March 25, 2024 at 06:23PM The United States accused seven Chinese individuals, members of cyber-espionage group APT31, of hacking into critical infrastructure organizations’ computer networks, email accounts, and cloud storage. UK also alleged their involvement in email compromises. Both countries sanctioned a front company for China’s Ministry of State Security (MSS) and two of the … Read more
February 26, 2024 at 09:15AM Over 8,000 subdomains of reputable brands and institutions have been illicitly commandeered as part of a spam and click monetization system known as SubdoMailing. The ResurrecAds threat actor is responsible for this intricate campaign, using the hijacked domains to distribute phishing emails and circumvent security measures. Guardio Labs is actively … Read more
February 20, 2024 at 03:54PM Researchers have identified a concerning increase in the spread of banking malware through abusive use of Google Cloud Run Service. Campaigns have expanded beyond Latin America, with Cisco Talos noting an uptick in such attacks since September 2023. Malicious emails with links to threat-controlled Cloud Run Web services are used … Read more
January 11, 2024 at 02:35PM A surge in phishing scams in the UAE has prompted warnings from authorities and businesses, particularly concerning fake websites posing as official entities. These counterfeit sites are being promoted through search engine manipulation and tactics such as ‘Black Hat’ SEO Poisoning. Reports also highlight an increase in phishing emails impersonating … Read more
January 10, 2024 at 01:37PM Cybercriminals are using tactics such as fake 401(k) notices, open enrollment communications, and salary adjustment messages to steal employees’ credentials. Despite organizations’ robust email security solutions, phishing emails are still making their way into employees’ inboxes, particularly targeting large enterprises. Cofense advises coordinating and educating personnel to mitigate these attacks … Read more
December 21, 2023 at 05:04PM An unidentified threat actor conducted numerous social engineering campaigns targeting American and Canadian organizations, aiming to infect them with the multifaceted DarkGate malware. Named “BattleRoyal,” the actor utilized a variety of techniques including phishing emails, fake browser updates, and exploit of Windows Defender vulnerability. The actor later switched to using … Read more
November 28, 2023 at 04:06AM Law enforcement agencies from seven nations, in cooperation with Europol and Eurojust, have arrested key members of a ransomware group in Ukraine. The group paralyzed major corporations using ransomware like LockerGoga, MegaCortex, HIVE, and Dharma. The investigation revealed that the group encrypted over 250 servers, resulting in losses exceeding several … Read more
November 7, 2023 at 05:54AM ChatGPT, a popular AI chatbot, is both a productive tool and a security risk. Attackers can exploit ChatGPT for activities like data exfiltration, spreading misinformation, and writing phishing emails. On the other hand, defenders can use it to identify vulnerabilities and enhance their security posture. It is crucial to acknowledge … Read more