Warning: New Adware Campaign Targets Meta Quest App Seekers

June 22, 2024 at 07:54AM A new phishing attack targets Meta Quest (formerly Oculus) app seekers, tricking them into downloading an adware called AdsExhaust. This adware can capture screenshots, interact with browsers, and generate revenue for operators by clicking on ads. The attack also includes social engineering tactics and the use of YouTube videos to … Read more

From network security to nyet work in perpetuity: What’s up with the Kaspersky US ban?

June 22, 2024 at 04:22AM The US government banned Kaspersky Lab from selling its products and issuing updates in America, and sanctioned some of its top executives on Friday. A 12-minute video discussion on this topic, “Kettle,” features cybersecurity editor Jessica Lyons, journalists Tom Claburn, Chris Williams, and Iain Thomson. The video is available as … Read more

Highly Evasive SquidLoader Malware Targets China

June 20, 2024 at 08:32AM Chinese-speaking victims have been targeted by a threat actor using the SquidLoader malware loader in recent attacks. The highly evasive SquidLoader malware is aimed at China. [SecurityWeek] Based on the meeting notes: – A threat actor has been using the SquidLoader malware loader in recent attacks targeting Chinese-speaking victims. – … Read more

Warning: Markopolo’s Scam Targeting Crypto Users via Fake Meeting Software

June 19, 2024 at 07:00AM A threat actor known as markopolo has been identified as behind a large-scale cross-platform scam targeting digital currency users using social media. The attack involves using a virtual meeting software, Vortax, to deliver malware. The article also highlights cybercriminals’ exploitation of cloud storage services to direct users to phishing landing … Read more

New BadSpace Backdoor Deployed in Drive-By Attacks

June 18, 2024 at 12:36PM A new backdoor named BadSpace uses a multi-stage attack that involves infected WordPress sites. It is distributed similarly to the SocGholish malware and is associated with the cybercrime group Evil Corp. BadSpace’s delivery chain starts with an infected website, deploying the backdoor through a fake browser update notification and JavaScript … Read more

Hackers use F5 BIG-IP malware to stealthily steal data for years

June 17, 2024 at 01:41PM The group Velvet Ant, believed to be Chinese cyberespionage actors, deployed custom malware on F5 BIG-IP appliances to establish persistent connections and steal data from a company undetected for nearly three years. Sygnia discovered the intrusion, outlining the attack methods and re-infection chain. They also provided defense recommendations to counter … Read more

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

June 17, 2024 at 03:00AM Legitimate-but-compromised websites are being used to distribute a Windows backdoor called BadSpace via fake browser updates. The attack involves infected websites, a command-and-control server, fake browser updates, and a JScript downloader. This backdoor, capable of anti-sandbox checks and system information harvesting, is being distributed through compromised sites. Key Takeaways from … Read more

Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks

June 15, 2024 at 05:18AM A suspected Pakistan-based threat actor, UTA0137, has conducted a cyber espionage campaign targeting Indian government entities in 2024. They use a malware called DISGOMOJI, a modified version of Discord-C2, to control Linux systems via Discord using emojis. The attacker has also employed various tactics to escalate privileges and socially engineer … Read more

Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups

June 14, 2024 at 08:43AM The blog entry analyzes the Noodle RAT backdoor, indicating it is used by Chinese-speaking groups involved in espionage and cybercrime. It covers the history, functionalities, communication protocols, and similarities to other malware such as Gh0st RAT and Rekoobe. The potential server-side components of Noodle RAT were also disclosed. For more … Read more

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

June 14, 2024 at 03:12AM North Korean threat actors have been increasingly targeting Brazil, mainly focusing on government, aerospace, technology, and financial sectors. These attacks involve using job-themed social engineering campaigns and spreading malware through cryptocurrency professionals and fake npm packages. Google and Microsoft have highlighted tactics used by different North Korean groups, shedding light … Read more