Claim OwnershipCYFIRMA Research
Subscribed: 2Played: 12
Subscribe
© 2025 CYFIRMA Research
Description
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
183 Episodes
Reverse
At CYFIRMA, we continuously analyze the tactics and techniques employed by threat actors. One such technique is Remote Template Injection, which exploits Microsoft Word's template functionality to bypass traditional defenses. Used by Advanced Persistent Threat (APT) groups, this method disguises malicious payloads in seemingly harmless documents, making it a potent tool in spear-phishing campaigns. Our latest report uncovers how attackers exploit Word’s XML-based OOXML format to inject m...
At CYFIRMA, we continuously analyze the tactics and techniques employed by threat actors. One such technique is Remote Template Injection, which exploits Microsoft Word's template functionality to bypass traditional defenses. Used by Advanced Persistent Threat (APT) groups, this method disguises malicious payloads in seemingly harmless documents, making it a potent tool in spear-phishing campaigns. Our latest report uncovers how attackers exploit Word’s XML-based OOXML format to inject m...
Introducing FireScam: A New Android Malware Threat The CYFIRMA research team have uncovered a new, sophisticated Android malware - FireScam, an advanced information-stealing malware with spyware capabilities. Disguised as a fake ‘Telegram Premium’ app, this malware is spread through phishing websites and targets users with the intent to steal sensitive information. Once installed, it stealthily monitors notifications, text messages, and app activity, exfiltrating data via encrypted chann...
A critical vulnerability, CVE-2024-10914, has been discovered in unsupported D-Link devices, including DNS-320, DNS-320LW, DNS-325, and DNS-340L. With over 60,000 devices potentially exposed and nearly 1,100 actively exploited since Nov 12, 2024, attackers are leveraging this flaw to steal data, deploy ransomware, and compromise networks.If you’re using legacy D-Link devices, it's crucial to retire and replace them immediately. These devices no longer receive security updates, leaving them vu...
The CYFIRMA research team is proud to offer insights into the increased cyber risks the holiday season brings! Stay alert, verify offers, and keep your information safe!As the year end of season approaches, watch out for scammers using advanced tactics. Phishing emails might offer irresistible deals but could contain malicious links - always verify before clicking! Be cautious of fake websites and typo-squatting domains that mimic popular retail sites; double-check URLs before purchasing. Sca...
Cybercriminals are stepping up their game with Bizfum Stealer, a highly sophisticated malware targeting sensitive data such as browser credentials, files, and Discord tokens. It utilizes advanced encryption techniques and Telegram bots for stealthy data exfiltration. 1. It extracts browser passwords, cookies, and saved credentials. 2. Screenshots and clipboard data theft. 3. Sensitive files (.jpg, .pdf, .docx, etc.) exfiltrated silently. 4. Hijacks Discord tokens an...
The UK faces an escalating cyber threat landscape dominated by sophisticated Russian actors, including state-affiliated groups like Sandworm and APT29, as well as privateer entities operating with Kremlin leniency. To learn more about the Russian cyber threat to the UK, read the full report.Link to the Research Report: RUSSIA AS A THREAT ACTOR IN THE UK - CYFIRMA #Geopolitics #CyfirmaResearch #ThreatIntelligence #cybersecurity #ExternalThreatLandscapeManagement #currentaffairs #ETLM #C...
Stay ahead of cybersecurity trends with CYFIRMA's November 2024 Ransomware Report. Ransomware incidents rose by 15.65%, affecting 606 victims worldwide. Emerging groups like Chort, Ymir, and SafePay deployed advanced techniques. Ransomware groups are seen exploiting critical vulnerabilities like Veeam Backup systems and targeting weekends for reduced detection. Key sectors such as Manufacturing, Healthcare, and Finance experienced significant attacks, while the USA led with 326 victims. ...
Our team at CYFIRMA analyzed a malicious Android sample used in a targeted attack leveraging the Spynote Remote Administration Tool (RAT). We believe that the threat actor behind the targeted attack could be an APT. Delivered via WhatsApp with payloads disguised as apps like "Best Friend" and "Friend," the attack aimed to compromise high-value assets. All payloads were linked to the same command-and-control server and featured obfuscation techniques. While specific target details remain confi...
Taking control of the White House and Congress gives Republicans a rare opportunity to change the course of the country. How will Donald Trump wield that power during a second term, and will that impact cyber? The following blog post will try to summarize what we know so far, what we can likely expect, and what will be the fallout in the cyber realm. Link to the Research Report: https://www.cyfirma.com/research/trump-2-0-whats-in-store/#Geopolitics #CyfirmaResearch #ThreatIntel...
