April 20, 2024 at 05:07PM Threat actors are exploiting a GitHub flaw to distribute malware through URLs connected to a Microsoft repository, giving the files an appearance of legitimacy. This vulnerability can be abused with any public repository on GitHub, allowing for convincing lures. Despite attempts by McAfee and others to address this issue, the … Read more
January 3, 2024 at 07:07PM Microsoft disabled the ms-appinstaller URI scheme due to its misuse by threat actors to install malware. The scheme was re-enabled on August 5, 2022, for some enterprise customers. However, its abuse allowed bypassing of Microsoft’s security checks. Microsoft is revoking abused code signing certificates and advising updates and policy changes … Read more
December 29, 2023 at 03:40PM Summary: This week, there was minimal research on ransomware, with focus on new attacks and LockBit affiliates targeting hospitals. Notable incidents include Yakult Australia’s cyber incident, Ohio Lottery’s system shutdown, LockBit attacks on German hospitals, and new ransomware variants discovered by PCrisk. Microsoft again disabled a protocol handler due to … Read more
December 29, 2023 at 11:16AM Multiple malware families are exploiting an undocumented Google OAuth endpoint called “MultiLogin” to revive expired authentication cookies and infiltrate users’ accounts. This technique allows cybercriminals to gain unauthorized access to Google accounts, even after password resets or logouts. Despite being notified, Google has not responded to inquiries about this issue. … Read more
October 16, 2023 at 04:37AM Discord’s content delivery network (CDN) is being exploited by threat actors to distribute the Lumma Stealer malware, which steals user credentials. The malware is spread through direct messages, offering victims Discord Nitro boost in exchange for assistance and prompting them to download a file. Lumma Stealer can steal cryptocurrency wallets … Read more