New ToneShell Backdoor Variant with Enhanced Capabilities

🚨 When a trusted ad turns into a cyber weapon 🚨 Attackers are now using Bing Ads to spread a trojanized version of PuTTY. Instead of the secure SSH tool people expect, victims unknowingly install malware that grants criminals remote access. The real danger?  This isn’t happening in the “dark corners” of the internet anymore. Threat actors are planting traps inside legitimate platforms we rely on daily. A single careless click can trigger a full-blown compromise, leading to credential theft, ransomware, or even complete infrastructure takeovers. That’s why speed and visibility matter, at Passeca, we help businesses stay one step ahead through:  🔎 Threat Intelligence — uncovering evolving attacker tactics before they reach your employees. 🛡️ Incident Response — containing and eradicating intrusions quickly, so small incidents don’t turn into business-crippling breaches. Cybersecurity isn’t just about prevention anymore. It’s about preparing to detect, respond, and recover, because attacks are designed to bypass traditional defenses. 💡 I’m curious: how often does your team test its response playbooks against phishing or trojan scenarios? Have you found gaps you didn’t expect? Need expert help, check the full suite of Cybersecurity services that Passeca provides at: http://passeca.com/ Read the original article at: https://lnkd.in/gdjz3Xfs #Cybersecurity #IncidentResponse #ThreatIntelligence

The cybersecurity iceberg is a powerful analogy that illustrates the hidden dangers lurking beneath the surface of an organization's IT infrastructure. Just as an iceberg's massive underwater portion dwarfs its visible peak, most cybersecurity threats remain unseen, posing a significant risk to organizations' data, systems, and reputation. The "cybersecurity iceberg" is a metaphor describing the vast, largely unseen threats lurking beneath the surface of an organization's IT infrastructure, compared to the visible, often-addressed threats. Just as most of an iceberg is hidden underwater, the majority of cybersecurity risks are not apparent until a breach occurs, causing significant damage. Here's a breakdown of the analogy: Visible Tip (Surface Level): This includes common, easily identifiable security measures like strong passwords, multi-factor authentication, and software updates. Hidden Underwater Portion: This represents the complex, often unseen threats, such as: Ransomware: Waiting for a single user to click a malicious link. Leaked Passwords: Reused across multiple systems, increasing the risk of unauthorized access. Insider Threats: Malicious or unintentional actions by employees. Advanced Persistent Threats (APTs): Hackers hiding within networks for extended periods. Vendor Breaches: Attacks on third-party providers that can impact the main organization. AI-powered Malware: Sophisticated attacks leveraging artificial intelligence. Data on the Dark Web: Stolen information being sold to malicious actors. Organizations need to go beyond surface-level security measures and implement robust, multi-layered defenses to address these hidden threats and protect their data, systems, and reputation according to a security firm. One security expert says that understanding the full scope of the iceberg is crucial for effective cybersecurity. #Cybersecurity #Security #Privacy #Infosec #Infotech #Infographic

🔐 New BlackNevas Ransomware: Double Extortion and Defense Evasion A new threat actor has emerged in the cybersecurity landscape with the BlackNevas ransomware, specifically designed to target organizations in Windows environments. This threat incorporates sophisticated evasion techniques and operates under the double extortion model. 🛡️ Evasion and Obfuscation Techniques BlackNevas employs multiple layers of obfuscation to avoid detection. It uses anti-debugging techniques, checks for the presence of virtual machines and sandboxes, and utilizes AES encryption for its configurations. The malware also performs region checks to avoid executing in CIS countries. 💾 Double Extortion Mechanism The ransomware not only encrypts victims' files but also exfiltrates sensitive data before encryption. This allows attackers to threaten the publication of confidential information if the ransom is not paid, increasing pressure on affected organizations. 📊 Configuration and Capabilities BlackNevas includes advanced functionalities such as: - Exclusion of critical system folders to avoid irreparable damage - Ability to delete Volume Shadow Copies (VSS) - Execution of custom commands through its configuration - Encryption of files with specific extensions while avoiding system files 🛡️ Protection Recommendations To defend against these threats, it is recommended to: - Implement regular backups and keep them offline - Use next-generation endpoint security solutions - Segment networks to limit lateral movement - Educate users about phishing and social engineering techniques - Keep systems and software updated For more information visit: https://enigmasecurity.cl Support our research and dissemination efforts in cybersecurity. Your donation at https://lnkd.in/er_qUAQh helps us continue protecting the community. Let's connect and discuss ransomware protection strategies: https://lnkd.in/eCz3yitD #Ransomware #Cybersecurity #BlackNevas #CyberThreats #DoubleExtortion #InformationSecurity #DataProtection #CyberDefense #ThreatIntelligence #EnigmaSecurity 📅 2025-09-15T06:13:32 🔗Subscribe to the Membership: https://lnkd.in/eh_rNRyt

