August 1, 2024 at 02:34PM Researchers are warning of increased abuse of Cloudflare Tunnel service by threat actors in malware campaigns, often delivering remote access trojans (RATs). Based on the meeting notes, the key takeaway is that researchers are concerned about threat actors using the Cloudflare Tunnel service to deliver remote access trojans (RATs) in … Read more
May 30, 2024 at 03:09AM Okta warns of credential stuffing susceptibility in Customer Identity Cloud, mentioning proactive communication with impacted customers. Users are advised to review tenant logs for unusual login events, rotate credentials, and restrict cross-origin authentication. Other mitigations include breached password detection, strong password enforcement, and passwordless, phishing-resistant authentication. The warning follows an … Read more
April 30, 2024 at 01:32PM Since early 2021, three large-scale campaigns targeted Docker Hub users by planting millions of repositories containing malware and phishing sites. JFrog researchers discovered that 20% of Docker Hub’s 15 million repositories had malicious content. They identified nearly 4.6 million repositories with no Docker images, linked to three major malicious campaigns. … Read more
March 22, 2024 at 11:21AM Cybersecurity researchers have detected a new wave of phishing attacks delivering a new information stealer called StrelaStealer, impacting over 100 organizations in the E.U. and the U.S. The attacks involve spam emails with evolving attachments, targeting various sectors with diverse tactics. Other malware families like Stealc and Rescoms RAT have … Read more
November 10, 2023 at 03:42PM Microsoft has issued a warning about BlueNoroff, a North Korean hacking group, setting up new attack infrastructure on LinkedIn for upcoming social engineering campaigns. The financially motivated group, also known as Sapphire Sleet, has a history of targeting cryptocurrency companies and employees. They gain access to systems by deploying malware … Read more
November 9, 2023 at 11:57AM A state-sponsored advanced persistent threat group named “Imperial Kitten” has been conducting watering-hole attacks against Israeli transportation, logistics, and technology sectors. The group, believed to have links to Iran’s Islamic Revolutionary Guard Corps, infiltrates legitimate websites to redirect visitors to attacker-controlled locations and phishing sites. The compromised data is then … Read more
October 20, 2023 at 10:09AM Vietnamese actors linked to the Ducktail stealer have been using DarkGate malware to target entities in the UK, US, and India. The increase in DarkGate campaigns is attributed to the decision to rent it out on a malware-as-a-service basis. The campaigns also involve LOBSHOT and RedLine Stealer, with similar tactics … Read more