Summary:
The article outlines various phishing attempts through email, detailing the types of attachments used and the number of users targeted. The emails primarily involve financial documents and requests, indicating…Tag: SPAM
Summary:
In October 2024, EclecticIQ analysts identified a malvertising campaign utilizing the Latrodectus JavaScript downloader to deliver Brute Ratel C4 malware, likely linked to the financially motivated Russian-speaking group LUNAR…Short Summary:
The Sysdig Threat Research Team uncovered a global operation named EMERALDWHALE, which targeted exposed Git configurations, resulting in the theft of over 15,000 cloud service credentials. The attackers …
Summary: Cybercriminals are exploiting the event management platform Eventbrite to distribute phishing emails that impersonate legitimate companies, leading to a significant increase in such attacks. Researchers report a staggering 900% …
The Strela Stealer phishing campaign, identified by Cyble Research and Intelligence Labs, targets users in Central and Southwestern Europe by posing as invoice notifications. It employs obfuscated JavaScript …
Summary: The BlackBasta ransomware operation has adapted its tactics by utilizing Microsoft Teams for social engineering attacks, impersonating corporate help desks to deceive employees into granting remote access. This evolution …
Short Summary:
In October 2024, ReliaQuest identified a campaign by the ransomware group Black Basta, which has evolved its tactics to include social engineering through Microsoft Teams and QR codes. …
The article discusses an ongoing cyberattack campaign named “HeptaX,” which utilizes malicious LNK files to initiate a sophisticated multi-stage attack. The campaign heavily relies on PowerShell and BAT …
Short Summary:
The article provides a comprehensive analysis of the DarkComet Remote Access Trojan (RAT), detailing its capabilities, methods of infection, and the technical mechanisms it employs to evade detection …
Short Summary:
TA866, also known as Asylum Ambuscade, is a threat actor active since at least 2020, known for conducting intrusion operations using both commodity and custom tools. Their tactics …
Short Summary:
The article provides a comprehensive analysis of the DarkComet Remote Access Trojan (RAT), detailing its functionalities, infection methods, and persistence mechanisms. DarkComet allows attackers to remotely control infected …
Grandoreiro is a Brazilian banking trojan that has been active since at least 2016. It enables threat actors to perform fraudulent banking operations by bypassing security measures of …
Summary: Recent research reveals a sophisticated multi-stage malware attack by a Vietnamese threat actor targeting job seekers and digital marketing professionals, utilizing Quasar RAT for extensive system control. The attack …
Cyble Research and Intelligence Labs (CRIL) has identified a sophisticated multi-stage malware attack targeting job seekers and digital marketing professionals, particularly those involved with Meta Ads. The attack …
IBM X-Force has identified Hive0147 as a prominent threat actor in the Latin American cyber landscape, particularly focusing on phishing and malware distribution. Recently, they have introduced a …
Short Summary:
The Sophos X-Ops team investigated a series of phishing attacks known as “quishing,” which utilize QR codes to trick employees into revealing sensitive information. The attackers sent emails …
Short Summary:
The article discusses the analysis of a packed Snake Keylogger malware sample. It details the reverse engineering process, including unpacking techniques, the use of .NET obfuscation, and the …
Text Classification Video Summary
Summary of the Video on Text ClassificationThe video discusses the process of text classification, explaining how it simplifies and automates the categorization of various types …
Threat Actor: Ransomware Group | Ransomware Group Victim: Casio | Casio Price: Not disclosed Exfiltrated Data Type: Personal and confidential information
Key Points :
Casio experienced a ransomware attack starting…Short Summary:
AWS has expanded its AWSCompromisedKeyQuarantine policies to include new actions aimed at preventing the misuse of compromised access keys. This proactive measure is designed to restrict certain actions …
This article discusses a sophisticated phishing campaign that utilizes HTML smuggling techniques to deliver malicious payloads. The campaign involves multiple stages of obfuscation and deception, including the use …
Summary: Cyble Research and Intelligence Lab (CRIL) has identified a sophisticated cyber campaign that utilizes a suspicious .LNK file and Visual Studio Code (VSCode) to gain persistence and remote access …
Short Summary:
Key Group, also known as keygroup777, is a financially motivated ransomware group that primarily targets Russian users. They utilize various ransomware builders, including Chaos and Annabelle, and communicate …
Cyble Research and Intelligence Labs (CRIL) uncovered a sophisticated attack that utilizes legitimate tools like Visual Studio Code and GitHub. The attack begins with a disguised .LNK file …
Summary: DCRat, a modular remote access Trojan (RAT) offered as malware-as-a-service, has been delivered through innovative techniques such as HTML smuggling, targeting Russian-speaking users. This blog analyzes the methods used …
