs can be seen on #StopRansomware: Akira Ransomware.