CYFIRMA's latest research highlights the emerging threat of the Parano Malware Family, which includes Parano Stealer, Ransomware, and Screen Locker. Developed by the cybercriminal group Paranodeus, these tools target sensitive data using advanced techniques for persistence and evasion. Despite bans on their initial distribution channels, Paranodeus has shown adaptability by aligning with new threat groups like CyberVolk and DarkAssault. This evolving threat continues to pose significant risks...
Cyberattacks Hit Morocco: A Wake-Up Call for Cybersecurity! Morocco has been hit with a series of cyberattacks from groups like Anonymous Algeria and EvilBbyte, with motives rooted in the long-standing dispute over the Western Sahara region. These hackers are targeting everything from government websites to critical infrastructure, and it’s all tied to growing geopolitical tensions between Morocco and Algeria. Explore our report to learn more!Link to the Research Report: Decoding Cyberat...
Helldown ransomware is spreading fast, targeting key industries like Real Estate, IT, Manufacturing, and Healthcare. The ransomware targets both Windows and Linux systems, exploits known vulnerabilities, and encrypts files.First spotted in August 2024 by CYFIRMA, Helldown has already impacted businesses in 11 countries, with the USA and Germany being hit the hardest. It uses advanced techniques to avoid detection and disrupt operations. Researchers have found it linked to vulnerabilities in Z...
Hexon Stealer is a variant of Stealit Stealer, which itself is derived from Fewer Stealer. Rebranding and code reuse are common practices among malware developers. Stealer devs often create Telegram or Signal channels to market their stealers, attracting a significant user base by promoting them across various platforms. The CYFIRMA research team’s investigation, identified patterns linking Stealit and Hexon Stealer, ultimately uncovering that the developers behind these tools are Turkish spe...
The CYFIRMA Research team provides insights into a severe flaw in Grafana (versions <11.0.5, 11.1.6, 11.2.1), which allows low-privilege users to execute arbitrary commands, risking sensitive data exposure and system compromise. Threat actors are also actively discussing and sharing exploits in underground forums. Link to the Research Report: CVE-2024-9264: A Critical Vulnerability in Grafana : Vulnerability Analysis and Exploitation - CYFIRMA#CyberSecurity #CVE20249264 #Grafana #PatchNow ...
Our latest research has uncovered “Elpaco-team” ransomware, a new variant of the well-known Mimic ransomware. Elpaco employs similar tactics, primarily targeting Windows-based systems and leveraging legitimate tools. Once inside, Elpaco encrypts critical files with encryption algorithms, rendering them inaccessible to the user. The ransomware also ensures persistence on compromised systems through registry modifications in addition to disabling key security tools to avoid detection by tr...
Stay vigilant against Black Basta’s sophisticated ransomware tactics! In our latest analysis, Black Basta continues to be a leading threat in the cyber landscape, targeting industries, such as healthcare, finance, and manufacturing. Known for exploiting vulnerabilities and using double extortion, this ransomware group applies social engineering to infiltrate systems, often posing as IT support via platforms like Microsoft Teams. Their operations involve deploying tools like AnyDesk, Cobalt St...
Stay ahead of cybersecurity trends with CYFIRMA's October 2024 Ransomware Report! This month saw a 42.78% increase in ransomware, led by groups like RansomHub, and new threats emerging, such as Hellcat and Playboy. Manufacturing and Healthcare were heavily impacted, while DragonForce expanded its Ransomware-as-a-Service model. Tactics like “Bring Your Own Vulnerable Driver” (BYOVD) and CVE-2024-40711 exploitation were highlighted, with advanced strains like Qilin.B enhancing encryption. Black...
CYFIRMA’s research team has uncovered a new strain of malware known as "Wish Stealer," a sophisticated Node.js-based program targeting Windows users. This malware is designed to steal sensitive information from popular platforms like Discord, various web browsers, and cryptocurrency wallets. It employs advanced techniques, including privilege escalation, clipboard manipulation, and session hijacking, to capture valuable data, such as login credentials, cookies, and credit card information. Wi...
A recently discovered variant of the SpyNote Remote Access Trojan (RAT) is posing as "Avast Mobile Security for Android." Upon installation, it gains extensive control over your device, silently granting itself permissions and displaying fake system update notifications. This sneaky malware operates in the background, restarts if stopped, and prevents uninstallation. SpyNote targets cryptocurrencies, steals data from other apps, and exfiltrates sensitive information to a command-and-control s...
Comments
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
Download from Google Play
Download from App Store
United States