Feature-Rich 'Alchimist' Cyberattack Framework Targets Windows, Mac, Linux Environments

The comprehensive, multiplatform framework comes loaded with weapons, and it is likely another effort by a China-based threat group to develop an alternative to Cobalt Strike and Sliver. [TechWeb]( Follow Dark Reading: [RSS]( October 14, 2022 LATEST SECURITY NEWS & COMMENTARY [Feature-Rich 'Alchimist' Cyberattack Framework Targets Windows, Mac, Linux Environments]( The comprehensive, multiplatform framework comes loaded with weapons, and it is likely another effort by a China-based threat group to develop an alternative to Cobalt Strike and Sliver. [Novel npm Timing Attack Allows Corporate Targeting]( A timing attack helps cyberattackers lob malicious code-bombs at corporate targets by cloning private package names. [Cyberattackers Spoof Google Translate in Unique Phishing Tactic]( The campaign uses a combination of tactics and a common JavaScript obfuscation technique to fool both end users and email security scanners to steal credentials. [QAKBOT Attacks Spike Amid Concerning Cybercriminal Collaborations]( The QAKBOT group has successfully ramped up its operations, infecting systems, installing attack frameworks, and selling access to other groups, including Black Basta. [What the Uber Breach Verdict Means for CISOs in the US]( Can already beleaguered CISOs now add possible legal charges to their smorgasbord of job considerations? Disclose a breach to comply and face dismissal, or cover it up and face personal punishment. [What You Need for a Strong Security Posture]( From the basics to advanced techniques, here's what you should know. [Nudge Security Launches Platform With Humans in Mind]( SaaS security platform promises to track down shadow IT, map supply chain risk, and "nudge" employees to work securely. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Android Leaks Wi-Fi Traffic Even When VPN Protection Features Are On]( The platform lets network connectivity data escape outside of the secure tunnel when connected to a public network, posing a "privacy concern" for users with "certain threat models," researchers said. [6 Things Every CISO Should Do the First 90 Days on the Job]( A CISO's responsibilities have evolved immensely in recent years, so their first three months on the job should look a different today than they might have several years ago. [It's Time to Make Security an Innovation Enabler]( How data-driven security can best safeguard your unique cloud operations. [MORE]( EDITORS' CHOICE [WhatsApp Users Beware: Dangerous Mobile Trojan Being Distributed via Malicious Mod]( Among other things, users who download the app could end up having their WhatsApp account details stolen. LATEST FROM THE EDGE [Comprehensive Network Visibility Is Imperative for Zero-Trust Maturity]( Distrust and verify, because you can't protect what you can't see. LATEST FROM DR TECHNOLOGY [Cybersecurity Will Account for Nearly One-Quarter of AI Software Market Through 2025]( A boom in artificial intelligence-powered detection and remediation tools pushes security spending to the top of the AI market, according to Forrester. WEBINARS - [Threat Hunting Today: The Tools and Techniques That Get You Out in Front of Criminals]( Proactive "threat hunting" is becoming a more common practice for organizations who know it is no longer enough to detect threats and defend against them. Security teams are increasingly taking a more proactive approach--seeking out potential threats using analytical tools. ... - [Understanding Cyber Attackers & Their Methods]( Every day, your enterprise is at risk of being hacked. But just who are the cyber attackers, and what are their motivations? What methods might they use to crack enterprise data, and how do they stage their attacks? Do you ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [State of Email Security]( - [Understanding the Zero Trust Approach]( - [SANS 2022 Cloud Security Survey]( - [Dark Reading: Close the Visibility Gap]( - [BotGuard for Denial of Inventory & Stockouts]( - [Why Email Security Is So Valuable For Protecting Against Ransomware]( - [10 Ways a Zero Trust Architecture Protects Against Ransomware]( [View More White Papers >>]( FEATURED REPORTS - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [6 Elements of a Solid IoT Security Strategy]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [DFIN DealMaker Meter: Surge in 'Dark Data' Represents Growing Danger for Corporations]( [Attackers Use Automation to Speed from Exploit to Compromise According to Lacework Labs Cloud Threat Report]( [State of Security Data Management 2022 Report Reveals Overconfidence Masks a Pervasive Data Problem]( [Cyolo Receives Investment from IBM Ventures for Zero Trust Secure Access Platform]( [Orange Bank Deploys Real-Time Sanctions Screening with SAS and Neterium]( [Tanium Benchmark Sets New Standard for Tracking and Improving Security and Operational Metrics]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)