November 21, 2024 at 07:15AM Threat actors linked to North Korea are impersonating U.S. tech companies to evade sanctions and fund weapons programs. Using forged identities, they secure jobs and funnel earnings back to the DPRK. The U.S. seized numerous fraudulent websites as part of efforts to counter these illicit operations. ### Meeting Takeaways: Malware … Read more
November 18, 2024 at 07:19AM DeepData malware, developed by the China-linked APT41 (BrazenBamboo), exploits a zero-day vulnerability in Fortinet’s Windows VPN to steal credentials. It uses plugins for data surveillance and has similarities with the LightSpy malware. Volexity reports its capabilities and infrastructure, revealing significant operational resources behind these attacks. **Meeting Takeaways:** 1. **DeepData Malware … Read more
November 14, 2024 at 04:05PM The new Glove Stealer malware can bypass Google Chrome’s App-Bound encryption to steal cookies and sensitive information from various browsers and applications. It employs social engineering tactics similar to ClickFix infections and requires local admin privileges to operate. Analysts note its basic methods indicate it remains in early development. ### … Read more
September 25, 2024 at 12:50PM Threat actors are exploiting public interest in a scandal involving rapper Sean “Diddy” Combs to spread spyware through files claiming to reveal deleted social media posts. Researchers have found PySilon RAT disguised as “PdiddySploit,” posing serious security threats. Attackers are leveraging the scandal to spread malware, urging caution when interacting … Read more
September 19, 2024 at 07:10AM A malicious threat campaign is using GitHub repositories to distribute malware. The campaign targets users who are part of an open source project or subscribe to email notifications from it. Malicious GitHub users create false “security vulnerability” issues to spread malware. From the meeting notes, it appears that a threat … Read more
September 18, 2024 at 09:02PM A phishing attack targeted the upcoming US-Taiwan Defense Industry Conference, aiming to distribute fileless malware through a forged registration form. The event’s organizer, the US-Taiwan Business Council, promptly recognized and repelled the attack. This incident reflects a recurring threat to the conference, as well as the council’s proactive approach to … Read more
September 17, 2024 at 03:46AM Cryptocurrency exchange Binance warns of a global threat targeting cryptocurrency users with clipper malware to facilitate financial fraud. The malware monitors clipboard activity to steal sensitive data and replace cryptocurrency addresses with the attacker’s. Binance advises caution and taking steps to prevent further fraudulent transactions. Blockchain analytics firm Chainalysis reports … Read more
September 11, 2024 at 09:06AM Researcher Mordechai Guri introduced the PIXHELL data exfiltration method, exploiting monitor noise to bypass air-gapped computers. This approach, along with other air gap-jumping techniques, poses security threats. Malware manipulates LCD screen pixels to emit sound waves encoding sensitive information. The attack can transmit data at a rate of 5-20 bits … Read more
September 6, 2024 at 11:22AM A new Android malware called SpyAgent utilizes OCR to extract cryptocurrency wallet recovery phrases from images stored on mobile devices. Based on the meeting notes, it seems that a new Android malware called SpyAgent has been identified. This malware uses optical character recognition (OCR) technology to extract cryptocurrency wallet recovery … Read more
September 6, 2024 at 05:43AM The report discusses the TIDRONE threat cluster targeting military-related industries in Taiwan, particularly drone manufacturers. It highlights advanced malware tools, attack chain behaviors, loaders, backdoors, and attribution analysis linking the campaign to an unidentified Chinese-speaking threat group. The report also suggests protective measures and provides indicators of compromise. Based on … Read more