A recent phishing campaign has emerged, exploiting Google’s own infrastructure to deceive users into revealing their credentials. By leveraging Google’s DomainKeys Identified Mail (DKIM) and the Google Sites platform, attackers have crafted emails that appear legitimate, making them difficult to detect. How the Attack Works The phishing emails originate from what seems to be a […]
In recent cybersecurity developments, the advanced persistent threat (APT) group known as ToddyCat has been exploiting a vulnerability in ESET’s security software to deploy a novel malware dubbed TCESB. This sophisticated attack highlights the urgent need for organizations to audit their security protections and ensure they have the capabilities in place to defend against threats […]
As the April 15 tax filing deadline approaches in the United States, cybercriminals are intensifying their efforts to exploit taxpayers through sophisticated phishing campaigns. Microsoft has recently highlighted a surge in tax-themed email attacks designed to steal personal information and deploy malware. Understanding Tax-Themed Phishing Attacks Phishing attacks involve deceptive emails or messages that […]
Microsoft has exposed a new wave of sophisticated password spray attacks led by the Chinese state-sponsored threat actor, Storm-0940, which leverages a botnet called CovertNetwork-1658—also known as Quad7 or xlogin. This botnet infrastructure, comprising thousands of compromised SOHO (Small Office/Home Office) routers, enables highly evasive cyberattacks against Microsoft 365 accounts across sectors in North America and […]
Microsoft recently announced the general availability of Inbound SMTP DANE with DNSSEC for Exchange Online customers, aiming to enhance email security and prevent sophisticated attacks. This move integrates two advanced security standards: SMTP DANE (DNS-based Authentication of Named Entities) and DNSSEC (Domain Name System Security Extensions), creating a robust barrier against email-based threats. Background and Rollout Details […]
Zyxel recently addressed several critical security vulnerabilities across a range of its networking devices, including a particularly severe flaw identified as CVE-2024-7261. This vulnerability is an OS command injection issue, which received a CVSS v3 score of 9.8, placing it in the “critical” category. The flaw stems from improper input validation in the “host” parameter […]
The BlackByte ransomware group, a significant and persistent threat in the ransomware-as-a-service (RaaS) ecosystem, has introduced a new iteration of its encryptor, further intensifying its attacks on organizations globally. Believed to be a splinter group from the infamous Conti gang, BlackByte’s recent activities demonstrate its relentless evolution and strategic shift in targeting methodologies. Cisco Talos, […]
Cybercriminals have adopted a sophisticated new tactic that uses Progressive Web Applications (PWAs) to impersonate legitimate banking apps, enabling them to steal credentials from iOS and Android users. These PWAs, which are cross-platform web applications that mimic native apps, allow attackers to bypass security restrictions, evade detection, and gain access to sensitive device permissions without […]
Recent discoveries by cybersecurity researchers at Cisco Talos highlight critical vulnerabilities in Microsoft’s popular macOS applications, posing significant security risks despite Microsoft labeling them as low-severity threats. Attackers could exploit these flaws to gain unauthorized access to a user’s microphone, camera, sensitive data, and even escalate privileges. Although these issues affect apps like Word, Excel, […]
Cybersecurity researchers from Elastic Security Labs have uncovered significant vulnerabilities in Windows SmartScreen and Smart App Control (SAC). These flaws can potentially allow cybercriminals to execute malicious applications on Windows devices without triggering security warnings. Windows SmartScreen and Smart App Control Overview Windows SmartScreen, integrated into the Microsoft Edge browser, helps protect users against phishing […]
Hunters International, a formidable ransomware-as-a-service (RaaS) group, has deployed a sophisticated new remote access trojan (RAT) known as SharpRhino. Quorum Cyber researchers who discovered the new malware report that this malware, written in C#, specifically targets IT professionals by impersonating the legitimate Angry IP Scanner tool through typosquatting domains. Hunters International uses this approach to […]
Cybersecurity experts at Trend Micro have discovered a critical remote code execution (RCE) vulnerability, identified as CVE-2024-38112, within the Microsoft MHTML protocol handler. This vulnerability, dubbed ZDI-CAN-24433, was reported to Microsoft and later patched. However, the advanced persistent threat (APT) group Void Banshee actively exploited it. Exploitation by Void Banshee Void Banshee, known for targeting […]
