March 25, 2024 at 02:13PM The Top.gg Discord bot community, with over 170,000 members, has been targeted by a supply-chain attack aiming to deliver malware for data theft and monetization. The attacker used various tactics, including hijacking GitHub accounts and distributing malicious Python packages. This campaign compromised user data from various platforms, highlighting the risks … Read more
March 25, 2024 at 10:18AM Summary: Over 100 US and EU organizations have been targeted in recent phishing campaigns distributing the StrelaStealer malware, which harvests credentials from email clients. Palo Alto Networks reports multiple large-scale campaigns with varying techniques, targeting high-tech, finance, legal, government, and other sectors. The evolving malware aims to evade security detection. … Read more
March 25, 2024 at 08:00AM Python developers, including a maintainer of Top.gg, were targeted by information-stealing malware. Attackers cloned and inserted malicious code into Colorama, a widely-used tool, and spread it through fake mirror domains and compromised repositories. The malware invaded systems, stealing data and executing additional harmful actions, impacting multiple browsers and platforms. Key … Read more
March 20, 2024 at 10:36AM A low-level threat actor is using common malware and genuine software to attack Russian businesses. It appears that a relatively simple threat actor is focusing on Russian companies, using commonly available malware as well as legitimate software. Full Article
March 18, 2024 at 08:10PM The Kimsuky-attributed campaign involves an eight-step process for compromising systems, starting with initial execution and culminating in establishing stealth and persistence by downloading additional code from Dropbox and executing it. Based on the meeting notes, it appears that the Kimsuky-attributed campaign involves eight steps to compromise systems. These steps include … Read more
March 18, 2024 at 04:34PM Fujitsu confirmed the compromise of internal computers, the presence of malware, and potential theft of customer data. The statement did not detail the type of malware used, the timing of the breach, or the extent of data accessed. Fujitsu took immediate action to disconnect affected systems, implement enhanced security measures, … Read more
March 18, 2024 at 10:01AM Fujitsu, world’s 6th largest IT services provider, disclosed a major cybersecurity incident, revealing malware infection and customer data theft. The tech giant operates in 100+ countries, with strong ties to the Japanese government. Though no customer data misuse is reported, Fujitsu is investigating the breach and preparing individual notices for … Read more
March 14, 2024 at 02:23AM DarkGate malware exploits a fixed Windows Defender SmartScreen flaw to install fake software, overcoming security checks. This flaw, tracked as CVE-2024-21412, allows attackers to execute files automatically. Trend Micro reports that DarkGate operators are using this vulnerability to enhance infection rates. The campaign involves a multi-step infection chain and employs … Read more
March 13, 2024 at 05:26PM The DarkGate malware exploits Windows Defender SmartScreen vulnerability, allowing attackers to automatically install fake software. Microsoft fixed the flaw in mid-February, but DarkGate operators are still using it to infect targeted systems. The attack involves malicious emails with PDF attachments, using open redirects to bypass security checks. Once executed, the … Read more
February 16, 2024 at 09:45AM Cryptocurrency companies are targeted by a new Apple macOS backdoor called RustDoor, distributed as a Visual Studio update and used in targeted attacks. Its components include first-stage downloaders masquerading as job offering PDFs, Golang-based binaries, and leaky endpoint revealing infected victims’ details. Meanwhile, a South Korean IT organization affiliated with … Read more