October 24, 2023 at 12:13PM Researchers have found hundreds of cyber scams related to the Israeli-Hamas conflict, including scam emails and fraudulent websites. These scams exploit people’s willingness to help those affected by the war and often use cryptocurrency as a payment method. Attackers use intimidation tactics and appeal to sympathy to manipulate recipients into … Read more
October 23, 2023 at 02:09PM The Quasar RAT malware is using DLL side-loading to steal data from compromised Windows hosts. The malware disguises itself as legitimate files, such as ctfmon.exe and calc.exe, to avoid detection. It can gather system information, execute commands, and establish remote access. The attack vector is likely phishing emails. Stay vigilant … Read more
October 20, 2023 at 04:12PM Cisco is set to release a patch on October 22 for two zero-day vulnerabilities in its IOS XE devices. One vulnerability, discovered earlier, had already been exploited to compromise over 10,000 devices. A second flaw, identified later, is being used in the same exploit chain. Exploitation is expected to continue … Read more
October 20, 2023 at 10:09AM Vietnamese actors linked to the Ducktail stealer have been using DarkGate malware to target entities in the UK, US, and India. The increase in DarkGate campaigns is attributed to the decision to rent it out on a malware-as-a-service basis. The campaigns also involve LOBSHOT and RedLine Stealer, with similar tactics … Read more
October 19, 2023 at 02:18PM A Google Ads campaign has been discovered promoting a fake KeePass download site that distributes malware. Threat actors are using Punycode to make the domain appear official, posing a challenge for security-conscious users. The Punycode domain is visually similar to the legitimate KeePass domain but with a slight difference. The … Read more
October 17, 2023 at 12:49PM Threat actors are disguising malware as fake browser updates and spreading it through vulnerable websites. This tactic has been adopted by multiple threat clusters, including TA569. The malicious code is injected into legitimate websites and presents users with convincing browser update notifications. When users click “Update,” they unknowingly download malware. … Read more
October 16, 2023 at 10:46AM The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint Cybersecurity Advisory (CSA) about the active exploitation of CVE-2023-22515, a vulnerability in Atlassian Confluence Data Center and Server. This vulnerability allows cyber threat actors to gain … Read more
October 16, 2023 at 06:24AM Israeli rocket alerting applications have been targeted by threat actors following the Israel-Gaza conflict. AnonGhost, a pro-Palestinian hacktivist group, successfully compromised at least one application, sending fake alerts including nuclear bomb messages. Another threat actor created a malicious version of the ‘RedAlert – Rocket Alerts’ app to infect users with … Read more
October 16, 2023 at 04:37AM Discord’s content delivery network (CDN) is being exploited by threat actors to distribute the Lumma Stealer malware, which steals user credentials. The malware is spread through direct messages, offering victims Discord Nitro boost in exchange for assistance and prompting them to download a file. Lumma Stealer can steal cryptocurrency wallets … Read more
October 13, 2023 at 03:59AM Void Rabisu, a threat actor associated with financially motivated ransomware attacks, has shifted its focus to targeted campaigns on Ukraine and countries supporting Ukraine. They have developed a new variant called ROMCOM, which they used in campaigns targeting EU military personnel and political leaders working on gender equality initiatives. The … Read more