#CredentialTheft

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East

by

October 22, 2024 at 09:22AM Trend Micro reports that the cyber espionage group Earth Simnavaz (APT34/OilRig) has intensified its attacks on Middle Eastern infrastructure, particularly in the energy sector. They exploit Microsoft Exchange vulnerabilities and utilize sophisticated tools like PowerShell scripts to evade detection, seeking persistent access to compromised networks for espionage. ### Meeting Notes … Read more

Iranian hackers act as brokers selling critical infrastructure access

by

October 16, 2024 at 07:22PM Iranian hackers are infiltrating critical infrastructure sectors, including healthcare and government, using brute-force methods to acquire credentials for resale on criminal forums. A joint advisory from U.S., Canadian, and Australian cybersecurity agencies details these tactics, emphasizing the need for organizations to enhance security measures and monitor for unusual login activities. … Read more

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions

by

October 11, 2024 at 02:07PM Trend Micro has been tracking Earth Simnavaz (APT34/OilRig), a cyber espionage group targeting UAE government entities. Their sophisticated methods include utilizing backdoors, exploiting vulnerabilities, and employing RMM tools like ngrok for data exfiltration. Recent activities indicate a focus on critical infrastructure vulnerabilities to advance espionage goals in the region. ### … Read more

Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials

by

October 1, 2024 at 03:45AM Over 140,000 phishing websites linked to Sniper Dz, a phishing-as-a-service platform, have been discovered. It offers free services, drawing in cybercriminals, while also collecting stolen credentials. Aspiring threat actors can easily mount phishing attacks through PhaaS platforms, such as Sniper Dz. The platform operates openly and has been observed targeting … Read more

Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks

by

September 27, 2024 at 07:30AM Storm-0501, a financially motivated threat actor, has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. with ransomware attacks. They use weak credentials, remote code execution vulnerabilities, and various tools for lateral movements and data exfiltration. The group is also linked to the deployment of Embargo ransomware in … Read more

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

by

September 13, 2024 at 08:15AM Despite increasing cyber threats, phished credentials remain the primary access vector for unauthorized entry, constituting over 80% of corporate risk. Traditional defenses are inadequate, prompting Beyond Identity to provide deterministic defenses by eliminating phishing, password usage, and push bombing attacks. Their platform authenticator also integrates diverse risk signals for adaptive … Read more

Why LinkedIn Developed Its Own AI-Powered Security Platform

by

August 21, 2024 at 11:00AM LinkedIn, responsible for a billion global users and a large hardware estate, seeks an effective vulnerability management system to counter cybersecurity threats. By developing the Security Posture Platform (SPP) AI project, it aims to harness the power of AI to create a single source of truth for its assets and … Read more

Fake AI editor ads on Facebook push password-stealing malware

by

August 2, 2024 at 02:37PM A malvertising campaign on Facebook targets users seeking AI image editing tools, deceiving them into installing fake apps that mimic genuine software and stealing their credentials. Based on the meeting notes, it appears that a malicious advertising campaign on Facebook is specifically targeting users who are searching for AI image … Read more

Snowflake Cloud Accounts Felled by Rampant Credential Issues

by

June 10, 2024 at 05:48PM Mandiant’s investigation confirmed that recent account compromises at Snowflake were due to customers’ failure to implement multifactor authentication (MFA) and access control. Attackers systematically accessed accounts using stolen credentials obtained elsewhere. Compromised accounts’ data was extorted or sold on cybercrime forums. MFA implementation and stronger authentication methods are recommended to … Read more

Scammers Fake DocuSign Templates to Blackmail & Steal From Companies

by

May 15, 2024 at 04:44PM Phishing attacks mimicking legitimate DocuSign requests are on the rise due to the availability of fake templates and login credentials in the underground market. Attackers leverage the familiarity of DocuSign emails to trick users into revealing sensitive information. Companies are at risk of data theft and extortion, and employees should … Read more