May 23, 2024 at 02:59PM A Moroccan cybercrime group, Storm-0539, has evolved the gift card scam by targeting retailer systems to create and cash out gift cards. Utilizing social engineering and phishing, they compromise employee accounts to gain access. Microsoft reports a surge in their activity, advising organizations to adopt stringent security measures to combat … Read more
May 20, 2024 at 02:30AM Cybersecurity researchers have observed a surge in email phishing campaigns delivering Latrodectus, a new malware believed to be the successor to IcedID. The malware has advanced capabilities including execution, self-deletion, and persistence on Windows. Social engineering campaigns are also using updated techniques to propagate various malware loaders. Summary of Meeting … Read more
May 13, 2024 at 07:36AM The Black Basta ransomware group has targeted over 500 organizations globally, impacting critical infrastructure in North America, Europe, and Australia. Operating under a Ransomware-as-a-Service (RaaS) model, the group has earned over $100 million in ransom payments. Cyber-attacks are conducted through phishing, exploiting vulnerabilities, and deploying ransomware. Mitigations are recommended by … Read more
May 2, 2024 at 10:03AM Verizon’s 2024 Data Breach Investigations Report reveals a doubling of security incidents and confirmed breaches compared to the previous year. The exploitation of vulnerability as an initial breach point has surged by 180%, partly due to MOVEit and zero-day attacks. Additionally, the report emphasizes the need for faster response to … Read more
May 1, 2024 at 12:02AM The 2024 Data Breach Investigations Report by Verizon Business reveals that 14% of data breaches in 2023 stemmed from security bugs, demonstrating a 180% increase in exploitation. The MOVEit software breach contributed significantly to this trend, impacting various industries. The report emphasizes the urgent need for organizations to strengthen their … Read more
April 30, 2024 at 05:02PM Docker removed 3 million imageless public repositories from Docker Hub following a discovery by JFrog researchers. The repositories were found to contain links to malicious websites. JFrog highlighted the need for increased moderation on the platform. The attackers exploited a policy loophole that allowed them to include links in description … Read more
April 30, 2024 at 10:01AM Cybersecurity researchers have found malicious “imageless” containers in Docker Hub, creating a potential for supply chain attacks. The containers house documentation that leads users to phishing or malware websites. Over 4 million such repositories have been identified, used to redirect users to fraudulent sites in three distinct campaigns. This underscores … Read more
April 24, 2024 at 09:45AM Cybersecurity researchers have uncovered an ongoing attack campaign, FROZEN#SHADOW, utilizing phishing emails to distribute SSLoad malware, Cobalt Strike, and ConnectWise ScreenConnect. The campaign targets organizations in Asia, Europe, and the Americas, using various methods to deliver malware and gain access to critical systems. The attackers’ persistence poses significant risks to … Read more
April 17, 2024 at 04:44PM FIN7 targeted a U.S. car maker with spear-phishing emails to infect IT systems with the Anunak backdoor. The attack involved living-off-the-land binaries, scripts, and libraries and relied on a malicious URL impersonating legitimate software. The attack did not spread beyond the initial infected system. BlackBerry recommends defenses including MFA, training, … Read more
April 10, 2024 at 01:04AM MITRE ATT&CK techniques dominate cybersecurity incidents, particularly command and scripting interpreters (T1059) and phishing (T1566). A report by D3 Security reveals these techniques surpass others significantly. The widespread usage of malicious scripts underlines the need for comprehensive incident response plans. Additionally, robust education and multifactor authentication help defend against phishing … Read more