zinc – Computer Security Articles

3CX Breach Was a Double Supply Chain Compromise

April 24, 2023 admin 3cx, A Little Sunshine, clearsky security, diamond sleet, double supply chain breach, elastic security, ESET, iconicstealer, kaspersky lab, kim zetter, Latest Warnings, MacOS, Mandiant, marc-etienne m.leveille, microsoft, Ne'er-Do-Well News, peter kalnai, Supply chain, The Coming Storm, trading technologies, x_trader, Zero-Day, zinc

Credit to Author: BrianKrebs| Date: Fri, 21 Apr 2023 01:05:44 +0000

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

MalwareBytes Security

Bogus job offers hide trojanised open-source software

October 5, 2022 admin C&C, fake, infection, job offer, LinkedIn, malware, microsoft, news, Open Source, zinc

Categories: News

Tags: malware

Tags: ZINC

Tags: microsoft

Tags: infection

Tags: C&C

Tags: open source

Tags: job offer

Tags: fake

Tags: LinkedIn

A North Korean ZINC group is accused of creating compromised versions of KiTTY, PuTTY, TightVNC, and other popular open-source software apps

Microsoft Security

ZINC weaponizing open-source software

September 29, 2022 admin cybersecurity, microsoft, Microsoft security intelligence, nation-state actor, Security, Social engineering, zinc

Credit to Author: Katie McCafferty| Date: Thu, 29 Sep 2022 16:00:00 +0000

In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.

The post ZINC weaponizing open-source software appeared first on Microsoft Security Blog.

Microsoft Security

Ghost in the shell: Investigating web shell attacks

February 5, 2020 admin China Chopper, cybersecurity, Detection and Response Team (DART), Endpoint security, gallium, Incident Response, krypton, Microsoft Defender Advanced Threat Protection, microsoft detection and response team (dart), Microsoft security intelligence, Security Management, Threat protection, Web Shell, zinc

Credit to Author: Eric Avena| Date: Tue, 04 Feb 2020 17:30:40 +0000

Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.

The post Ghost in the shell: Investigating web shell attacks appeared first on Microsoft Security .