December 10, 2024 at 05:12AM The Ukrainian Computer Emergency Response Team (CERT-UA) warns of phishing attacks targeting defense firms and military forces by the Russia-linked UAC-0185 group. The emails masquerade as official conference invitations, containing malicious links that enable remote system access and credential theft from messaging apps and military systems. ### Meeting Takeaways – … Read more
December 6, 2024 at 06:31AM A 19-year-old California resident, Remington Ogletree, has been charged for his involvement in Scattered Spider cyberattacks, allegedly causing over $4 million in losses. He used social engineering to access networks, steal data, and launch phishing campaigns. Investigators linked him to multiple cybercrimes through various accounts and his own admissions. ### … Read more
November 20, 2024 at 02:29PM The U.S. Justice Department has charged five members of the Scattered Spider cybercrime gang with wire fraud and identity theft, accused of stealing over $11 million from cryptocurrency wallets through SMS phishing. This loosely organized group employs varied tactics and has connections to other hacking collectives and ransomware gangs. ### … Read more
November 7, 2024 at 05:17PM North Korean hacker group BlueNoroff is targeting crypto businesses with a new multi-stage macOS malware campaign, dubbed “Hidden Risk.” Utilizing phishing emails about cryptocurrency, the malware employs novel techniques for persistence and evasion, ensuring it remains undetected. This campaign marks an evolution in their tactics over the past year. ### … Read more
October 26, 2024 at 12:25AM The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a malicious email campaign targeting government and military bodies, linked to the Russian hacking group APT29. These emails use fake AWS domains to deploy Remote Desktop Protocol files for unauthorized access. CERT-UA also reports multiple ongoing cyber threats against Ukraine. … Read more
October 21, 2024 at 11:49AM Bumblebee malware has resurfaced more than four months after being disrupted by Europol’s ‘Operation Endgame.’ This malware, created by TrickBot developers, infects systems through phishing and promotes fake software. Recent attacks involve malicious ZIP files leading to stealthy installations. Researchers warn of its potential resurgence in cyber threats. ### Meeting … Read more
October 9, 2024 at 09:07PM AI-powered cyberattacks, especially involving deepfakes, are surging in the Asia-Pacific, with a 600% increase in deepfake mentions reported by UNODC. Cybercriminals leverage generative AI for phishing, misinformation, and sophisticated scams. Socioeconomic issues exacerbate the vulnerability in the region, necessitating international collaboration to combat these threats effectively. ### Meeting Takeaways 1. … Read more
October 2, 2024 at 04:05PM FIN7, a notorious APT hacking group, has launched fake AI-powered deepnude generator sites to spread malware. This Russian group is known for financial fraud and social engineering attacks. The network of fake deepnude sites lures in users with promises of generating explicit images, but actually spreads information-stealing malware. Other campaigns … Read more
September 30, 2024 at 07:18AM The article highlights how Microsoft 365 is targeted by cybercriminals due to its widespread usage, integrated services, and valuable data. It discusses vulnerabilities such as weak passwords, lack of multifactor authentication, and misconfigured settings, and recommends proactive defense measures including multilayered security, user training, and automated backup solutions like Backupify. … Read more
September 29, 2024 at 12:45PM Alethe Denis, a senior security consultant at Bishop Fox, specializes in physical security assessments and social engineering attacks. Denis and her team break into buildings by impersonating employees or vendors to access corporate networks and steal data. Despite AI and deepfake advancements, human interactions remain the most effective tactic for … Read more