🔐 New BlackNevas Ransomware: Double Extortion and Defense Evasion A new threat actor has emerged in the cybersecurity landscape with the BlackNevas ransomware, specifically designed to target organizations in Windows environments. This threat incorporates sophisticated evasion techniques and operates under the double extortion model. 🛡️ Evasion and Obfuscation Techniques BlackNevas employs multiple layers of obfuscation to avoid detection. It uses anti-debugging techniques, checks for the presence of virtual machines and sandboxes, and utilizes AES encryption for its configurations. The malware also performs region checks to avoid executing in CIS countries. 💾 Double Extortion Mechanism The ransomware not only encrypts victims' files but also exfiltrates sensitive data before encryption. This allows attackers to threaten the publication of confidential information if the ransom is not paid, increasing pressure on affected organizations. 📊 Configuration and Capabilities BlackNevas includes advanced functionalities such as: - Exclusion of critical system folders to avoid irreparable damage - Ability to delete Volume Shadow Copies (VSS) - Execution of custom commands through its configuration - Encryption of files with specific extensions while avoiding system files 🛡️ Protection Recommendations To defend against these threats, it is recommended to: - Implement regular backups and keep them offline - Use next-generation endpoint security solutions - Segment networks to limit lateral movement - Educate users about phishing and social engineering techniques - Keep systems and software updated For more information visit: https://enigmasecurity.cl Support our research and dissemination efforts in cybersecurity. Your donation at https://lnkd.in/evtXjJTA helps us continue protecting the community. Let's connect and discuss ransomware protection strategies: https://lnkd.in/e8MjZ6AZ #Ransomware #Cybersecurity #BlackNevas #CyberThreats #DoubleExtortion #InformationSecurity #DataProtection #CyberDefense #ThreatIntelligence #EnigmaSecurity 📅 2025-09-15T06:13:32 🔗Subscribe to the Membership: https://lnkd.in/eh_rNRyt

🚨 3 Days of Nonstop Brute-Force Attacks: A Wake-Up Call for Cybersecurity In an alarming cybersecurity development, researchers have uncovered a record wave of VPN and RDP break-ins traced back to a Ukrainian network (FDN3), which has strong ties to bulletproof hosting gangs. This is more than just a string of random attacks—it’s a coordinated, relentless assault that lasted for three days straight. 🔍 What makes this campaign particularly concerning? 1. Custom-built infrastructure for ransomware: The attackers’ setup was specifically designed to enable ransomware attacks, showing a high level of sophistication and planning. 2. Use of bulletproof hosting: These hosting services are notorious for shielding cybercriminals from law enforcement, allowing them to carry out malicious activities without fear of being taken down. 3. Brute-force attacks: The attackers used automated, high-volume brute-force techniques to break into vulnerable systems, especially targeting VPNs and Remote Desktop Protocol (RDP) services. These are common entry points for cybercriminals, and organizations need to review their security measures urgently. 🔐 What does this mean for businesses? With the increasing sophistication of ransomware attacks and other cyber threats, it’s imperative for organizations to: - Review and fortify their VPN and RDP access points. - Implement multi-factor authentication (MFA) to reduce the risk of successful brute-force attempts. - Regularly update and patch systems to close potential vulnerabilities. - Monitor traffic patterns for unusual or suspicious activity, especially from foreign networks or IP ranges. The threat landscape is evolving quickly. Cybersecurity isn’t just about tools; it’s about staying one step ahead of the attackers. #Cybersecurity #Ransomware #BruteForce #RDP #VPN #Infosec #CyberThreats #SecurityAwareness #BusinessContinuity

