August 29, 2024 at 07:48AM Attackers are increasingly using new phishing toolkits, like adversary-in-the-middle (AitM), which lets them bypass traditional prevention controls. AitM phishing uses dedicated tooling to act as a proxy between the target and a legitimate login portal for an application, enabling attackers to steal live sessions. AitM toolkits employ reverse web proxies … Read more
August 27, 2024 at 04:34PM The U.S. Marshals Service denies being breached by the Hunters International ransomware gang, despite being listed as a new victim on the group’s leak site. Based on the meeting notes, it appears that the U.S. Marshals Service has denied any breach of its systems by the Hunters International ransomware gang. … Read more
August 27, 2024 at 10:33AM Volt Typhoon, a China-based cyber espionage group, has been linked with exploiting a high-severity security flaw in Versa Director. The attacks targeted U.S. and non-U.S. victims in ISP, MSP, and IT sectors. The flaw allows malicious file uploads, potentially leading to large-scale supply chain attacks. Recommendations include security mitigations and … Read more
August 27, 2024 at 09:30AM Microsoft is hosting the Windows Endpoint Security Ecosystem Summit to address security and resilience following the disruptive CrowdStrike incident. The summit aims to outline short- and long-term actions for user protection, with a focus on improving security, safe deployment practices, and resiliency. Discussions will include the impact of kernel access … Read more
August 25, 2024 at 02:36AM Cybersecurity researchers have discovered a stealthy Linux malware called sedexp, utilized by financially motivated threat actors since 2022. Noteworthy for using udev rules to maintain persistence, the malware runs upon system reboot, enabling remote access and memory modification to conceal its presence. It has been observed hiding credit card scraping … Read more
August 23, 2024 at 12:33PM A series of attacks since July 2024 have utilized a less common method known as AppDomain Manager Injection to exploit Microsoft .NET applications on Windows, posing a significant security threat. It seems like you’ve provided the introductory part of the meeting notes. How can I assist you with this information? … Read more
August 23, 2024 at 12:18PM Cybersecurity researchers revealed a new dropper facilitating the distribution of information stealers and loaders on Windows systems. The dropper decrypts and executes a PowerShell-based downloader, known as PEAKLIGHT, which then fetches additional malware payloads. The attack chain begins with the distribution of Windows shortcut (LNK) files within ZIP archives disguised … Read more
August 22, 2024 at 01:05PM NGate, a new Android malware, steals money from payment cards through NFC data relay. It tricks victims into installing malicious PWAs and WebAPKs, stealing banking credentials. Once installed, it uses NFC to capture and relay card data to the attacker’s device. It can also obtain the card PIN, posing a … Read more
August 22, 2024 at 11:47AM Salesforce’s Slack AI has patched a flaw identified by security firm PromptArmor, which could have allowed attackers to steal data from private Slack channels or engage in secondary phishing within the platform. The flaw is related to the use of a language model that did not recognize malicious instructions, enabling … Read more
August 22, 2024 at 09:09AM Deniss Zolotarjovs, a member of the Russian Karakurt ransomware group, has been charged in the U.S. for money laundering, wire fraud, and extortion crimes. As a key negotiator for the group, he was involved in multiple cases of extortion impacting American organizations. If convicted, he could face a maximum of … Read more