June 25, 2024 at 07:51AM Threat actors are using a novel attack technique, named GrimResource, to exploit a vulnerability in Microsoft Management Console (MMC) using maliciously crafted .MSC files. This technique allows for arbitrary code execution and has been used by the Kimsuky hacking group. The approach bypasses security measures and can lead to system … Read more
June 12, 2024 at 05:15AM Cybersecurity researchers have uncovered an ongoing phishing campaign using job-themed lures to distribute a backdoor named WARMCOOKIE. The backdoor, deployed via email, is capable of capturing information, executing commands, and downloading additional malicious programs. Additionally, another phishing campaign was detailed, utilizing invoice-related decoys to deploy malware through the Windows search … Read more
June 11, 2024 at 12:37PM A new Windows backdoor named WarmCookie, distributed through phishing emails, has become the latest tool for cyber attackers. Despite lacking sophistication, this backdoor is actively impacting organizations globally. It targets individuals with job recruitment lures and can ultimately lead to ransomware deployment. Organizations are urged to watch out for it … Read more
June 11, 2024 at 11:20AM A new Windows malware called ‘Warmcookie’ is being spread through fake job offer phishing campaigns to infiltrate corporate networks. It is capable of machine fingerprinting, screenshot capturing, and deploying additional payloads. The threat actors create new domains weekly and utilize compromised infrastructure to send phishing emails. Warmcookie gathers victim information, … Read more
May 24, 2024 at 06:00AM Cybersecurity researchers have identified BLOODALCHEMY, a new form of malware targeting government organizations in Southern and Southeastern Asia, as an updated version of Deed RAT and a successor to ShadowPad. This discovery is crucial due to the history of ShadowPad in APT campaigns. The malware’s capabilities, attack chains, and code … Read more
May 21, 2024 at 06:34PM The ‘REF4578’ crypto mining campaign deploys GhostEngine, a sophisticated malicious payload, using vulnerable drivers to disable security products and deploy an XMRig miner. Researchers highlight GhostEngine’s unusual sophistication and provide detection rules, but the campaign’s origin and scope remain unknown. To defend against GhostEngine, look out for suspicious PowerShell execution, … Read more