July 3, 2024 at 03:16AM FakeBat, a widely distributed loader malware, mainly aims to download and execute next-stage payload, using methods like SEO poisoning. Offered as a service on underground forums, it’s designed to bypass security mechanisms. Different activity clusters disseminate FakeBat and it’s being used in various malware campaigns. The malware is sold under … Read more
June 27, 2024 at 12:06PM State-sponsored actors have launched three novel credential-phishing campaigns compromising over 40,000 corporate users, including top executives, in just three months. These attacks use highly evasive tactics to circumvent security controls, focusing on stealing credentials from corporate users for cyber-espionage purposes. Security experts stress the need for organizations to adapt and … Read more
June 25, 2024 at 12:03AM Four Vietnamese nationals linked to the FIN9 cybercrime group have been indicted in the U.S. for orchestrating computer intrusions causing over $71 million in losses to companies. They are accused of conducting phishing campaigns and using stolen information for criminal activities. This comes amid global efforts to combat cybercrime. From … Read more
June 20, 2024 at 02:39AM Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader, targeting Chinese organizations through phishing campaigns. The loader uses various evasion techniques and can deliver second-stage shellcode payloads. Meanwhile, other loaders like Taurus Loader and PikaBot continue to evolve, presenting challenges for detection and mitigation. A law enforcement effort … Read more
June 15, 2024 at 06:42AM The Smishing Triad, a threat group previously targeting the E.U., U.S., Saudi Arabia, and the U.A.E., has expanded its operations to Pakistan. Operating via smishing tactics, they have targeted users of mobile carriers, impersonating Pakistan Post to steal personal and financial information. Other threat actors such as PINEAPPLE, UNC5176, FLUXROOT, … Read more
June 3, 2024 at 12:00AM Fake web browser updates are distributing remote access trojans (RATs) and info stealer malware like BitRAT and Lumma Stealer. Cybersecurity firm eSentire reported that attackers use bogus browser update lures to deliver malware. Attack chain involves booby-trapped sites, Discord-hosted ZIP archives, and PowerShell scripts. Threat actors also employ webhards and … Read more
May 3, 2024 at 05:09PM The 2024 Paris Olympics face cybersecurity challenges despite improved protection compared to previous events. Outpost24 identified security gaps including open ports, SSL misconfigurations, and domain squatting, giving attackers opportunities. France’s ANSSI agency is preparing for cyber threats, but diverse, sophisticated attacks are expected, influenced by geopolitics. Securing the rapidly changing … Read more
May 1, 2024 at 07:12AM The ZLoader malware, resurfaced after a two-year hiatus, has evolved with new anti-analysis features that make it harder to detect and analyze. It now restricts execution to the infected machine and employs techniques to avoid running on different hosts. Additionally, threat actors are utilizing fraudulent websites to spread malware through … Read more
April 30, 2024 at 06:15PM The Latrodectus malware is being distributed through phishing emails using Microsoft Azure and Cloudflare lures to appear legitimate and evade security software. This Windows malware downloader, linked to the IcedID malware developers, is increasingly used for phishing campaigns, contact form spam, and initial corporate network access. Infections can lead to … Read more
April 28, 2024 at 12:03PM Security researchers found that phishing campaigns targeting the USPS saw fake domains receiving traffic similar to the legitimate site, especially during holidays. The phishing operations mimic genuine USPS services, with convincing designs and tracking pages. Malicious domains received over 1.1 million queries, indicating heightened activity during the winter holidays. Consumers … Read more