November 18, 2024 at 06:03AM A phishing campaign, attributed to a Chinese group named SilkSpecter, targets e-commerce shoppers in Europe and the U.S. ahead of Black Friday. Using fake sites mimicking brands, it aims to steal personal information and financial data through bogus discounts and SEO strategies. Victims may also face follow-up attacks. **Meeting Takeaways: … Read more
November 17, 2024 at 11:37AM Threat actors are increasingly using Scalable Vector Graphics (SVG) files for phishing and malware distribution due to their ability to evade detection. Unlike traditional image formats, SVGs use code to create images and can embed JavaScript, allowing attackers to hide malicious content. Users should treat unexpected SVG attachments as suspicious. … Read more
November 15, 2024 at 06:51AM A Vietnamese-speaking threat actor is using a new malware, PXA Stealer, to target government and educational institutions in Europe and Asia, stealing sensitive information, including credentials and financial data. The malware is delivered via phishing emails and is associated with a Telegram group selling compromised account credentials. ### Meeting Takeaways … Read more
November 14, 2024 at 04:05PM The new Glove Stealer malware can bypass Google Chrome’s App-Bound encryption to steal cookies and sensitive information from various browsers and applications. It employs social engineering tactics similar to ClickFix infections and requires local admin privileges to operate. Analysts note its basic methods indicate it remains in early development. ### … Read more
November 14, 2024 at 01:33AM A newly patched Windows NT LAN Manager (NTLM) vulnerability (CVE-2024-43451) was exploited by a Russia-linked actor in attacks on Ukraine, enabling the theft of user hashes via infected documents. The attack involves phishing emails linking to malicious files, leading to potential financial theft within an hour of compromise. ### Meeting … Read more
November 13, 2024 at 03:36PM A phishing campaign, attributed to Iranian threat actor TA455, targets aerospace professionals on LinkedIn by impersonating recruiters. Victims download a malicious zip file, leading to malware installation via DLL side-loading. The malware deploys Snail Resin and uses covert tactics to evade detection. Caution is advised for users in the aerospace … Read more
November 13, 2024 at 11:22AM A Hamas-affiliated threat group, WIRTE, has escalated cyber operations from espionage to disruptive attacks targeting Israeli entities and other regional countries despite ongoing conflict. Their techniques include phishing campaigns and malware like the SameCoin wiper, reflecting their politically motivated activities throughout 2024. ### Meeting Takeaways: Threat Intelligence / Cyber Espionage … Read more
November 12, 2024 at 12:52PM Researchers identified a tool named GoIssue on a cybercrime forum aimed at GitHub users for bulk credential theft and malicious activities. It automates email harvesting from GitHub profiles for phishing campaigns. Potentially linked to an earlier extortion campaign, it enhances risks for developers, urging vigilance against suspicious communications. ### Meeting … Read more
November 12, 2024 at 10:15AM Cybersecurity researchers warn of GoIssue, a tool for orchestrating large-scale phishing attacks on GitHub users by extracting emails from profiles. Marketed by a threat actor, it enables customized mass email campaigns, increasing risks of data theft and breaches. Additionally, a new two-step phishing attack uses compromised Microsoft files. ### Meeting … Read more
November 11, 2024 at 04:49PM Threat actors are using a modified Remcos RAT to exploit a Microsoft Windows vulnerability via phishing emails. The malware utilizes multiple script languages to evade detection and installs itself through a complex process. Experts emphasize the need for patch management, employee training, and endpoint protection as critical defenses against such … Read more