July 1, 2024 at 06:00PM “Unfurling Hemlock,” a financially motivated Eastern European threat actor, is using a cluster bomb cyber tactic to distribute up to 10 unique malware files at a time on systems in the US, Germany, Russia, and other countries. The attacker distributes malware through nested compressed Microsoft Cabinet (CAB) files and has … Read more
June 10, 2024 at 05:48PM Mandiant’s investigation confirmed that recent account compromises at Snowflake were due to customers’ failure to implement multifactor authentication (MFA) and access control. Attackers systematically accessed accounts using stolen credentials obtained elsewhere. Compromised accounts’ data was extorted or sold on cybercrime forums. MFA implementation and stronger authentication methods are recommended to … Read more
April 24, 2024 at 09:15AM Cisco’s Talos security research unit warns of threat actor CoralRaider using information stealers to target users worldwide and harvest credentials and financial data. The threat actor, likely of Vietnamese origin, has been active since at least 2023 and has been targeting users with a combination of three information stealers—Cryptbot, LummaC2, … Read more
December 29, 2023 at 11:16AM Multiple malware families are exploiting an undocumented Google OAuth endpoint called “MultiLogin” to revive expired authentication cookies and infiltrate users’ accounts. This technique allows cybercriminals to gain unauthorized access to Google accounts, even after password resets or logouts. Despite being notified, Google has not responded to inquiries about this issue. … Read more
November 20, 2023 at 06:42AM The LummaC2 malware has added a new anti-sandbox technique that uses trigonometry to evade detection and steal valuable information from infected hosts. The malware also incorporates control flow flattening and can deliver additional payloads. It requires the use of a crypter to conceal itself and relies on trigonometry to detect … Read more
October 17, 2023 at 12:15PM Nation-state hacking groups are using Discord’s content delivery network (CDN) to target critical infrastructure. While Discord is currently mainly used by information stealers, a cybersecurity firm has found evidence of an artifact targeting Ukrainian critical infrastructure, indicating a potential emergence of APT malware campaigns on the platform. This introduces a … Read more