December 10, 2024 at 11:48AM Users of Cleo-managed file transfer software are urged to secure their systems due to exploitation of a remote code execution vulnerability (CVE-2024-50623). Despite patches, the issue persists, affecting products like Cleo Harmony and VLTrader. At least 10 companies have been compromised, with evidence of ransomware involvement. ### Meeting Takeaways – … Read more
October 24, 2024 at 09:36PM Russian, Iranian, and Chinese troll efforts to spread disinformation ahead of the November 5 US election are increasing, with each pursuing different objectives. Microsoft warns of AI-assisted campaigns targeting election integrity, while specific groups, including Iran’s Cotton Sandstorm, are involved in spying and fake news dissemination against candidates. **Meeting Takeaways:** … Read more
October 16, 2024 at 03:48AM A spear-phishing campaign in Brazil is delivering the Astaroth banking Trojan, targeting sectors like manufacturing and government. The malware is disguised as official tax documents to lure users. Recommendations to counter these threats include strong passwords, multi-factor authentication, and keeping security software updated. **Meeting Takeaways – October 16, 2024** **Subject:** … Read more
October 10, 2024 at 04:00AM Researchers have uncovered a new malware campaign involving the Mongolian Skimmer, using Unicode obfuscation to hide its code. Targeting e-commerce, the skimmer collects sensitive data via an inline script. It employs various techniques to evade detection and ensure broad browser compatibility, even coordinating with other threat actors for profit sharing. … Read more
October 7, 2024 at 02:35PM Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service, caused by a use-after-free weakness. The vulnerability, reported by Google Project Zero and Amnesty International Security Lab, has been exploited in targeted attacks. Qualcomm urges immediate update deployment and has also fixed another severe … Read more
September 19, 2024 at 03:37PM GreyNoise, an internet intelligence firm, has been monitoring “Noise Storms” comprising spoofed internet traffic since January 2020, yet has been unable to determine their origin and purpose despite thorough analysis. Based on the meeting notes, it appears that the internet intelligence firm GreyNoise has been tracking large waves of “Noise … Read more
August 29, 2024 at 04:10PM Google’s Threat Analysis Group detected similarities between attack tactics used by Russia-linked APT29 group and commercial spyware vendors. The APT29 group, known for past cyber intrusions, utilized malware targeting vulnerabilities in mobile operating systems similar to those used by spyware vendors NSO Group and Intellexa. This underscores the danger posed … Read more
August 29, 2024 at 09:05AM Between November 2023 and July 2024, the Russian state-sponsored APT29 group, also known as “Midnight Blizzard,” utilized iOS and Android exploits in cyberattacks on Mongolian government websites. Google’s Threat Analysis Group identified the group’s use of n-day flaws that remain effective on devices not updated. APT29’s exploits overlapped with those … Read more
August 9, 2024 at 09:11AM Microsoft has reported an increase in Iranian efforts to influence the upcoming US presidential election, indicating potential activity to incite violence against key figures. They highlighted the distinct characteristics of Iranian influence operations as well as the involvement of state-sponsored groups with different objectives and methods. Concerns also surround Russia’s … Read more
August 6, 2024 at 02:24AM Google has addressed a high-severity security flaw in the Android kernel, identified as CVE-2024-36971, acknowledging its active exploitation. The patch also includes fixes for 47 flaws, with indications that the vulnerability may be exploited in targeted attacks. The company is collaborating with OEM partners to apply fixes where applicable. The … Read more