Cyble researchers highlight a trojanized Visual Studio installer that bundles a cookie-stealing malware, enabling attackers to harvest browser cookies and other data. The stolen information is compressed and exfiltrated via Telegram, while the attacker attemptā¦
Category: Threat Research
FortiGuard Labs reviews the Cl0p ransomware groupās activities, noting a shift from encrypting victim data to data exfiltration and extortion, often tied to high-profile vulnerabilities like MOVEit Transfer (CVE-2023-34362). The report also highlights the grouā¦
An analysis of Tomcat honeypot attacks shows Mirai-driven campaigns dominated the activity, driven by misconfigurations and brute-force access to the Tomcat manager leading to web shells and remote code execution. Attackers deploy WAR files containing a cmd.jsā¦
Microsoft details cloud cryptojacking as cloud compute resource abuse within compromised tenants, leading to substantial compute fees (over $300,000 observed). The post outlines attacker lifecycle, GPU-focused deployment, and defender strategies using Microsofā¦
Two-sentence summary: This analysis provides a best-effort breakdown of the Casbaneiro infection chain as described in Part II by Sygnia, outlining the multi-stage progression from initial access to payload execution and persistence. It underscores how chainedā¦
Researchers detail a novel attack that exploits Windows “search-ms” and “search” URI protocols via JavaScript on compromised pages and HTML attachments to perform remote searches and load malicious payloads. The campaign uses phishing emails, deceptive shortcuā¦
In July 2023, Mandiant Consulting responded to a supply chain compromise affecting a US-based software solutions entity. We believe the compromise ultimately began as a result of a sophisticated spear phishing campaign aimed at JumpCloud, a zero-trust directory platform service used for identity and access management. JumpCloud reported this unauthorized access…
In 2022, Kaspersky ICS CERT investigated a series of attacks against industrial organizations in Eastern Europe aiming to establish a persistent data-exfiltration channel, including from air-gapped systems. Attribution points to APT31 (Judgment Panda / Zirconiā¦
Lazarus, a threat group believed to be nationally funded, is targeting Windows IIS web servers and repurposing them as malware distribution points via watering hole attacks and INISAFE CrossWeb EX vulnerabilities. The group uses w3wp.exe to run malware, escalaā¦
Mallox is a ransomware operation targeting Windows systems, leveraging unsecured MS-SQL servers as an entry point and using brute-force techniques to gain access. It employs a double-extortion model, steals data before encryption, and is expanding via affiliatā¦
GitHub identified a low-volume social engineering campaign that targets the personal accounts of employees at technology firms, using fake persona accounts on GitHub and other platforms to lure victims into collaborating on a repository. The malicious npm depeā¦
The article explains how AWS and Checkmarx collaborate to help financial services firms secure cloud-native applications and speed secure development, while emphasizing OSS supply chain risk management. It highlights three trendsācustomer experience, ecosystemā¦
Authored by Yukihiro OkutomiĀ McAfee’s Mobile team observed a smishing campaign against Japanese Android users posing as a power and…
The post Android SpyNote attacks electric and water public utility users in Japan appeared first on McAfee Blog….
Lookout attributes two modular Android surveillanceware families, WyrmSpy and DragonEgg, to Chinese APT41 based on shared signing certificates and overlapping C2 infrastructure linking to Chengdu 404. Both implants request broad device permissions, download seā¦
JPCERT/CC details a DangerousPasswordālinked campaign that targets developers in cryptocurrency exchanges across Windows, macOS, and Linux using Python and Node.js-based malware. The lifecycle includes multi-stage downloads, C2 beacons, and DLL sideloading, wiā¦