May 29, 2024 at 08:24AM The U.S. Department of Justice sentenced Malachi Mullings to 10 years for laundering $4.5 million through BEC and romance scams. He opened fake bank accounts and used the proceeds for luxury items. Meanwhile, Russian citizen Evgeniy Doroshenko has been indicted for selling access to corporate networks on cybercrime forums. Both … Read more
May 21, 2024 at 11:05AM A new attack campaign named CLOUD#REVERSER is using Google Drive and Dropbox for malicious activities. It starts with a phishing email containing a fake Excel file. The file drops multiple payloads, setting up persistence on the host and downloading additional PowerShell scripts to execute commands and download files from cloud … Read more
March 13, 2024 at 06:21AM A recent phishing campaign has been detected distributing remote access trojans (RAT) like VCURMS and STRRAT through a malicious Java-based downloader. The attackers are utilizing public services like AWS and GitHub to store malware and employing a Proton Mail email address for communication with a command-and-control server. The campaign includes … Read more
January 29, 2024 at 09:17AM A Microsoft Outlook security flaw, CVE-2023-35636, could expose NTLM v2 hashed passwords through a specially crafted file, recently patched by Microsoft. Attackers could exploit it via email or web, convincing users to open the file or click a link. Varonis researcher Dolev Taler reported the bug, highlighting potential leakage vulnerabilities. … Read more
November 2, 2023 at 10:11AM Password reuse is a dangerous vulnerability that IT teams struggle to detect. According to a TechRepublic survey, 53% of people admit to reusing passwords, making it easier for hackers to gain access. Verizon estimates that 86% of attacks start with compromised credentials. Organizations need to take steps to mitigate this … Read more