Exim, the widely used Mail Transfer Agent (MTA) on Unix-like operating systems, faces a critical vulnerability, CVE-2024-39929, with a CVSS score of 9.1. This vulnerability affects Exim releases up to and including version 4.97.1. It allows remote attackers to bypass security filters, delivering malicious executable attachments directly to user inboxes. Immediate action is required to […]
In June 2024, eSentire’s Threat Response Unit (TRU) identified a significant case involving a Vidar Stealer infection. This infection began when a victim searched online for solutions to a Windows Update Error code such as 0x80070643. During their search, they landed on a site named PCHelper Wizards, which offered a supposedly simple fix through a […]
In early June 2024, a hacker known as “Sp1d3r” listed a database for sale on the dark web, claiming it contained data from the Los Angeles Unified School District (LAUSD) stolen from their Snowflake account. Pricing the database at $150,000, Sp1d3r included sensitive information such as student names, addresses, family details, demographics, financial records, grades, […]
Crown Equipment Corporation, one of the largest forklift manufacturers in the world, employing 19,600 people and having 24 manufacturing plants in 14 locations worldwide, recently confirmed a significant cyberattack that disrupted its operations for weeks. The Attack and Immediate Response On June 9th, Crown Equipment’s network was breached by an international cybercriminal organization. The company’s […]
A recent cyberattack on CDK Global has caused a significant disruption in car dealerships across the United States. This cyber incident has brought thousands of car dealerships to a standstill, impacting their operations severely. Here is a detailed account of what transpired and the implications for the affected businesses. The Scope of the Attack CDK […]
In February 2024, EclecticIQ cybersecurity researchers discovered phishing campaigns targeting financial institutions using embedded QR codes in PDF attachments to redirect victims to phishing URLs. Recently, these campaigns have begun using a Phishing-as-a-Service (PhaaS) platform known as ONNX Store, which now targets both Microsoft 365 and Office 365 email accounts. The platform enables phishing attacks […]
Overview of BadSpace Malware BadSpace is a sophisticated Windows backdoor malware that attackers deliver through compromised websites, especially those built on WordPress. This malware uses a multi-stage attack chain involving infected websites, command-and-control (C2) servers, fake browser updates, and a JScript downloader to infiltrate victims’ systems. Infection Chain: How BadSpace Infiltrates Systems According to German […]
A new, highly sophisticated phishing campaign has been detected by Trustwave that leverages HTML attachments to exploit the Windows search protocol, delivering malware through batch files hosted on remote servers. This article summarizes the mechanisms of the attack, mitigation measures, and insights into preventing such threats. Phishing Campaign Overview Researchers at Trustwave cybersecurity firm have […]
Cybersecurity researchers at eSentire have uncovered a sophisticated phishing attack leveraging the More_Eggs malware, disguised as job resumes. This tactic, identified over two years ago, continues to threaten organizations significantly. Recently, attackers targeted an unnamed company in the industrial services sector, underscoring the ongoing evolution of cyber threats and the need for heightened vigilance among […]
Cybersecurity researchers at ThreatFabric have uncovered a macOS variant of the LightSpy spyware, previously known for targeting iOS and Android devices. This development highlights the extensive reach and sophistication of this surveillance tool. LightSpy, a modular framework, has evolved to infiltrate various platforms, posing significant threats to user privacy and security. Origins and Evolution First reported […]
Advance Auto Parts, a major U.S. automotive aftermarket parts provider, has fallen victim to a significant data breach. Cybercriminals, operating under the handle “Sp1d3r,” claim to have stolen 3 terabytes of data from the company’s Snowflake cloud storage account. The stolen dataset, now being offered for sale at $1.5 million, includes vast amounts of sensitive […]
RansomHub, a nascent yet prolific ransomware-as-a-service (RaaS) operation, has recently come into the limelight due to its rapid rise and significant impacts. Cybersecurity researchers have traced its origins back to the now-defunct Knight ransomware, itself a rebrand of the Cyclops ransomware. RansomHub has a short history and operated mainly as a data theft and extortion […]
In today’s interconnected digital world, cyber attacks have become an ever-present threat targeting individuals, businesses, and governments alike. Understanding the different types of cyber attacks is crucial for organizations and individuals to effectively mitigate risks and protect themselves against potential breaches. Here, we delve into 20 of the most common types of cyber attacks with […]
