June 30, 2024 at 10:35AM Fake IT support sites are promoting malicious PowerShell “fixes” to infect devices with information-stealing malware, targeting common Windows errors like the 0x80070643 error. Threat actors are creating fake videos and sites, with YouTube channels being hijacked to add legitimacy. Users should be cautious and seek fixes from trusted sources to … Read more
June 27, 2024 at 06:45AM Threat actors are exploiting the 2024 Olympics to lure victims into investing in ICO scams, using AI-generated images for fake ICO websites. With a surge in cybercriminals targeting major events, potential investors are at risk of losing money as scams promise returns but vanish, leaving victims with worthless assets. The … Read more
June 26, 2024 at 06:57AM Between 2021 and 2023, threat actors with ties to China and North Korea have conducted ransomware attacks targeting government and critical infrastructure sectors worldwide. Cybersecurity firms linked these attacks to groups including ChamelGang and state-sponsored entities. The use of ransomware in cyber espionage operations blurs the lines between cybercrime and … Read more
June 25, 2024 at 07:51AM Threat actors are using a novel attack technique, named GrimResource, to exploit a vulnerability in Microsoft Management Console (MMC) using maliciously crafted .MSC files. This technique allows for arbitrary code execution and has been used by the Kimsuky hacking group. The approach bypasses security measures and can lead to system … Read more
June 24, 2024 at 03:06PM A novel command execution technique, ‘GrimResource,’ leverages an unpatched Windows XSS flaw and specially crafted MSC files to deploy malware. This technique successfully evades detection and current antivirus engines. The attack begins with a malicious MSC file exploiting a known XSS vulnerability, ultimately leading to the deployment of Cobalt Strike … Read more
June 22, 2024 at 03:14PM The ‘Ratel RAT’ is an open-source Android malware widely used by cybercriminals to target outdated devices, often using ransomware to demand payment on Telegram. Check Point researchers detected over 120 campaigns using Rafel RAT, with high-profile organizations being targeted, particularly in the United States, China, and Indonesia. It’s crucial to … Read more
June 20, 2024 at 11:54AM Symantec reports that telecommunications companies in an unnamed Asian country have been targeted by Chinese espionage groups since at least 2021. The campaign included the use of custom backdoors such as Coolclient, Quickheal, and Rainyday, associated with known Chinese state-sponsored threat actors. The motive and collaboration among the threat actors … Read more
June 20, 2024 at 10:58AM Cybersecurity researchers have disclosed a now-patched security flaw in Phoenix SecureCore UEFI firmware affecting multiple Intel Core processor families. Tracked as CVE-2024-0762 with a CVSS score of 7.5, the “UEFIcanhazbufferoverflow” vulnerability allowed a local attacker to execute malicious code within the firmware, impacting devices using Phoenix SecureCore firmware on select … Read more
June 18, 2024 at 02:40PM Threat actors are using fake browser updates and error messages to trick users into pasting malicious PowerShell scripts, leading to malware infections. Researchers from Proofpoint identified two social engineering methods and observed the use of PowerShell in various campaigns, indicating a trend of creative attack chains. Mitigation includes user awareness … Read more
June 18, 2024 at 10:00AM Threat actors are distributing malicious software through free/pirated commercial software. Hijack Loader camouflages as a Cisco Webex Meetings’ ptService module, stealthily introducing Vidar Stealer. The attack uses DLL side-loading and PowerShell scripts, while other actors employ social engineering tactics to deliver malware like Lumma Stealer and SolarMarker. This underscores the … Read more