#MaliciousActivity

Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks

by

October 9, 2024 at 09:11AM Threat actors are enhancing business email compromise (BEC) campaigns by using legitimate cloud file-sharing services like Dropbox and OneDrive, combined with social engineering tactics. This approach bypasses traditional security measures, allowing attackers to phish credentials and conduct further malicious activities. Microsoft advises enterprises to implement extended detection and response (XDR) … Read more

DoJ Charges 3 Iranian Hackers in Political ‘Hack & Leak’ Campaign

by

September 30, 2024 at 04:48PM The US Justice Department has charged three members of Iran’s Islamic Revolutionary Guard Corps with running a cyber campaign to impact the upcoming US presidential election. They are accused of conducting hacks against political campaigns, officials, and media members. The attackers used spear-phishing techniques targeting senior government officials and journalists, … Read more

North Korean scammers plan wave of stealth attacks on crypto companies, FBI warns

by

September 4, 2024 at 09:23PM The FBI warned of North Korean operatives planning intricate social engineering attacks on DeFi organization employees to steal cryptocurrency. The scammers use sophisticated tactics and target cryptocurrency-related businesses. North Korea’s efforts to obtain digital assets have become more refined, posing cybersecurity risks. The FBI also provided indicators of potential scam … Read more

CEO’s Arrest Will Likely Not Dampen Cybercriminal Interest in Telegram

by

September 4, 2024 at 09:03AM Telegram CEO Pavel Durov’s recent arrest in France for allowing his platform to be used for illegal activities, including child abuse and drug trafficking, is not expected to have a significant short-term impact on cybercrime. Despite some scrutiny and policy changes, experts anticipate cybercriminals will likely continue using the platform … Read more

‘Voldemort’ Malware Curses Orgs Using Global Tax Authorities

by

August 30, 2024 at 01:13PM The “Voldemort” malware campaign impersonates tax authorities in Europe, Asia, and the US, targeting organizations worldwide. It has affected dozens of organizations, with 20,000+ phishing messages reported. The malware, using Google Sheets for command and control, is designed for data exfiltration and deploying malicious payloads. Experts advise organizations to enhance … Read more

Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity

by

June 28, 2024 at 05:48AM The polyfill.io domain was suspended due to reports of malicious activity, with the Chinese owner claiming defamation. The domain was used to host polyfills, but reports of potential supply chain risks surfaced. Industry players like Google and Cloudflare took action, redirecting links and warning users. Funnull, the Chinese content delivery … Read more

Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers

by

June 4, 2024 at 07:06AM Snowflake, in collaboration with CrowdStrike and Mandiant, has reported a targeted campaign against a limited number of its customers. The company recommends enabling multi-factor authentication and limiting network traffic to trusted locations to prevent unauthorized access. U.S. CISA and ACSC issued alerts, and it’s advised to look for signs of … Read more

Poland says Russian military hackers target its govt networks

by

May 9, 2024 at 07:18PM Poland warns of state-backed Russian threat group targeting its government institutions. Russian APT28 hackers used a phishing campaign to trick officials into clicking malicious links, compromising their devices. This aligns with previous APT28 operations targeting NATO and EU members. APT28’s history includes hacking the DNC, DCCC, and the German Bundestag. … Read more

Cisco warns of large-scale brute-force attacks against VPN services

by

April 16, 2024 at 12:14PM Cisco warns about a global large-scale brute force attack targeting VPN and SSH services on various devices. The attack involves a mix of valid and generic employee usernames, started on March 18, 2024, and uses anonymization tools. It targets a range of services and lacks a specific focus, with possible … Read more

How to Identify a Cyber Adversary: Standards of Proof

by

March 12, 2024 at 10:11AM Part one of the article explains cybersecurity attribution, distinguishing between attribution and public disclosure, and discussing standards of proof including intelligence, judicial, and technical standards. Attribution is important for understanding the adversary and defending against future attacks. The article promises to delve into the key methods of attributing events to … Read more