April 19, 2024 at 02:09PM A sophisticated phishing campaign targeting LastPass users successfully stole master passwords using a hands-on approach. The attackers posed as customer service representatives, guiding victims to a fake website to reset their account access. LastPass has taken action to protect its customers and is urging awareness and caution against spoofed communication … Read more
April 18, 2024 at 10:12AM FIN7, a notorious cybercrime group, targeted the U.S. automotive industry through a spear-phishing campaign, deploying the Carbanak backdoor. The group has a history of financially motivated cybercrime and has evolved to conducting ransomware operations. The attack involved a sophisticated multi-stage process, but the infected system was removed early. Organizations are … Read more
April 15, 2024 at 10:41AM A Russian threat actor is targeting game developers with fraudulent Web3 gaming projects, spreading infostealers on MacOS and Windows. The goal is to defraud and steal cryptocurrency wallets. The campaign uses fake social media accounts and impersonates legitimate projects. The report recommends maintaining vigilance, providing training to recognize social engineering … Read more
April 11, 2024 at 07:45AM TA547, a threat actor, has initiated an invoice-themed phishing campaign targeting German organizations with the Rhadamanthys information stealer. This marks the first instance of TA547 using Rhadamanthys, possibly with a language model-generated PowerShell script. The group has also evolved into an initial access broker for ransomware attacks, employing geofencing tricks … Read more
April 10, 2024 at 10:52AM A new phishing campaign aimed at Microsoft Windows users deploys various malware, including VenomRAT, Remcos RAT, NanoCore RAT, and XWorm. The attackers use phishing emails with malicious attachments to infiltrate systems, aiming to steal critical data and establish persistence. Vigilance, education, and robust cybersecurity measures are crucial for mitigating such … Read more
April 8, 2024 at 05:15AM A new phishing campaign targets Latin American users by sending a phishing email with a ZIP file attachment containing a malicious HTML file posing as an invoice. When the link in the HTML file is opened from a Mexican IP address, a CAPTCHA verification page opens, leading to a malicious … Read more
April 4, 2024 at 07:03PM Visa issued a security alert warning about increased detections of the JsOutProx malware targeting financial institutions in South and Southeast Asia, the Middle East, and Africa. The malware provides remote access and can execute various malicious activities. Mitigation actions and indicators of compromise were recommended, and the campaign involved phishing … Read more
April 3, 2024 at 04:23PM Analysts uncover a phishing campaign called Rhadamanthys, which uses a fake “Federal Bureau of Transportation” to compromise recipients. The campaign is effective in its approach to deception. Based on the meeting notes, the key takeaway is that there has been the discovery of an effective phishing campaign that is spoofing … Read more
April 2, 2024 at 01:51AM TA558, a threat actor targeting the Latin America region, has launched a large-scale phishing campaign to deploy Venom RAT. Primarily focusing on hotel, travel, trading, financial, manufacturing, industrial, and government sectors in multiple countries, it aims to harvest sensitive data and remotely control systems. Additionally, malvertising campaigns delivering malware are … Read more
March 27, 2024 at 04:09AM A new phishing campaign discovered by Trustwave SpiderLabs involves a novel loader malware delivering Agent Tesla via a deceptive bank payment notification email. The malware evades detection and antivirus defenses, retrieves its payload using unique URLs, and exfiltrates data via legitimate email accounts. This tactic poses challenges for detection and … Read more