Experts Uncover 70,000 Hijacked Domains in Widespread ‘Sitting Ducks’ Attack Scheme

November 14, 2024 at 01:21PM Cybercriminals have exploited a technique called Sitting Ducks to hijack legitimate domains, predominantly for phishing and fraud, affecting nearly 800,000 domains in three months. Infoblox reports that 70,000 domains were hijacked, often using reputable brands, making detection difficult. This ongoing issue poses significant risks for businesses and individuals. ### Meeting … Read more

Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware

November 11, 2024 at 01:36AM Cybersecurity researchers revealed a new phishing campaign exploiting Remcos RAT, utilizing a malicious Excel attachment to execute a fileless variant. This allows attackers to remotely control compromised computers and gather sensitive data. Additionally, phishing tactics have evolved to include using legitimate DocuSign accounts and ZIP file concatenation to bypass security … Read more

New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus

November 8, 2024 at 02:27AM Researchers have identified a new malware campaign, CRON#TRAP, that infects Windows systems via a malicious shortcut file. It sets up a Linux virtual instance with a backdoor for remote access, complicating detection. Another campaign targets electronics companies using GuLoader malware via spear-phishing emails. Proactive security measures are essential. ### Meeting … Read more

North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

November 7, 2024 at 07:42AM A North Korean threat actor, BlueNoroff, has targeted cryptocurrency businesses using multi-stage malware that infects macOS devices via phishing emails and disguised applications. The campaign, named Hidden Risk, employs social engineering tactics, exploiting Apple developer accounts for notarization and illustrates the evolving strategies of North Korean cyber operations. **Meeting Takeaways: … Read more

China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait

November 7, 2024 at 06:21AM The China-aligned hacking group MirrorFace has targeted a European Union diplomatic organization using a phishing lure related to the upcoming 2025 World Expo in Japan. This marks their first attack in the EU, continuing a trend of targeting Japan and expanding into Taiwan and India since 2023. ### Meeting Takeaways … Read more

International Police Effort Obliterates Cybercrime Network

November 6, 2024 at 03:44PM Operation Synergia II, an international collaboration led by law enforcement and cybersecurity experts, dismantled a major cybercrime network from Hong Kong to Estonia, arresting 41 individuals and taking down 22,000 malicious servers. This operation targeted various cybercrimes, preventing numerous potential victims from exploitation. Interpol emphasized the need for global cooperation … Read more

22,000 IPs Taken Down in Global Cybercrime Crackdown

November 6, 2024 at 08:13AM Law enforcement successfully dismantled over 22,000 malicious IP addresses in an operation targeting phishing, infostealers, and ransomware activities. The crackdown represents a significant step in combating global cybercrime. **Meeting Takeaways:** 1. **Operation Overview**: A significant law enforcement operation targeted cybercrime activities. 2. **Malicious IPs**: Over 22,000 malicious IP addresses were … Read more

Interpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41

November 5, 2024 at 01:59PM Interpol’s Operation Synergia II resulted in 41 arrests and the dismantling of 1,037 servers linked to cybercrime across 95 countries from April to August 2024. The operation targeted ransomware, phishing, and information theft, backed by intelligence from private cybersecurity firms, significantly reducing cybercrime infrastructure globally. ### Meeting Takeaways: Operation Synergia … Read more

DocuSign’s Envelopes API abused to send realistic fake invoices

November 4, 2024 at 03:26PM Threat actors are exploiting DocuSign’s Envelopes API to send fake invoices impersonating brands like Norton and PayPal. By using a legitimate DocuSign domain, they bypass email security measures, misleading targets into e-signing documents that authorize fraudulent payments. This abuse has been reported extensively by concerned users. ### Meeting Takeaways 1. … Read more

Gang gobbles 15K credentials from cloud and email providers’ garbage Git configs

October 31, 2024 at 08:04PM Security researchers uncovered a criminal operation named Emeraldwhale, which exposed over 15,000 cloud service and email credentials in an unsecured AWS S3 bucket. The attackers used sophisticated tools to exploit misconfigured servers, targeting Git directories. Although linked to French-speaking malware, Emeraldwhale’s affiliation with a specific criminal group remains unclear. ### … Read more