Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Quasar RAT, also known as xRAT, is a malicious remote access trojan (RAT) that primarily targets Windows systems. Developed as an open-source project around 2015, it quickly garnered attention in the cybersecurity community due to its flexibility and ease of modification. Quasar RAT allows cybercriminals to gain unauthorized remote access to infected computers, making it a potent tool for espionage and theft. How Quasar RAT Operates.

A recent security incident has shaken the cryptocurrency community as Gemini, a prominent US-based crypto exchange, disclosed a supply chain breach that compromised personal and banking information of thousands of customers. This breach underscores the importance of robust digital footprint analysis and brand protection strategies in the ever-evolving landscape of cybersecurity.

In a significant development in cybersecurity, the threat actor known as Stargazer Goblin has established a complex network of fake GitHub accounts to facilitate a Distribution-as-a-Service (DaaS) operation. This network, comprising over 3,000 inauthentic accounts, has been actively spreading various information-stealing malware and generating $100,000 in illicit profits over the past year.

In a significant development in the realm of data security, Verizon Communications has agreed to a $16 million settlement with the Federal Communications Commission (FCC) following a series of data breaches at its subsidiary, TracFone Wireless. The breaches, which occurred between 2021 and 2023, have led to increased scrutiny on Verizon's data protection practices and will result in mandatory improvements to its security measures.

The Chinese espionage group Daggerfly, also known as Evasive Panda or Bronze Highland, has significantly upgraded its malware arsenal, allowing it to target a wide range of operating systems including Windows, Linux, macOS, and Android. This development marks a notable escalation in the group's cyber capabilities, as detailed in a recent analysis by Symantec.

On July 19, 2024, a botched CrowdStrike Falcon sensor update for Windows operating systems led to the largest IT outage in recent history. Although the issue stemmed from a technical malfunction, it inadvertently opened the door for real threat actors to exploit the situation. This incident has triggered a wave of malicious activities, particularly targeting CrowdStrike’s Latin American (LATAM) customers.

The SocGholish malware, also known as FakeUpdates, has resurfaced with new tactics that leverage the BOINC (Berkeley Open Infrastructure Network Computing Client) platform for nefarious purposes. This sophisticated JavaScript downloader malware is now delivering a remote access trojan, AsyncRAT, and utilizing BOINC in a covert cyberattack campaign. This blog will delve into the specifics of this exploit, the implications for cybersecurity, and measures to mitigate the risks.

In a recent development, cybersecurity researchers have identified a new Linux variant of the notorious Play ransomware, also known as Balloonfly and PlayCrypt. This variant specifically targets VMware ESXi environments, signaling a strategic expansion by the threat actors behind it. Trend Micro's report published on Friday highlights the potential for a broader victim pool and more effective ransom negotiations as a result of this evolution.

On Wednesday night, the Indian cryptocurrency platform WazirX experienced a significant cyberattack, resulting in the theft of at least $230 million worth of cryptocurrency. The breach was first detected by several blockchain security companies, including Elliptic, Arkham, and BlockSec. These firms observed large amounts of digital coins being siphoned out of WazirX before the platform acknowledged the security breach.

In today's digital landscape, stealer logs have become a significant threat, targeting sensitive information and compromising security. At Foresiet Threat Intelligence Team, we continuously monitor and analyze these threats to help protect individuals and organizations. Here are the top 5 stealer logs currently affecting users.