July 3, 2024 at 06:05AM Unknown threat actors exploited a patched Microsoft MSHTML security flaw to distribute the surveillance tool MerkSpy, targeting users in Canada, India, Poland, and the U.S. The attack used a Microsoft Word document to trigger the exploitation, enabling the download and execution of malicious payloads to collect sensitive information and establish … Read more
July 3, 2024 at 03:16AM FakeBat, a widely distributed loader malware, mainly aims to download and execute next-stage payload, using methods like SEO poisoning. Offered as a service on underground forums, it’s designed to bypass security mechanisms. Different activity clusters disseminate FakeBat and it’s being used in various malware campaigns. The malware is sold under … Read more
July 2, 2024 at 06:08PM Many online accounts using passkey technology are still vulnerable to adversary-in-the-middle (AitM) attacks, allowing attackers to manipulate the login screen and remove passkey authentication. This discovery by security researcher Joe Stewart highlights the need for more secure authentication methods and account recovery options. Enterprises can mitigate this risk by implementing … Read more
June 28, 2024 at 09:01AM A large scale supply chain attack affecting numerous websites has been traced to a common operator. Leaked Cloudflare secret keys revealed the connection between the attack and the CDN services Polyfill.io, BootCDN, Bootcss, and Staticfile. Collaborative efforts of several security researchers contributed to the discovery. The attack’s widespread impact and … Read more
June 26, 2024 at 06:57AM Apple has released a firmware update addressing an authentication issue affecting various headphone models, allowing potential unauthorized access. The vulnerability could enable eavesdropping on private conversations. Additionally, a logic flaw in visionOS has been patched to prevent a denial-of-service attack. This comes after the rollout of updates to address 21 … Read more
June 26, 2024 at 04:39AM Researchers discovered an updated version of the Android banking trojan, Medusa, targeting users in multiple countries. The trojan features new capabilities and uses fake updates and dropper apps for distribution. Its reduced permissions and expanded geographic reach make it harder to detect. Similar campaigns distributing another Android malware, SpyMax, have … Read more
June 25, 2024 at 08:14AM The latest Omdia Vulnerability Report highlights Trend Micro™ Zero Day Initiative’s significant role in cybersecurity, spearheading 60% of 2023 disclosures. This underscores Trend’s comprehensive threat coverage, proactive risk mitigation, and trustworthiness. Leveraging Trend’s expertise can help organizations effectively manage attack surface risk and stay ahead of potential cyber threats. Based … Read more
June 20, 2024 at 04:21AM A new Rust-based malware, Fickle Stealer, is observed being delivered through various attack chains to harvest sensitive data. It uses different distribution methods, including PowerShell scripts, to bypass security measures and exfiltrate data to a remote server. Fickle Stealer targets information from crypto wallets, web browsers, and applications while also … Read more
June 18, 2024 at 12:36PM A new backdoor named BadSpace uses a multi-stage attack that involves infected WordPress sites. It is distributed similarly to the SocGholish malware and is associated with the cybercrime group Evil Corp. BadSpace’s delivery chain starts with an infected website, deploying the backdoor through a fake browser update notification and JavaScript … Read more
June 13, 2024 at 02:42AM Chinese-speaking threat actors have utilized a new cross-platform malware, Noodle RAT, for espionage or cybercrime since at least July 2016. This previously undocumented backdoor is distinct from existing malware, with both Windows and Linux versions. Analysis suggests it’s shared among Chinese-speaking groups and likely sold commercially within China’s cyber espionage … Read more