June 11, 2024 at 12:39PM BlackBerry’s cybersecurity firm Cylance confirmed that the data being sold on the Dark Web doesn’t pose a threat to customers. They believe the information is related to marketing data before BlackBerry’s acquisition, and it came from an undisclosed third-party platform. Cylance also stated that their systems remain secure. The validity … Read more
April 23, 2024 at 05:34PM A financially motivated threat actor, known as CoralRaider, is conducting an ongoing malware campaign targeting systems in the U.S., U.K., Germany, and Japan. The group uses a content delivery network cache to distribute malware, including info stealers LummaC2, Rhadamanthys, and Cryptbot. The attacks start with malicious Windows shortcut files delivered … Read more
April 15, 2024 at 10:41AM A Russian threat actor is targeting game developers with fraudulent Web3 gaming projects, spreading infostealers on MacOS and Windows. The goal is to defraud and steal cryptocurrency wallets. The campaign uses fake social media accounts and impersonates legitimate projects. The report recommends maintaining vigilance, providing training to recognize social engineering … Read more
April 4, 2024 at 12:15PM A suspected Vietnamese threat actor named CoralRaider targets victims in Asian and Southeast Asian countries with malware to steal valuable data. They use RotBot, Quasar RAT, and XClient stealer to steal credentials, financial data, and social media accounts primarily for monetization. The group also uses malvertising campaigns on Facebook to … Read more
March 7, 2024 at 01:35AM Group-IB’s annual High Tech Crime Trends report revealed 225,000 stolen ChatGPT stealer logs were found for sale on the dark web between January and October 2023, with a 36% increase in the number of logs from June to October. This poses significant security risks for businesses, as compromised logins expose … Read more
February 29, 2024 at 11:37AM Cybercriminals are increasingly using infostealers to acquire online account passwords and sensitive data to gain access to organizations’ IT environments for deploying ransomware. Notorious ransomware gangs such as LockBit and Trickbot/Conti are interested in obtaining and using infostealers, while the market for stolen credentials gathered by these malware has surged. … Read more
January 16, 2024 at 04:34PM The macOS platform faces persistent challenges with information stealers evading detection, as highlighted in a report by SentinelOne that presents three malware examples circumventing XProtect. KeySteal, Atomic Stealer, and CherryPie showcase the ability of malware to evolve and avoid detection, emphasizing the need for advanced security measures beyond static detection. … Read more
January 15, 2024 at 07:48AM A Windows SmartScreen vulnerability (CVE-2023-36025) is being actively exploited to deliver Phemedrone Stealer malware, as reported by Trend Micro. Despite patches being released, threat actors continue to exploit the bug to bypass Windows Defender SmartScreen protection, leading to infections. The malware, written in C#, can steal a wide range of … Read more
January 3, 2024 at 07:42AM In 2023, 21 new malware families targeting macOS systems were discovered by security researcher Patrick Wardle, representing a 50% increase from 2022. Wardle’s blog post provides detailed analysis of each family’s characteristics and their potential impact on Apple devices. Notable threats include ransomware, infostealers, APT-developed malware, and variations of existing … Read more
January 3, 2024 at 06:08AM Prisma uncovered a critical exploit within an undocumented Google OAuth endpoint, enabling attackers to hijack user sessions and maintain continuous unauthorized access to Google services. The exploit has been integrated into various malware and has continued to evolve, posing a significant threat. CloudSEK has emphasized the need for enhanced cybersecurity … Read more