July 1, 2024 at 06:00PM “Unfurling Hemlock,” a financially motivated Eastern European threat actor, is using a cluster bomb cyber tactic to distribute up to 10 unique malware files at a time on systems in the US, Germany, Russia, and other countries. The attacker distributes malware through nested compressed Microsoft Cabinet (CAB) files and has … Read more
June 25, 2024 at 07:51AM Threat actors are using a novel attack technique, named GrimResource, to exploit a vulnerability in Microsoft Management Console (MMC) using maliciously crafted .MSC files. This technique allows for arbitrary code execution and has been used by the Kimsuky hacking group. The approach bypasses security measures and can lead to system … Read more
June 24, 2024 at 03:14PM The command execution technique “GrimResource” exploits an unpatched Windows XSS flaw using malicious MSC files to deploy Cobalt Strike malware. This technique was recently found to be actively exploited in the wild, leveraging an old vulnerability in the Microsoft Management Console. The attack can lead to the execution of other … Read more
June 19, 2024 at 03:35AM Criminals are using social engineering techniques to target organizations worldwide with malicious PowerShell scripts disguised as fake error messages from Google Chrome, Microsoft Word, and OneDrive. Proofpoint identified at least two criminal groups using this tactic, with the possibility of spreading ransomware. Organizations are advised to train employees to recognize … Read more
June 17, 2024 at 06:35PM A new malware distribution campaign utilizes fake Google Chrome, Word, and OneDrive errors to deceive users into running malicious PowerShell “fixes,” leading to malware installation. The campaign is linked to threat actors responsible for ClearFake, ClickFix, and TA571 attacks, employing various tactics such as website overlays and HTML attachments to … Read more
June 6, 2024 at 02:24AM A malicious Python package called crytic-compilers was discovered on the Python Package Index, posing as a legitimate library named crytic-compile. It was designed to deliver an information stealer called Lumma. Additionally, more than 300 WordPress sites have been compromised with malicious Google Chrome update pop-ups, leading to the deployment of … Read more
May 13, 2024 at 03:09AM Cybersecurity researchers discovered a malicious Python package, requests-darwin-lite, concealing a Golang version of the Sliver command-and-control framework within a PNG image of the project’s logo. The package, downloaded 417 times before being removed, aimed to gather system identifiers and raise concerns about open-source malware distribution. (Words: 50) From the meeting … Read more
May 11, 2024 at 03:45AM FIN7, a financially motivated threat actor, has used malicious Google ads to imitate reputable brands, such as AnyDesk and Google Meet, to spread the NetSupport RAT. The group has evolved from targeting point-of-sale systems to launching ransomware campaigns and has expanded its malware arsenal. This activity has prompted Microsoft to … Read more
April 22, 2024 at 11:10AM Threat actors are exploiting a GitHub and GitLab flaw to distribute malware via URLs associated with legitimate repositories, creating convincing lures. This issue also affects GitLab, allowing malware to be pushed via comments. Examples show how malware files were made to appear linked to reputable organizations. The flaw remains unaddressed … Read more
April 21, 2024 at 05:15AM A new information stealer using Lua bytecode was found by McAfee Labs, identified as a variant of RedLine Stealer. It targets cryptocurrency wallets, VPN software, and web browsers, spreading through GitHub by masquerading as game cheats. The malware functions as a backdoor, exfiltrating data to its command-and-control server. It’s part … Read more