🚨 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 & 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲: 𝗛𝗼𝘄 𝗖𝘆𝗯𝗲𝗿𝗰𝗿𝗶𝗺𝗶𝗻𝗮𝗹𝘀 𝗢𝗽𝗲𝗿𝗮𝘁𝗲 🚨 Ransomware remains one of the most dangerous cyber threats today. It doesn’t just target systems—it targets people. By exploiting human trust and technical vulnerabilities, attackers can lock critical files and demand payment for their release. 🔎 How does it work? It often starts with: 📎 Malicious email attachments 📩 Phishing attempts ⬇️ Infected downloads 🌐 Compromised websites 💻 Remote access exploits From there, ransomware installs itself, connects back to command-and-control servers, encrypts data, and eventually demands a ransom—leaving victims stuck between data loss and financial extortion. 💡 Key Takeaways: 1.Never click on suspicious links or attachments. 2.Keep your security solutions and systems up to date. 3.Regularly back up critical data offline. 4.Educate teams about phishing and social engineering tactics. Cybersecurity isn’t just an IT issue—it’s a business survival issue. Staying vigilant can mean the difference between continuity and chaos. 👉 What’s your organization doing today to strengthen resilience against ransomware? 🔔 Follow Cyber Press ® for more cybersecurity tips! #CyberSecurity #Ransomware #Malware #InfoSec #CyberAwareness

🔍 New connection between ransomware groups: Play, RansomHub, and DragonForce linked to the same threat actor A recent report by Kaspersky reveals that a threat actor, known as "Knight," is linked to the operations of the ransomware groups Play, RansomHub, and DragonForce. This finding suggests possible collaboration or reuse of tools among these criminal gangs. 🕵️ Investigation details Kaspersky's analysis identified similarities in the techniques, tools, and procedures (TTPs) used by these three groups. In particular, the use of similar data exfiltration tools, as well as shared communication patterns and command structures, was observed. The "Knight" actor has been active since at least 2022 and has participated in multiple high-profile ransomware campaigns. Their connection to these three groups suggests a level of organization and cooperation that could increase the effectiveness of their attacks. ⚠️ Implications for cybersecurity This connection highlights the growing sophistication and collaboration among ransomware groups. Organizations must be vigilant of these shared tactics and reinforce their security measures, especially in protecting sensitive data and preventing exfiltration. 🛡️ Key recommendations - Implement network segmentation to limit lateral movement - Constantly monitor outgoing traffic to detect data exfiltration - Keep systems updated and apply security patches - Perform regular backups and verify their integrity - Train staff in phishing recognition and social engineering techniques For more information visit: https://enigmasecurity.cl #Ransomware #Cybersecurity #ThreatIntelligence #Kaspersky #PlayRansomware #RansomHub #DragonForce #CyberThreats #InfoSec Let's connect to continue discussing cybersecurity trends: https://lnkd.in/eGvmV6Xf 📅 Tue, 09 Sep 2025 10:36:21 +0000 🔗Subscribe to the Membership: https://lnkd.in/eh_rNRyt

