#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

SocGholish | Breaking Cybersecurity News | The Hacker News

Category — SocGholish
New BLISTER Malware Update Fuelling Stealthy Network Infiltration

New BLISTER Malware Update Fuelling Stealthy Network Infiltration

Sep 05, 2023 Cyber Threat / Malware
An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control (C2) framework called  Mythic . "New BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers exposure within VM/sandbox environments," Elastic Security Labs researchers Salim Bitam and Daniel Stepanic  said  in a technical report published late last month. BLISTER was  first uncovered  by the company in December 2021 acting as a conduit to distribute Cobalt Strike and BitRAT payloads on compromised systems. The use of the malware alongside  SocGholish  (aka FakeUpdates), a JavaScript-based downloader malware, to deliver Mythic was  previously disclosed  by Palo Alto Networks Unit 42 in July 2023. In these attacks, BLISTER is embedded within a legitimate VLC Media Player library in an attempt to get around security software and infiltrat...
New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors

New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors

Jan 11, 2023 Cyber Threat / Malware
A new analysis of Raspberry Robin's attack infrastructure has  revealed  that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is a malware that has  increasingly   come under the radar  for being used in attacks aimed at finance, government, insurance, and telecom entities. Given its use by multiple threat actors to drop a wide range of payloads such as SocGholish , Bumblebee ,  TrueBot ,  IcedID , and  LockBit  ransomware, it's believed to be a pay-per-install (PPI) botnet capable of serving next-stage malware. Raspberry Robin, notably, employs infected USB drives as a propagation mechanism and leverages breached QNAP network-attached storage (NAS) devices as first-level command-and-control (C2). Cybersecurity firm SEKOIA said it was able to identify at least eight vi...
5 Reasons Device Management Isn't Device Trust​

5 Reasons Device Management Isn't Device Trust​

Apr 21, 2025Endpoint Security / Zero Trust
The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...
Expert Insights / Articles Videos
Cybersecurity Resources