#MalwareAttacks

Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors

by

April 2, 2024 at 01:51AM TA558, a threat actor targeting the Latin America region, has launched a large-scale phishing campaign to deploy Venom RAT. Primarily focusing on hotel, travel, trading, financial, manufacturing, industrial, and government sectors in multiple countries, it aims to harvest sensitive data and remotely control systems. Additionally, malvertising campaigns delivering malware are … Read more

N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks

by

March 24, 2024 at 02:57AM Kimsuky, a North Korea-linked threat actor, has been observed utilizing Compiled HTML Help (CHM) files to distribute malware, targeting entities in South Korea, North America, Asia, and Europe. The cybersecurity firm Rapid7 has attributed this activity to Kimsuky with moderate confidence. The group’s tactics include deploying an Endoor backdoor malware … Read more

Typosquatting Wave Shows No Signs of Abating

by

March 11, 2024 at 05:26PM The practice of typosquatting involves using look-alike websites and domain names to deceive users, often relying on human errors to capture victims. Attackers are continuously improving their tactics, making it difficult to detect these fraudulent domains and messages. Various industries have fallen victim to typosquatting, prompting experts to emphasize the … Read more

Microsoft Confirms Windows Exploits Bypassing Security Features

by

February 13, 2024 at 02:57PM Microsoft has issued a large set of security software updates, highlighting three vulnerabilities being exploited in live malware attacks. The updates address 72 security flaws in the Windows ecosystem, warning of risks including remote code execution and privilege escalation. Meanwhile, Adobe has patched 30 security flaws and urged users to … Read more

Ivanti warns of new Connect Secure zero-day exploited in attacks

by

January 31, 2024 at 08:48AM Ivanti has warned of two vulnerabilities affecting Connect Secure, Policy Secure, and ZTA gateways. The first vulnerability (CVE-2024-21893) is a zero-day bug allowing server-side request forgery, granting unauthorized access. The second flaw (CVE-2024-21888) enables privilege escalation. Ivanti has released security patches and mitigation measures. Threat actors have exploited these vulnerabilities, … Read more

Netgear, Hyundai latest X accounts hacked to push crypto drainers

by

January 8, 2024 at 04:07PM Netgear and Hyundai MEA Twitter accounts, with over 160,000 followers, were hijacked to promote cryptocurrency scams, involving malware aimed at draining victims’ cryptocurrency wallets. Hyundai recovered its account, while Netgear is still compromised. Verified government and business accounts are increasingly targeted for similar scams, with cryptocurrency ads and phishing sites … Read more

Google Goes After Scammers Abusing Its Bard AI Chatbot

by

November 14, 2023 at 04:44PM Google has filed two lawsuits to combat the abuse of its AI chatbot, Bard, for cyber scams. The first lawsuit targets cybercriminals who used social media ads to trick users into downloading Google’s AI tools, only to serve them malware instead. The second lawsuit accuses malicious actors of using Google’s … Read more

Google Dynamic Search Ads Abused to Unleash Malware ‘Deluge’

by

October 30, 2023 at 06:13PM A new method of using vulnerable websites to deliver malicious ads to search engine users has been discovered. The technique involves using Google’s “dynamic search ads” feature to pair targeted ads with searches. A compromised website was used to serve a fake software ad, overwhelming victims with malware. The researcher … Read more

Patch Now: APTs Continue to Pummel WinRAR Bug

by

October 19, 2023 at 11:05AM State-sponsored threat actors from Russia and China are exploiting the WinRAR vulnerability in unpatched systems to deliver malware. Google TAG has observed attacks targeting organizations in Ukraine and Papua New Guinea. The flaw is a known vulnerability in WinRAR, but many systems remain vulnerable. Patching remains a global challenge for … Read more

Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies

by

October 19, 2023 at 10:21AM The MATA backdoor framework has been used in a cyber espionage operation targeting Eastern European companies in the oil and gas sector and defense industry. Spear-phishing emails were used to deliver malware, exploiting a vulnerability in Internet Explorer. The MATA framework is linked to the Lazarus Group and a new … Read more