April 8, 2024 at 05:15AM A new phishing campaign targets Latin American users by sending a phishing email with a ZIP file attachment containing a malicious HTML file posing as an invoice. When the link in the HTML file is opened from a Mexican IP address, a CAPTCHA verification page opens, leading to a malicious … Read more
March 19, 2024 at 08:06AM AI email security controls are being bypassed by credential-stealing emails that hide malicious payloads within harmless-looking emails. This poses a major threat to enterprise networks. After reviewing the meeting notes, the key takeaways are: 1. Credential-stealing emails are bypassing AI’s “known good” email security controls by disguising malicious payloads in … Read more
March 6, 2024 at 07:15AM Hackers are using new Golang-based malware to target misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis. The campaign exploits configuration weaknesses and an old vulnerability in Atlassian Confluence. Researchers at Cado Security identified the attack, which involves novel Golang payloads and common Linux attack techniques to install a … Read more
March 1, 2024 at 08:57AM US government agencies issued a warning about ongoing Phobos ransomware attacks targeting critical infrastructure sectors. Operating since May 2019, Phobos employs a ransomware-as-a-service (RaaS) model, with tactics such as phishing emails, IP scanning, and use of remote access tools. Recommendations for mitigations and indicators of compromise are provided. From the … Read more
February 20, 2024 at 02:44PM Researchers discovered a new malware campaign targeting Linux-based Redis servers, using a piece of malware called ‘Migo’ to mine for cryptocurrency. Migo disables key security features of Redis, allowing attackers to run cryptojacking activities. It also establishes persistence for a Monero miner, uses a rootkit for concealment, and manipulates system … Read more
January 11, 2024 at 10:53AM GitHub’s widespread usage in IT has made it an attractive option for threat actors to host and deliver malicious content, acting as dead drop resolvers, command-and-control, and data exfiltration points. The platform is used for various malicious activities, including payload delivery and phishing, presenting challenges for traditional security defenses. Recorded … Read more
November 9, 2023 at 11:22AM Google Ads has been exploited by a threat actor to distribute a trojanized version of the CPU-Z tool, delivering the Redline info-stealing malware. The campaign uses a cloned copy of the legitimate site WindowsReport to host a malicious advertisement. Clicking on the ad leads to a redirect process that tricks … Read more