Snowflake Cloud Accounts Felled by Rampant Credential Issues

June 10, 2024 at 05:48PM Mandiant’s investigation confirmed that recent account compromises at Snowflake were due to customers’ failure to implement multifactor authentication (MFA) and access control. Attackers systematically accessed accounts using stolen credentials obtained elsewhere. Compromised accounts’ data was extorted or sold on cybercrime forums. MFA implementation and stronger authentication methods are recommended to … Read more

Scammers Fake DocuSign Templates to Blackmail & Steal From Companies

May 15, 2024 at 04:44PM Phishing attacks mimicking legitimate DocuSign requests are on the rise due to the availability of fake templates and login credentials in the underground market. Attackers leverage the familiarity of DocuSign emails to trick users into revealing sensitive information. Companies are at risk of data theft and extortion, and employees should … Read more

Mispadu Trojan Targets Europe, Thousands of Credentials Compromised

April 3, 2024 at 05:45AM The Mispadu banking trojan expands its target beyond Latin America to Italy, Poland, and Sweden. Despite this, Mexico remains the primary target, resulting in thousands of stolen credentials. The malware is distributed via spam emails and leverages a Windows SmartScreen security flaw. Additionally, malicious YouTube videos are being used to … Read more

‘Conversation Overflow’ Cyberattacks Bypass AI Security to Target Execs

March 19, 2024 at 08:06AM AI email security controls are being bypassed by credential-stealing emails that hide malicious payloads within harmless-looking emails. This poses a major threat to enterprise networks. After reviewing the meeting notes, the key takeaways are: 1. Credential-stealing emails are bypassing AI’s “known good” email security controls by disguising malicious payloads in … Read more

CISA: AWS, Microsoft 365 Accounts Under Active ‘Androxgh0st’ Attack

January 17, 2024 at 01:21PM The FBI and CISA have issued an alert about a malware campaign targeting Apache webservers and websites using the Laravel Web application framework. The campaign aims to steal credentials for high-profile applications such as AWS, Microsoft 365, Twilio, and SendGrid. The threat actors use a known malware called “Androxgh0st” to … Read more

FBI: Beware of thieves building Androxgh0st botnets using stolen creds

January 16, 2024 at 08:36PM The FBI and CISA warn that cybercriminals are leveraging old vulnerabilities to deploy Androxgh0st malware, targeting .env files containing user credentials for AWS, Microsoft Office 365, SendGrid, and Twilio. The malware can be used to steal data, execute code remotely, and create new AWS users and instances. Mitigations include updating … Read more

FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials

January 16, 2024 at 12:41PM CISA and the FBI warn about Androxgh0st malware, which is being used to create a botnet targeting cloud credential theft. The botnet exploits vulnerabilities in frameworks and servers. Additionally, it steals sensitive information, deploys malicious tools, and conducts spam campaigns. The agencies advise on mitigation measures to limit the impact … Read more

What to do when receiving unprompted MFA OTP codes

December 17, 2023 at 04:44PM Summary: Receiving an unprompted one-time passcode (OTP) in an email or text suggests stolen credentials, highlighting the theft of legitimate corporate network access. Cyberattacks exploit these credentials for data theft, espionage, ransomware, and financial fraud. Multi-factor authentication (MFA) enhances security, reducing successful breaches but caution is advised with SMS and … Read more

Russia’s ‘Star Blizzard’ APT Upgrades its Stealth, Only to Be Unmasked Again

December 7, 2023 at 05:18PM A Kremlin-linked APT group, “Star Blizzard,” known for cyberespionage and targeting NATO-associated entities since 2017, recently updated its evasion tactics. Microsoft exposed these new techniques, which include the use of password-protected PDFs, cloud file-sharing, advanced domain creation, and exploitation of email marketing platforms for phishing. Despite operations against UK officials, … Read more

Microsoft Warns of COLDRIVER’s Evolving Evading and Credential-Stealing Tactics

December 7, 2023 at 10:06AM The COLDRIVER threat actor, tracked as Star Blizzard by Microsoft and linked to Russia’s FSB, has been targeting entities aligned with Russian interests using advanced credential theft and evasion techniques. They use impersonating domains, email campaigns, and server-side scripts for phishing while avoiding detection. Recently, the U.K. sanctioned two of … Read more