November 1, 2023 at 10:49AM Cybercriminals are increasingly using macro-enabled Excel add-in (XLL) files in malware attacks, according to HP Wolf Security. XLL files are now the seventh most commonly abused file extension, offering attackers greater capabilities than other options. Attackers have been experimenting with different file types since Visual Basic for Applications (VBA) macros … Read more
October 19, 2023 at 02:18PM A Google Ads campaign has been discovered promoting a fake KeePass download site that distributes malware. Threat actors are using Punycode to make the domain appear official, posing a challenge for security-conscious users. The Punycode domain is visually similar to the legitimate KeePass domain but with a slight difference. The … Read more
October 18, 2023 at 08:02AM Hackers are targeting internet-exposed Jupyter Notebooks to breach servers and deploy malware, including a Linux rootkit, crypto miners, and password-stealing scripts. This new campaign, called ‘Qubitstrike,’ aims to hijack Linux servers for cryptomining and steal credentials for cloud services. The malware is hosted on codeberg.org, marking the first instance of … Read more
October 17, 2023 at 03:52PM A malvertising campaign targeting users searching for the Notepad++ text editor has gone undetected for months. The campaign uses misleading titles in Google search result ads, leading users to a decoy site or a malicious website that serves a payload, likely Cobalt Strike. To avoid downloading malware, avoid clicking on … Read more
October 17, 2023 at 12:15PM Nation-state hacking groups are using Discord’s content delivery network (CDN) to target critical infrastructure. While Discord is currently mainly used by information stealers, a cybersecurity firm has found evidence of an artifact targeting Ukrainian critical infrastructure, indicating a potential emergence of APT malware campaigns on the platform. This introduces a … Read more