May 31, 2024 at 06:57AM APT28, a Russian GRU-backed threat actor, has conducted cyber attacks across Europe using the HeadLace malware and credential-harvesting web pages. Operating with stealth and sophistication, they utilized legitimate internet services to conceal their operations. Their main targets included entities with military significance and services like Yahoo! and UKR[.]net. Key takeaways … Read more
April 22, 2024 at 09:21PM Russian spies have leveraged a Windows print spooler vulnerability to deploy GooseEgg, a custom tool, for stealing credentials and elevating privileges in compromised networks. Microsoft’s threat intelligence team revealed exploitation involving the Forest Blizzard group, linked to Russian intelligence. Microsoft patched the vulnerability in October 2022 and provided recommendations for … Read more
March 19, 2024 at 06:48AM Threat actors are exploiting digital document publishing (DDP) sites like FlipSnack and Issuu for phishing attacks. These legitimate platforms allow the hosting of malicious documents, evading email security controls. The attackers create multiple accounts using free trial periods, and the DDP sites’ features make it challenging to detect and extract … Read more
December 2, 2023 at 03:06AM A Russian developer, Vladimir Dunaev, was convicted of creating TrickBot malware, which caused over $3.4 million in damages. Arrested in 2021 and facing up to 35 years in prison, he’s the second TrickBot member apprehended after cybercrime sanctions by the UK and US. TrickBot evolved since 2016, leading to significant … Read more
November 29, 2023 at 05:36AM An expanded Android malware campaign aimed at Iranian banks now utilizes new evasion techniques and phishing tactics, with over 200 malicious apps identified. The malware seeks extensive permissions and steals credentials, leveraging Android accessibility services. Upgrades include SMS interception and resisting uninstallation, with infected apps receiving updates from GitHub and … Read more
November 13, 2023 at 01:06AM Malaysian law enforcement, with assistance from the Australian Federal Police and the U.S. Federal Bureau of Investigation, has shut down the phishing-as-a-service operation BulletProofLink. Eight individuals have been arrested and authorities seized servers, computers, jewelry, vehicles, and cryptocurrency wallets. BulletProofLink provided phishing templates to other actors, mimicking login pages of … Read more
November 12, 2023 at 03:56AM The Royal Malaysian Police have announced the seizure of the BulletProftLink phishing-as-a-service platform, which provided more than 300 phishing templates. The operation started in 2015 but became more active since 2018, with thousands of subscribers. The platform offered tools and resources for carrying out phishing attacks, including customizable templates and … Read more
November 9, 2023 at 03:50AM A phishing campaign has been discovered where threat actors send emails with a link to a file-sharing solution called DRACOON.team. When victims click on the link, they are directed to a PDF document containing a secondary link that leads to a fake Microsoft 365 login page. The attackers use reverse … Read more
November 8, 2023 at 06:03PM Security researchers have discovered a new variant of the Jupyter information stealer malware, also known as Yellow Cockatoo, Solarmarker, and Polazert. The malware can infiltrate machines and collect sensitive data, including credentials for crypto-wallets and remote access apps. The malware has been observed leveraging PowerShell command modifications and digitally signed … Read more
October 10, 2023 at 10:06AM Many cybercriminals still rely on non-sophisticated attacks because they are effective. These include phishing attacks and credential harvesting, often obtained through social engineering. Automation and AI are increasingly being used by bad actors to conduct attacks more efficiently. To defend against these attacks, organizations need to bolster human defenses through … Read more