🔒 SECURITY ALERT: Attackers exploit critical vulnerability in ConnectWise ScreenConnect to distribute AsyncRAT malware 📌 EXECUTIVE SUMMARY Security researchers have identified an active campaign where cybercriminals are exploiting a critical vulnerability (CVE-2024-1709) in the remote access software ConnectWise ScreenConnect. This vulnerability allows attackers to execute code remotely without requiring authentication, representing a significant risk for organizations using this tool. 🛠️ ATTACK MECHANISM Attackers are leveraging this vulnerability to deploy AsyncRAT malware, a powerful remote access trojan that enables: - Complete control of the compromised system - Theft of credentials and sensitive information - Keylogging and screenshot capabilities - Persistence on infected systems 🎯 AFFECTED TARGETS This campaign primarily affects: - Companies using vulnerable versions of ConnectWise ScreenConnect - Organizations across all sectors, especially MSPs and IT service providers - Systems that have not applied recent security patches 🛡️ MITIGATION RECOMMENDATIONS To protect against this threat, it is recommended to: - Immediately update to ConnectWise ScreenConnect version 23.9.8 or higher - Review access logs for suspicious activity - Implement network monitoring to detect unusual connections - Validate that systems show no indicators of compromise For more information visit: https://enigmasecurity.cl 💡 Support our threat research and security awareness work. Your donation at https://lnkd.in/er_qUAQh enables us to continue protecting the community. Would you like to learn more about cybersecurity threat protection? Let's connect on LinkedIn: https://lnkd.in/eGvmV6Xf #Cybersecurity #Malware #AsyncRAT #ConnectWise #Vulnerability #ThreatIntelligence #CyberAttack #ITSecurity #MSP #CyberDefense 📅 Thu, 11 Sep 2025 09:31:59 +0000 🔗Subscribe to the Membership: https://lnkd.in/eh_rNRyt

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE 🚨 Cybersecurity Alert: The Lazarus Group has bolstered its toolkit with three sophisticated new malware strains — PondRAT, ThemeForestRAT, and RemotePE. These additions underscore the group's evolving tactics and their continued focus on espionage, financial theft, and cyber sabotage. Why does this matter? Lazarus is notorious for state-sponsored attacks, targeting governments, financial institutions, and critical infrastructure worldwide. The integration of these malware tools enhances their ability to infiltrate networks, evade detection, and maintain persistence. 🔍 Key Takeaways: - PondRAT: A remote access trojan designed for stealthy data exfiltration. - ThemeForestRAT: Masquerades as legitimate software, facilitating covert access. - RemotePE: Enables remote execution of malicious payloads, increasing operational flexibility. Organizations must stay vigilant by updating defenses, monitoring suspicious activities, and educating teams on emerging threats. The cyber battlefield is constantly shifting — staying informed is our best defense. #Cybersecurity,#Malware,#InfoSec,#CyberThreats,#DataProtection,#AdvancedPersistentThreats,#RATs,#ThreatHunting,#StateSponsoredAttacks,#CyberEspionage,#ZeroDay

🔒 SECURITY ALERT: Attackers exploit critical vulnerability in ConnectWise ScreenConnect to distribute AsyncRAT malware 📌 EXECUTIVE SUMMARY Security researchers have identified an active campaign where cybercriminals are exploiting a critical vulnerability (CVE-2024-1709) in the remote access software ConnectWise ScreenConnect. This vulnerability allows attackers to execute code remotely without requiring authentication, representing a significant risk for organizations using this tool. 🛠️ ATTACK MECHANISM Attackers are leveraging this vulnerability to deploy AsyncRAT malware, a powerful remote access trojan that enables: - Complete control of the compromised system - Theft of credentials and sensitive information - Keylogging and screenshot capabilities - Persistence on infected systems 🎯 AFFECTED TARGETS This campaign primarily affects: - Companies using vulnerable versions of ConnectWise ScreenConnect - Organizations across all sectors, especially MSPs and IT service providers - Systems that have not applied recent security patches 🛡️ MITIGATION RECOMMENDATIONS To protect against this threat, it is recommended to: - Immediately update to ConnectWise ScreenConnect version 23.9.8 or higher - Review access logs for suspicious activity - Implement network monitoring to detect unusual connections - Validate that systems show no indicators of compromise For more information visit: https://enigmasecurity.cl 💡 Support our threat research and security awareness work. Your donation at https://lnkd.in/evtXjJTA enables us to continue protecting the community. Would you like to learn more about cybersecurity threat protection? Let's connect on LinkedIn: https://lnkd.in/g34EbJGn #Cybersecurity #Malware #AsyncRAT #ConnectWise #Vulnerability #ThreatIntelligence #CyberAttack #ITSecurity #MSP #CyberDefense 📅 Thu, 11 Sep 2025 09:31:59 +0000 🔗Subscribe to the Membership: https://lnkd.in/eh_rNRyt