January 3, 2024 at 10:39AM Information stealers are exploiting a Google authentication vulnerability to regenerate cookies and maintain access to accounts, despite password changes. The exploit, involving a MultiLogin endpoint and Chrome tokens, allows attackers to gain persistent access to Google services. The technique has been adopted by multiple infostealers, raising concerns about widespread cyberattacks. … Read more
January 3, 2024 at 09:42AM Cyber Toufan, a hacking group linked to geopolitical tensions, has targeted over 100 public and private organizations in Israel. Suspected to be supported by Iran, the group is known for breaching servers, leaking data, and engaging in digital retaliation. Their victims include high-profile Israeli entities, with some still struggling to … Read more
December 29, 2023 at 04:36AM North Korean state actors are using spear-phishing attacks to distribute various malware and backdoors to infiltrate compromised systems. An advanced persistent threat group known as Kimsuky is responsible for the malicious activity, with a focus on targeting entities in South Korea and expanding globally. The group has been sanctioned by … Read more
December 29, 2023 at 01:06AM Microsoft has disabled the ms-appinstaller protocol handler by default due to abuse by threat actors distributing malware. Malicious MSIX application packages are used to deliver ransomware via Microsoft Teams or fake advertisements. Multiple financially motivated hacking groups have exploited the App Installer service. This is not the first time Microsoft … Read more
December 22, 2023 at 11:52AM Microsoft observed Iranian nation-state cyberattackers Peach Sandstorm delivering FalseFont backdoor to individuals within the military-industrial sector, aiming for global infrastructure supporting military research. FalseFont allows remote access, file execution, and data transmission to control servers. It was first observed in early November, and the group’s ongoing improvements suggest continued interest … Read more
December 22, 2023 at 11:03AM When AlphV/BlackCat’s website went down, it sparked excitement among cybersecurity defenders who believed law enforcement had busted the cyber criminal crew. Though the website is now back, skepticism remains about its explanation for the outage. Singapore-based Group-IB’s 20th anniversary was celebrated with insights into infiltrating ransomware groups, shedding light on … Read more
December 22, 2023 at 01:18AM Microsoft has observed an Iranian threat actor targeting organizations in the Defense Industrial Base sector with a newly discovered backdoor named FalseFont. This backdoor allows remote access, file launching, and data transmission to its command-and-control servers. The campaign aligns with previous activity by the threat actor, indicating an ongoing evolution … Read more
December 20, 2023 at 09:05AM Microsoft’s “Digital Defense Report 2023” highlights a surge in human-operated ransomware attacks, password-based attacks, and business email compromise incidents. It also points out expanding nation-state threats and the crucial role of AI and large language models in cybersecurity. The report underscores the importance of basic security hygiene and advanced AI-driven … Read more
December 20, 2023 at 06:27AM The article discusses the growing threat of website impersonation and brandjacking, highlighting the challenges faced by organizations and the new approach offered by Memcyco’s real-time website spoofing protection solution. Memcyco’s Proof of Source Authenticity (PoSA™) technology, digital watermark, and back-end dashboard tools offer enhanced protection and attack visibility, promising to … Read more
December 19, 2023 at 06:22PM Qakbot malware has resurfaced, distributed through phishing emails targeting hospitality organizations. Microsoft, Zscaler, and Proofpoint reported sightings of a new 64-bit version using AES encryption. Despite a takedown in August, Qakbot’s operators continue distributing other malware. Lumu observed 1,581 attempted attacks in September, indicating the group’s resilience. The group’s continued … Read more