September 4, 2024 at 09:49AM Threat actors are exploiting the “Revival Hijack” attack to register new PyPi projects using names of previously deleted packages, potentially leading to malicious package downloads. Recently leveraged in the wild, this technique highlights the need for developers to take action to mitigate this threat, including using package pinning and verifying … Read more
August 9, 2024 at 11:25AM A widespread malware campaign installed malicious Google Chrome and Microsoft Edge browser extensions, stealing browsing history and data. Malware employed diverse malvertising themes, infecting victims’ web browsers through fake software installers and digitally signed downloaders. The malware evaded antivirus detection, hijacked browser homepages, and persisted in the system, necessitating manual … Read more
July 15, 2024 at 10:16AM Cybercriminals are using Facebook business pages and ads to promote fake Windows themes, pirated games, and software, infecting users with the SYS01 malware. They exploit hijacked or newly-created pages to reach users, stealing personal information and Facebook cookies. The malware targets browsers, cryptocurrency wallets, and Facebook account data, posing a … Read more
June 12, 2024 at 01:41PM A new phishing kit has been released enabling creation of deceptive corporate login forms using Progressive Web Apps (PWAs). PWAs are web-based apps that imitate desktop applications and can display fake address bars to make phishing forms look convincing. Security researcher mr.d0x has released templates for this technique, potentially enabling … Read more
May 16, 2024 at 09:38AM Microsoft Threat Intelligence revealed that a financially motivated threat actor, Storm-1811, is conducting a vishing campaign using Quick Assist for remote access, posing as trusted contacts. The attacker delivers Black Basta ransomware and additional malware through various means, emphasizing the need for vigilance and user education to combat social engineering … Read more
April 6, 2024 at 12:04PM The U.S. Department of Health and Human Services warns of hackers using social engineering to target IT help desks in the Healthcare and Public Health sector. They gain access by enrolling their own MFA devices and using AI voice cloning. Similar tactics are used by the Scattered Spider threat group. … Read more
March 6, 2024 at 05:39PM Researchers have detected a cyber campaign targeting vulnerable cloud servers running Apache Hadoop, Atlassian Confluence, Docker, and Redis. The attackers deploy a cryptomining tool and a Linux-based reverse shell for potential future targeting. The campaign, known as Spinning YARN, exploits known vulnerabilities and misconfigurations, with tactics overlapping with threat groups … Read more
February 22, 2024 at 10:51AM The open-source pentesting tool SSH-Snake has been used to steal SSH credentials from approximately 100 organizations, leading to worm-like attacks on networks. Developed by Joshua Rogers, the tool maps network dependencies and enables hackers to compromise systems. Despite being used for malicious purposes, its fileless and self-replicating nature makes it … Read more
January 18, 2024 at 06:15AM Attackers have launched a new campaign targeting vulnerable Docker services, deploying an XMRig miner and the 9hits viewer app on compromised hosts for dual monetization. They exploit resources of these systems to drive traffic as part of the 9hits traffic exchange system, showcasing a need for stricter security checks and … Read more