October 22, 2024 at 06:18AM Two malware families, Bumblebee and Latrodectus, have resurfaced in new phishing campaigns following a law enforcement operation called Endgame. Both are malware loaders aimed at stealing personal data. The campaigns utilize malicious email attachments and links to deploy these threats, targeting sectors like finance, automotive, and business. ### Meeting Takeaways … Read more
September 12, 2024 at 05:24AM Palo Alto’s Unit 42 threat intel team warns of a rising tactic used by phishers to steal victims’ credentials. They identified over 2,000 large-scale phishing campaigns abusing HTTP header refresh entries to redirect visitors to malicious websites. The phishing attacks primarily target business and economy sectors, highlighting the need for … Read more
August 21, 2024 at 04:59PM Threat actors are utilizing progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. This technique was observed in phishing campaigns in Poland and the Czech Republic. Two distinct campaigns targeted Hungarian financial institution OTP Bank and TBC Bank in Georgia. These apps bypass installation … Read more
August 14, 2024 at 02:15PM An ongoing social engineering campaign linked to the Black Basta ransomware group involves multiple intrusion attempts aiming at credential theft and deploying the SystemBC malware dropper. Threat actors use tactics such as email bombing, phone calls, and fake solutions to persuade users to download legitimate remote access software for deploying … Read more
August 1, 2024 at 05:28PM Russian cybercriminals are exploiting weaknesses in the Domain Name System (DNS) with the “Sitting Ducks” attack, allowing them to gain unauthorized access to domains for malicious activities like malware delivery and data exfiltration. Researchers estimate over 1 million vulnerable domains daily, emphasizing the need for domain owners to evaluate and … Read more
July 30, 2024 at 04:56PM New research shows that cybercriminals are now selling Generative AI (GenAI) account credentials alongside other illegal goods on underground hacker markets. The credentials are for platforms like ChatGPT, Quillbot, and Huggingface, with roughly 400 accounts stolen per day and sold for $15 each. The researchers advise organizations to monitor employee … Read more
July 30, 2024 at 07:24AM Cybersecurity researchers uncovered widespread phishing campaigns targeting small and medium-sized businesses in Poland in May 2024, deploying malware like Agent Tesla, Formbook, and Remcos RAT. The attacks also targeted Italy and Romania. Using compromised accounts and servers, the campaigns utilized a malware loader called DBatLoader to deliver the final payloads, … Read more
July 29, 2024 at 02:18AM The Gh0st RAT is being delivered to Chinese-speaking Windows users by the Gh0stGambit evasive dropper through a drive-by download scheme. The infection originates from a fake website masquerading as Google’s Chrome browser. The malware is capable of various malicious activities, and the distribution via drive-by downloads highlights the need for … Read more
July 23, 2024 at 11:23AM Thousands of typosquatting domains are exploiting the desperation of IT admins affected by the CrowdStrike outage. The domains aim to deceive users with small typos and extort money through phishing and extortion tactics. CrowdStrike has issued warnings and guidance for affected organizations, while some customers are still experiencing recovery challenges. … Read more
July 16, 2024 at 08:09PM MuddyWater, an Iranian government-linked cyber espionage group, has enhanced its malware with a custom backdoor, targeting Israeli organizations. Utilizing phishing lures, the group sends emails with malicious links, infecting victim devices with BugSleep malware. The evolving tactics and wider targeting pose challenges for detection and increase the group’s potential impact. … Read more