Short Summary:
DCRat, a modular remote access Trojan (RAT) offered as malware-as-a-service, has been active since 2018. It is delivered through various means, including HTML smuggling, which allows it to …
The Patchwork APT group has launched a sophisticated campaign targeting Chinese entities and Bhutan, utilizing a malicious LNK file to initiate infections. The campaign employs DLL sideloading techniques …
Short Summary:
Attackers are exploiting legitimate web features to send spam, utilizing automated processes and human involvement to manipulate web forms and email servers. Credential stuffing is also a significant …
Summary: A sophisticated cyber campaign targeting individuals associated with the upcoming US-Taiwan Defense Industry Conference has been identified, utilizing social engineering tactics to deliver malware disguised as a legitimate PDF …
Summary: Cybersecurity researchers have identified ongoing phishing campaigns that exploit HTTP header refresh entries to deliver fake email login pages aimed at stealing user credentials. These sophisticated attacks have targeted …
Cyble Research and Intelligence Labs (CRIL) uncovered a sophisticated cyber campaign targeting individuals associated with the upcoming US-Taiwan Defense Industry Conference. The attack utilizes a deceptive ZIP file …
Summary: Researchers from Indiana University Bloomington have uncovered a thriving underground market for malicious large language models (LLMs), dubbed “Mallas,” which are being used for various cybercriminal activities. These models, …
Summary: The report discusses the growing trend of threat actors exploiting legitimate IT tools for malicious operations, termed CAMO (Commercial Applications, Malicious Operations), which allows them to bypass security measures …
Threat Actor: 888 | 888 Victim: Plastix Marketing | Plastix Marketing Price: Not specified Exfiltrated Data Type: Personal and engagement information
Key Points :
The breach occurred in September 2024.…Summary: JFrog’s security research team has identified a new supply chain attack technique called “Revival Hijack,” which allows malicious actors to hijack removed PyPI packages, potentially leading to widespread malware …
The resurgence of notorious banking Trojans Mekotio and BBTok is targeting users in Latin America through sophisticated phishing scams. These scams utilize both business and judicial-related lures to …
Short Summary:
The resurgence of Mekotio and BBTok banking Trojans is targeting users in Latin America through sophisticated phishing scams. These attacks utilize business and judicial-related lures to compromise financial …
Summary: The Federal Trade Commission (FTC) has mandated security camera vendor Verkada to establish a comprehensive information security program following significant security breaches that allowed hackers to access sensitive live …
Short Summary:
Mallox is a sophisticated ransomware family that has been actively attacking organizations globally since 2021. With over 700 samples discovered, it has evolved significantly, particularly in 2023 and …
Threat Actor: Verkada | Verkada Victim: Customers of Verkada | Verkada Price: $2.95 Million Exfiltrated Data Type: Video footage and personal data
Key Points :
Verkada faced allegations from the…This article investigates 19 newly released top-level domains (TLDs) that have been associated with various cyber threats, including phishing campaigns, distribution of unwanted programs, and torrenting websites. The …
Short Summary:
Latrodectus is a downloader malware first identified by Walmart in October 2023, notable for its resemblance to IcedID malware. It is primarily delivered through email spam campaigns by …
Short Summary:
The article discusses a phishing campaign that delivers a new variant of the Snake Keylogger through a malicious Excel document. This keylogger is capable of collecting sensitive information …
Cyble Research and Intelligence Labs (CRIL) has discovered a phishing site that impersonates Zoom to trick users into downloading ScreenConnect software. This software allows attackers to gain unauthorized …
Short Summary:
The article discusses a phishing campaign that delivers a new variant of the Snake Keylogger through a malicious Excel document. This keylogger is capable of stealing sensitive information …
Short Summary:
APT-Q-12, also known as Pseudo Hunter, is a Chinese APT group targeting entities in Northeast Asia. The group utilizes various techniques for information collection and exploitation, including complex …
Summary: In the first half of 2024, Hiya reported nearly 20 billion calls flagged as spam, with significant increases in AI-driven deepfake scams and traditional insurance fraud targeting Americans. The …
Summary: Xeon Sender is a cloud-based tool that enables attackers to execute large-scale SMS spam and phishing campaigns by utilizing legitimate SaaS providers’ APIs. Despite its simplicity and lack of …
Summary: A disinformation campaign is leveraging Google search notifications to mislead Android users into visiting scam websites that promote malware and spam, using the names of well-known public figures. These …
Short Summary:
Xeon Sender is a Python script designed for sending SMS spam through various SaaS providers. First identified in 2022, it has been adapted by multiple threat actors for …