Fake Google Chrome errors trick you into running malicious PowerShell scripts

June 17, 2024 at 06:35PM A new malware distribution campaign utilizes fake Google Chrome, Word, and OneDrive errors to deceive users into running malicious PowerShell “fixes,” leading to malware installation. The campaign is linked to threat actors responsible for ClearFake, ClickFix, and TA571 attacks, employing various tactics such as website overlays and HTML attachments to … Read more

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors

May 30, 2024 at 11:16AM Fastly warns of ongoing exploitation of vulnerabilities in three WordPress plugins, enabling the injection of malicious scripts and backdoors. These flaws permit unauthenticated stored cross-site scripting attacks, creation of new administrator accounts, and stealing of credentials. Impacting over 600,000 installations, the campaign is emanating from IPs linked to AS IP … Read more

New North Korean Threat Actor Engaging in Espionage, Revenue Generation Attacks

May 29, 2024 at 08:12AM Microsoft reports a new North Korean threat actor, Moonstone Sleet, targeting education, defense, and IT for espionage and revenue. The group combines tactics of other North Korean actors with unique methods, using fake companies and job opportunities to engage potential targets, employing trojanized tools, launching a custom ransomware, and engaging … Read more

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

May 21, 2024 at 11:05AM A new attack campaign named CLOUD#REVERSER is using Google Drive and Dropbox for malicious activities. It starts with a phishing email containing a fake Excel file. The file drops multiple payloads, setting up persistence on the host and downloading additional PowerShell scripts to execute commands and download files from cloud … Read more

Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

April 8, 2024 at 05:15AM A new phishing campaign targets Latin American users by sending a phishing email with a ZIP file attachment containing a malicious HTML file posing as an invoice. When the link in the HTML file is opened from a Mexican IP address, a CAPTCHA verification page opens, leading to a malicious … Read more

‘Conversation Overflow’ Cyberattacks Bypass AI Security to Target Execs

March 19, 2024 at 08:06AM AI email security controls are being bypassed by credential-stealing emails that hide malicious payloads within harmless-looking emails. This poses a major threat to enterprise networks. After reviewing the meeting notes, the key takeaways are: 1. Credential-stealing emails are bypassing AI’s “known good” email security controls by disguising malicious payloads in … Read more

Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware

March 6, 2024 at 07:15AM Hackers are using new Golang-based malware to target misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis. The campaign exploits configuration weaknesses and an old vulnerability in Atlassian Confluence. Researchers at Cado Security identified the attack, which involves novel Golang payloads and common Linux attack techniques to install a … Read more

Critical Infrastructure Organizations Warned of Phobos Ransomware Attacks

March 1, 2024 at 08:57AM US government agencies issued a warning about ongoing Phobos ransomware attacks targeting critical infrastructure sectors. Operating since May 2019, Phobos employs a ransomware-as-a-service (RaaS) model, with tactics such as phishing emails, IP scanning, and use of remote access tools. Recommendations for mitigations and indicators of compromise are provided. From the … Read more

New Migo malware disables protection features on Redis servers

February 20, 2024 at 02:44PM Researchers discovered a new malware campaign targeting Linux-based Redis servers, using a piece of malware called ‘Migo’ to mine for cryptocurrency. Migo disables key security features of Redis, allowing attackers to run cryptojacking activities. It also establishes persistence for a Monero miner, uses a rootkit for concealment, and manipulates system … Read more

Threat Actors Increasingly Abusing GitHub for Malicious Purposes

January 11, 2024 at 10:53AM GitHub’s widespread usage in IT has made it an attractive option for threat actors to host and deliver malicious content, acting as dead drop resolvers, command-and-control, and data exfiltration points. The platform is used for various malicious activities, including payload delivery and phishing, presenting challenges for traditional security defenses. Recorded … Read more