September 26, 2024 at 07:55AM Threat actors are targeting transportation and shipping organizations in North America, compromising email accounts to deliver various malware families like Arechclient2, DanaBot, Lumma Stealer, NetSupport, and StealC. The attacks involve injecting malicious content into compromised inboxes and using Google Drive links or URL files to deliver malware. Proofpoint advises caution … Read more
September 26, 2024 at 02:57AM Cloudflare has observed an advanced threat actor using multiple cloud service providers for credential harvesting, malware delivery, and command-and-control. The actor, known as SloppyLemming, targets government, law enforcement, energy, education, telecommunications, and technology entities in South and East Asian countries. The attacks involve spear-phishing emails, malicious links, and custom-built tools … Read more
September 20, 2024 at 02:54PM Ukraine bans government officials, military, and critical infrastructure workers from installing Telegram on state-issued devices due to national security concerns during the war with Russia. The ban stems from the app’s alleged use by Russia for cyberattacks and location tracking. Ukrainian users can still use Telegram on personal devices. Based … Read more
August 1, 2024 at 05:28PM Russian cybercriminals are exploiting weaknesses in the Domain Name System (DNS) with the “Sitting Ducks” attack, allowing them to gain unauthorized access to domains for malicious activities like malware delivery and data exfiltration. Researchers estimate over 1 million vulnerable domains daily, emphasizing the need for domain owners to evaluate and … Read more
June 12, 2024 at 06:33PM A new phishing campaign uses HTML attachments to exploit the Windows search protocol, enabling remote servers to deliver malware via batch files. Attackers can manipulate the search window’s title and force searches on remote hosts. The technique was highlighted by Prof. Dr. Martin Johns in 2020 and is now used … Read more
April 24, 2024 at 11:15AM North Korean threat actor Kimsuky exploited eScan antivirus’s update mechanism in a malware operation known as GuptiMiner. This involved a man-in-the-middle attack to deliver a malicious payload, enabling the deployment of backdoors and cryptocurrency miners in corporate networks. Despite eScan’s efforts to address the issue, new GuptiMiner infections persist. In … Read more
March 11, 2024 at 08:09AM Check Point reports that the financially motivated threat actor, Magnet Goblin, has been exploiting one-day vulnerabilities in public-facing services to deploy Linux backdoors. The actor targeted various vulnerabilities, including in Ivanti VPNs, Magento, and Qlik Sense. Check Point warns of ongoing trends for threat actors to target under-protected areas. Based … Read more
March 4, 2024 at 02:35PM The Predator mobile spyware operation, previously exposed by Amnesty International, has expanded its reach to Botswana and the Philippines, bringing the total number of countries it operates in to 11. The updated infrastructure includes delivery servers and IP addresses in these nations. The operation is recognized for its consistent delivery … Read more
November 15, 2023 at 08:58AM The US government has taken down the IPStorm botnet and arrested the man responsible for its operation. The botnet distributed malware to thousands of devices worldwide, allowing cybercriminals to use them for a proxy service. The guilty party, Sergei Makinin, faces up to 10 years in prison and has agreed … Read more