October 23, 2024 at 05:20PM The Lazarus Group is targeting cryptocurrency users with a sophisticated scam involving a fake game website, exploiting a Chrome zero-day bug, and utilizing professional social media accounts. Researchers from Kaspersky warn this campaign, launched in February, highlights Lazarus’s evolving tactics and focus on generating revenue for North Korea’s missile program. … Read more
October 18, 2024 at 07:00AM Threat actors are using fake Google Meet pages in the ClickFix malware campaign to deliver infostealers for Windows and macOS. Users are tricked into executing malicious PowerShell commands through deceptive error messages. The campaign is linked to two groups, raising concerns about unknown cybercrime services facilitating these operations. ### Meeting … Read more
October 9, 2024 at 09:11AM Threat actors are enhancing business email compromise (BEC) campaigns by using legitimate cloud file-sharing services like Dropbox and OneDrive, combined with social engineering tactics. This approach bypasses traditional security measures, allowing attackers to phish credentials and conduct further malicious activities. Microsoft advises enterprises to implement extended detection and response (XDR) … Read more
October 6, 2024 at 11:50AM MoneyGram suffered a cyberattack causing a five-day system outage in September. While customers suspected ransomware, MoneyGram denies evidence of it. Investigation with external cybersecurity experts and law enforcement confirmed no ransomware involvement, with systems now operational. The attack, initiated through social engineering on the company’s internal help desk, was blocked … Read more
October 3, 2024 at 02:53PM The FIN7 threat group is using artificial intelligence and social engineering in a provocative campaign, advertising a “DeepNude Generator” to trick users into downloading infostealing malware. It also targets corporate users with malvertising. FIN7’s sophisticated tactics demonstrate a persistent and evolving threat, requiring organizations to develop indicators of attack and … Read more
September 29, 2024 at 12:45PM Alethe Denis, a senior security consultant at Bishop Fox, specializes in physical security assessments and social engineering attacks. Denis and her team break into buildings by impersonating employees or vendors to access corporate networks and steal data. Despite AI and deepfake advancements, human interactions remain the most effective tactic for … Read more
September 26, 2024 at 07:55AM Threat actors are targeting transportation and shipping organizations in North America, compromising email accounts to deliver various malware families like Arechclient2, DanaBot, Lumma Stealer, NetSupport, and StealC. The attacks involve injecting malicious content into compromised inboxes and using Google Drive links or URL files to deliver malware. Proofpoint advises caution … Read more
September 16, 2024 at 09:27AM Cybersecurity researchers warn about North Korean threat actors targeting LinkedIn users with RustDoor malware, posing as cryptocurrency recruiters. The attackers aim at infiltrating financial and cryptocurrency networks through social engineering campaigns, prompting victims to download malicious coding challenges. The RustDoor backdoor persists in macOS and Windows machines, highlighting evolving tactics … Read more
September 13, 2024 at 09:57AM British authorities announced the arrest of a 17-year-old male in connection with a cyber attack on Transport for London. The attack led to unauthorized access of customer data, including bank account numbers and sort codes. The individual has been released on bail, while the investigation remains ongoing. Another 17-year-old from … Read more
September 7, 2024 at 03:39AM North Korean threat actors are using LinkedIn for fake job recruiting operations to target developers, disguising malware as coding challenges. They also employ recruiting-themed lures to deliver malware, as seen in a social engineering campaign involving a malicious PDF. This activity, including crypto heists, is a conduit for generating illicit … Read more