June 22, 2024 at 03:14PM The ‘Ratel RAT’ is an open-source Android malware widely used by cybercriminals to target outdated devices, often using ransomware to demand payment on Telegram. Check Point researchers detected over 120 campaigns using Rafel RAT, with high-profile organizations being targeted, particularly in the United States, China, and Indonesia. It’s crucial to … Read more
June 20, 2024 at 11:54AM Symantec reports that telecommunications companies in an unnamed Asian country have been targeted by Chinese espionage groups since at least 2021. The campaign included the use of custom backdoors such as Coolclient, Quickheal, and Rainyday, associated with known Chinese state-sponsored threat actors. The motive and collaboration among the threat actors … Read more
June 20, 2024 at 10:58AM Cybersecurity researchers have disclosed a now-patched security flaw in Phoenix SecureCore UEFI firmware affecting multiple Intel Core processor families. Tracked as CVE-2024-0762 with a CVSS score of 7.5, the “UEFIcanhazbufferoverflow” vulnerability allowed a local attacker to execute malicious code within the firmware, impacting devices using Phoenix SecureCore firmware on select … Read more
June 18, 2024 at 02:40PM Threat actors are using fake browser updates and error messages to trick users into pasting malicious PowerShell scripts, leading to malware infections. Researchers from Proofpoint identified two social engineering methods and observed the use of PowerShell in various campaigns, indicating a trend of creative attack chains. Mitigation includes user awareness … Read more
June 18, 2024 at 10:00AM Threat actors are distributing malicious software through free/pirated commercial software. Hijack Loader camouflages as a Cisco Webex Meetings’ ptService module, stealthily introducing Vidar Stealer. The attack uses DLL side-loading and PowerShell scripts, while other actors employ social engineering tactics to deliver malware like Lumma Stealer and SolarMarker. This underscores the … Read more
June 17, 2024 at 06:35PM A new malware distribution campaign utilizes fake Google Chrome, Word, and OneDrive errors to deceive users into running malicious PowerShell “fixes,” leading to malware installation. The campaign is linked to threat actors responsible for ClearFake, ClickFix, and TA571 attacks, employing various tactics such as website overlays and HTML attachments to … Read more
June 17, 2024 at 04:01PM Panera Bread likely paid a ransom following a ransomware attack that compromised employee data. The company sent breach notifications indicating stolen personal information, which led to a week-long disruption. There are claims of a ransom payment made to prevent data release, supported by internal emails and Reddit posts. The assurance … Read more
June 14, 2024 at 10:27AM Pakistan-based threat actors, identified as Cosmic Leopard and UTA0137, have targeted Indian government entities in separate espionage campaigns. Operation Celestial Force, ongoing since 2018, utilizes Android and Windows malware to target individuals in defense, government, and related technology sectors. Similarly, UTA0137 has been using the ‘Disgomoji’ malware to access Linux … Read more
June 6, 2024 at 08:30AM Cybersixgill’s threat experts shed light on the critical threats posed by supply chain attacks, targeting organizations’ third-party vendors and suppliers. These attacks provide unauthorized access to sensitive information, resulting in financial losses, data breaches, and operational disruptions. With an increasing number of cybercriminals targeting the supply chain, it is essential … Read more
June 6, 2024 at 07:42AM Multiple China-linked state-sponsored cyberespionage groups, known as Operation Crimson Palace, targeted a Southeast Asian government over years. They utilized various tools, including a new malware named PocoProxy, for reconnaissance and data harvesting. Sophos identified three clusters of activity, suggesting a coordinated campaign under a central authority to support Chinese state … Read more