Okta, a leading cybersecurity company specializing in identity and access management, has issued a warning about ongoing credential stuffing attacks targeting its Customer Identity Cloud (CIC) feature, particularly its cross-origin authentication. These attacks have been observed since April 15, 2024, affecting numerous customers. Credential stuffing is a type of cyber attack where threat actors use […]
Microsoft has recently unveiled a new North Korean state-aligned threat actor named Moonstone Sleet, previously known as Storm-1789. This group is implicated in a series of sophisticated cyber attacks, blending traditional techniques with innovative methodologies to target various sectors, including software, IT, education, and defense. Moonstone Sleet’s operations highlight the evolving landscape of cyber threats […]
The digital landscape is rapidly evolving, bringing both unprecedented opportunities and new threats. Among the most concerning of these threats is the Distributed Denial of Service (DDoS) attack, particularly a novel variant known as DNSBomb discovered by researchers from the Tsinghua University in Beijing, China. This powerful and practical pulsing DoS attack exploits DNS queries […]
In February 2024, U.S. pharmaceutical giant Cencora, formerly known as AmerisourceBergen, suffered a significant cyberattack leading to a major data breach. The attack compromised the personal and highly sensitive medical information of individuals associated with eight prominent drug companies that partner with Cencora for pharmaceutical and business services. Details of the Data Breach The data […]
A malicious crypto mining campaign codenamed ‘REF4578,’ has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner. Researchers at the cybersecurity firms Elastic Security Labs and Antiy have underlined the unusual sophistication of these crypto-mining attacks in separate reports and shared detection rules to help […]
With the rise of artificial intelligence, new features are continually being introduced to enhance user experience. The new Microsoft’s Recall feature, which captures screenshots of your active screen every few seconds and analyzes them using AI, exemplifies this trend by promising to enhance productivity with innovative AI-driven functionalities. However, despite its groundbreaking potential, this technology […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a significant security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog. This action underscores the critical nature of the vulnerability, which has already seen active exploitation in the wild. The flaw, identified as CVE-2023-43208, has a serious impact due to […]
In a landmark case, The U.S. Department of State and U.S. Department of Justice have charged an Arizona woman, Christina Chapman, and an Ukranian man who, along with three unidentified foreign nationals, allegedly assisted North Korean IT workers in remotely working for US companies under false US identities. This scheme facilitated foreign IT workers in […]
A newly discovered vulnerability in the IEEE 802.11 WiFi standard, known as CVE-2023-52424, poses significant risks to network security. This flaw, dubbed the SSID Confusion attack, allows malicious actors to trick devices into connecting to less secure networks, thereby enabling eavesdropping type of attacks. The SSID Confusion Attack Researchers have identified a critical design flaw […]
Cybercriminals have now identified a new vector for ransomware attacks by leveraging the Windows Quick Assist feature. Consequently, this emerging threat, primarily driven by a group known as Storm-1811, employs sophisticated social engineering techniques to deploy the notorious Black Basta ransomware. Therefore, understanding these tactics and implementing effective cybersecurity measures are crucial to mitigating these […]
As digital transformation accelerates, the sophistication of cyber threats has also increased. Recent discoveries by Check Point Research have brought to light a significant vulnerability in Foxit PDF Reader, a popular software used by over 700 million users worldwide. This flaw has been exploited by threat actors to deliver malware via booby-trapped PDF documents. Overview […]
In today’s digital landscape, cybercriminals continuously adapt their tactics to exploit vulnerabilities and gain unauthorized access to sensitive information. One emerging threat is AI-powered vishing (voice phishing) and deepfake phishing attacks. Utilizing machine learning algorithms, these sophisticated attacks can deceive even the most cautious individuals. AI-Powered Phishing Attacks Phishing traditionally involves deceptive emails, messages, or […]
