BlackCat Spin-off 'Cicada3301' Uses Stolen Creds on the Fly, Skirts EDR

Malware authors have iterated on one of the premier encryptors on the market, building something even bigger and better. [TechWeb]( Follow Dark Reading: [RSS]( September 04, 2024 LATEST SECURITY NEWS & COMMENTARY [BlackCat Spin-off 'Cicada3301' Uses Stolen Creds on the Fly, Skirts EDR]( Malware authors have iterated on one of the premier encryptors on the market, building something even bigger and better. [North Korean APT Exploits Novel Chromium, Windows Bugs to Steal Crypto]( DPRK's innovative tack chains together previously unknown browser issues, then adds a rootkit to the mix to gain deep system access. [Evolving npm Package Campaign Targets Roblox Devs, for Years]( Attackers have added aggressive social engineering to their arsenal, along with a novel Windows-manipulating persistence mechanism that demands developer vigilance. [Halliburton Data Stolen in Oil-Sector Cyberattack]( The energy kahuna said that operations were disrupted after an attack on its supporting business applications. [Cyberattackers Spoof Palo Alto VPNs to Spread WikiLoader Variant]( The malware, first discovered two years ago, has returned in campaigns using SEO poisoning. [Improved Software Supply Chain Resilience Equals Increased Security]( Understanding through visibility, managing through governance, and anticipating through continuous deployment will better prepare organizations for the next supply chain attack. [City of Columbus Sues Researcher After Ransomware Attack]( The Ohio city filed for a restraining order, claiming the researcher was working in tandem with the ransomware attackers. [(Sponsored Article) Why CISOs Need Application Detection and Response]( Server-side applications and APIs handle sensitive data but are poorly defended, making them tempting cybercrime targets. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Commercial Spyware Vendors Have a Copycat in Top Russian APT]( Russia's Midnight Blizzard infected Mongolian government websites to try to compromise the devices of visitors, using watering-hole tactics. [Why Identity Teams Need to Start Reporting to the CISO]( Identity management sits with IT for good reason, but now that identity is the common denominator in every attack, it's time identity security was owned by a leader with a security background, like the CISO. [Top Travel Sites Have Some First-Class Security Issues to Clean Up]( Public-facing vulnerabilities, cloud sprawl, access to back-end servers are just a few of the challenges travel and hospitality companies must address. [Iran's 'Fox Kitten' Group Aids Ransomware Attacks on US Targets]( In a joint advisory, CISA and the FBI described the activity as a likely attempt by the group to monetize access to networks it already has compromised. [MORE]( PRODUCTS & RELEASES [Cobalt Appoints Sonali Shah as CEO]( [AuthenticID Unveils Enhanced Smart ReAuth™ for Instant Biometric Reauthentication]( [SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024]( [77% of Educational Institutions Spotted a Cyberattack Within the Last 12 Months]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE ['Voldemort' Malware Curses Orgs Using Global Tax Authorities]( The global malware campaign (that must not be named?) is targeting organizations by impersonating tax authorities, and using custom tools like Google Sheets for command and control. LATEST FROM THE EDGE [Name That Edge Toon: Bug Off]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [California Approves Privacy Bill Requiring Opt-Out Tools]( This bill requires Web browsers to have an easy-to-find (and use) setting for consumers to send an opt-out preference signal by default to every site and app they interact with. LATEST FROM DR GLOBAL [Ransomware Gangs Pummel Southeast Asia]( Successful ransomware attacks against organizations in Asia continue at peak levels in 2024 following a wave of high-profile data breaches last year. WEBINARS - [DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations]( - [How to Evaluate Hybrid-Cloud Network Policies and Enhance Security]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [RevealX Catches Ransomware Within Days of Deployment at WCH]( - [Purple AI Datasheet]( - [Generative AI Gifts]( - [SANS 2024 Security Awareness Report]( - [Tracking the Untrackable: Taking a Proactive Approach to Emerging Risks]( - [Decode the New SEC Cybersecurity Disclosure Ruling]( - [IT Risk & Compliance Platforms: A Buyer's Guide]( [View More White Papers >>]( FEATURED REPORTS - [State of Enterprise Cloud Security]( - [Managing Third-Party Risk Through Situational Awareness]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=125491&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_09.04.24&sp_cid=54940&utm_content=DR_NL_Dark%20Reading%20Daily_09.04.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#f5 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)