Federal agencies and cybersecurity experts have issued urgent warnings about the Black Basta ransomware group, which has targeted over 500 organizations across North America, Europe, and Australia since April 2022. This ransomware-as-a-service (RaaS) operation has breached numerous private industry and critical infrastructure sectors, causing severe disruptions and significant financial losses. One of the most notable […]
The increasing prevalence of identity document fraud, especially in today’s digital landscape, has made it essential for the implementation of advanced verification systems to thwart fraudulent activities. As of 2023, the most prevalent method of such fraud was the “document image-of-image” technique, identified in 63% of all rejected IDs. This type of fraud involves using […]
The security flaw known as “TunnelVision,” officially registered under CVE-2024-3661, represents a significant threat to the integrity of VPN (Virtual Private Network) communications. This vulnerability leverages a DHCP (Dynamic Host Configuration Protocol) option, specifically the classless static route option 121, to manipulate VPN traffic. This manipulation occurs when an attacker sets up a rogue DHCP […]
Ascension, one of the largest private healthcare systems in the United States, experienced significant disruptions in its clinical operations due to a suspected cybersecurity incident. This major nonprofit health system, which operates 140 hospitals and 40 senior care facilities across 19 states including the District of Columbia, reported unusual activity on its technology networks on […]
Nearly 52,000 instances of Tinyproxy, a popular open-source HTTP and HTTPS proxy server, are currently exposed to a severe security threat identified as CVE-2023-49606. This critical remote code execution (RCE) vulnerability affects primarily Tinyproxy services that are widely used by small businesses, public WiFi providers, and individual users who favor its efficiency and minimal resource […]
Cybersecurity researchers at the Symantec Threat Hunter Team, part of Broadcom, have noticed a troubling trend where multiple hacking collectives, including APT28, REF2924, Red Stinger, Flea, APT29, and OilRig, are increasingly exploiting Microsoft Graph API for malicious activities. These groups have been using Microsoft’s cloud services, like OneDrive, to host their command-and-control (C2) infrastructure, effectively […]
Dropbox has confirmed a significant breach of its Dropbox Sign service (formerly HelloSign), which compromised a wide range of customer information, including emails, usernames, phone numbers, hashed passwords, and various authentication details like API keys, OAuth tokens, and multi-factor authentication setups. The breach, identified on April 24, 2024, also exposed the email addresses and names […]
In a new research, SafeBreach’s Or Yair has unveiled significant security vulnerabilities in the Windows DOS-to-NT path conversion process. These findings, which Yair presented at the Black Hat Asia conference, illustrate how attackers could potentially achieve rootkit-like capabilities without requiring administrative permissions. Understanding the DOS-to-NT Path Conversion Vulnerability During a typical operation where a Windows […]
LastPass is alerting its users to a malicious campaign employing the CryptoChameleon phishing kit, notorious for cryptocurrency theft. Researchers have identified CryptoChameleon as a sophisticated phishing kit initially used against Federal Communications Commission (FCC) employees through counterfeit Okta single sign-on (SSO) pages. Security experts at Lookout have found that this phishing kit has also compromised […]
Since June 2023, cybersecurity observers have detected a surge in affordable ransomware offerings, termed “junk gun” ransomware, on the dark web. These tools are the product of independent developers and represent a shift away from the decade-long dominance of the ransomware-as-a-service (RaaS) model in the cybercriminal ecosystem. Sophos X-Ops has documented 19 distinct junk gun […]
Cisco Talos has issued a warning about a massive credential brute-force campaign that targets VPN and SSH services on devices worldwide. The campaign, which started on March 18, 2024, uses a mix of valid and generic employee usernames to crack the correct login credentials. Once the attackers gain access, they can hijack devices or infiltrate […]
Cisco Duo recently warned that hackers breached the security of their telephony provider on April 1, 2024, stealing some customers’ VoIP and SMS logs used for multi-factor authentication (MFA) messages. This cyberattack targeted an unnamed provider that handles Cisco Duo’s SMS and VOIP MFA message services. Cisco Duo, a major multi-factor authentication and Single Sign-On […]
Apple has issued a warning to iPhone users across 92 countries about a mercenary spyware attack targeting their devices remotely. The company expresses high confidence in the warning and urges users to take immediate action. According to a notification shared, the spyware attempts to compromise iPhones linked to specific Apple IDs. The notification also refers […]
