Summary: The UK’s National Cyber Security Centre (NCSC) has issued a warning about Iranian cyber threats, specifically a spear phishing campaign attributed to Iran’s Islamic Revolutionary Guard Corps (IRGC). This …
Tag: SPOOFING
Summary: Multiple critical vulnerabilities have been identified in the Common Unix Printing System (CUPS), allowing remote unauthenticated attackers to execute arbitrary commands on affected systems. Security researcher Simone Margaritelli detailed …
Threat analysts are monitoring a Russian-linked threat actor deploying domains for crypto scams targeting the US Presidential Election and major US tech brands. The scams promise fake cryptocurrency …
Short Summary:
The article discusses the security risks associated with internationalized domain names (IDNs), particularly in the context of the Nitrogen malware campaign, where attackers used Punycode to create deceptive …
Summary: Microsoft has updated its security advisory to classify CVE-2024-37985 as a zero-day vulnerability, which poses a medium-level threat to Windows systems by allowing unauthorized access to sensitive heap memory. …
CISA has added critical vulnerabilities affecting Microsoft Windows MSHTML Platform (CVE-2024-43461) and Progress WhatsUp Gold (CVE-2024-6670) to its Known Exploited Vulnerabilities catalog. Users are urged to update affected …
CISA has added critical vulnerabilities affecting Microsoft Windows MSHTML Platform (CVE-2024-43461) and Progress WhatsUp Gold (CVE-2024-6670) to its Known Exploited Vulnerabilities catalog. Users are urged to update affected …
Summary: The Windows MSHTML spoofing vulnerability, tracked as CVE-2024-43461, was exploited by the Void Banshee APT group to install information-stealing malware before being patched. This vulnerability allowed attackers to disguise …
This article discusses a code injection vulnerability (CVE-2024-5932) in the GiveWP WordPress plugin, highlighting a malicious Proof of Concept (POC) that targets cybersecurity professionals. The POC can lead …
Summary: Microsoft has issued patches for 79 vulnerabilities, with four being actively exploited, including two critical zero-day bugs that allow attackers to bypass security protections in Windows. Organizations are urged …
Short Summary:
Sekoia.io conducted a proactive hunt for typosquatted domains related to the Paris 2024 Olympics, identifying over 650 suspicious domains. The analysis revealed a significant number of domains aimed …
Short Summary:
The cyber threat landscape in Mexico is characterized by a mix of global and local threats, including cyber espionage from state-sponsored actors and increasing incidents of ransomware and …
Short Summary:
The 2024 ThreatLabz Phishing Report by Zscaler ThreatLabz highlights the growing prevalence of typosquatting and brand impersonation in phishing campaigns. An analysis of over 30,000 lookalike domains revealed …
In June 2024, Zscaler ThreatLabz reported on BlindEagle, an APT actor targeting the Colombian insurance sector through phishing emails. The actor utilizes the BlotchyQuasar RAT to gain access …
Short Summary:
The analysis of the Latrodectus malware infrastructure revealed a command-and-control (C2) server and a malicious DLL file named MeDExt.dll, which functions as a downloader and backdoor. The research …
The Unit 42 Managed Threat Hunting team has identified a variant of WikiLoader, known as WailingCrab, which is being delivered through SEO poisoning and spoofing of GlobalProtect VPN …
Short Summary:
The Threat Intelligence Report highlights the increased risk of cybercriminal activities targeting political donations as the US election approaches. It discusses the resurgence of tactics like creating fake …
Summary: Cybercriminals are increasingly targeting individuals with highway toll text scams, sending fraudulent SMS messages that demand payment for non-existent charges. These scams exploit the urgency associated with electronic toll …
Short Summary:
The Patchwork group, also known as White Elephant, has been active for over a decade, primarily engaging in cyber espionage against various sectors in Asia. Their latest variant …
Short Summary:
The article discusses the discovery of a typosquatting domain that closely resembled Cado Security’s legitimate domain. This malicious domain was identified during a routine check, highlighting the importance …
Short Summary:
This publication outlines best practices for event logging to enhance cyber security and resilience against threats. Developed by the Australian Cyber Security Centre (ACSC) in collaboration with international …
Short Summary:
Proofpoint has identified the Iranian threat actor TA453 targeting a prominent religious figure through a fake podcast invitation. The attack involved a multi-stage process to deliver a new …
Summary: The Russian propaganda network Doppelgänger is facing operational challenges due to increased scrutiny and enforcement from European authorities and social media platforms. Recent investigations revealed its extensive disinformation activities …
Summary: Orion SA, a Luxembourg-based chemicals and manufacturing company, reported a potential loss of $60 million due to a criminal wire fraud scheme, likely a business email compromise (BEC). The …
Summary: Microsoft has disclosed an unpatched zero-day vulnerability in Office (CVE-2024-38200) that could lead to unauthorized disclosure of sensitive information. The flaw affects multiple versions of Microsoft Office and requires …
Summary: Researchers have uncovered a method to bypass the ‘First Contact Safety Tip’ anti-phishing feature in Microsoft 365, increasing the risk of users falling victim to malicious emails. Despite reporting …
Short Summary:
Recently, an employee received a phishing email attempting to steal AWS login credentials. The email contained a link that redirected to a credential harvesting page mimicking the legitimate …
Threat Actor: Unknown | unknown Victim: Windows Users | windows users Price: $10,000 Exfiltrated Data Type: Exploit Code
Key Points :
Exploit Features: Load Any Icon: Customize icons to enhance…Summary: Recent vulnerabilities in hosted outbound SMTP servers allow authenticated users to spoof sender information, undermining email security protocols like SPF, DKIM, and DMARC. This exploitation poses significant risks of …
Summary: Guardio Labs has identified a critical exploit in Proofpoint’s email protection service, allowing threat actors to send millions of spoofed phishing emails that appear to come from reputable brands. …
Summary: A malicious campaign launched on June 21, 2024, involved the distribution of a JavaScript file that executed an MSI installer, leading to the installation of the Brute Ratel Badger …
“`html
Short SummaryThe article discusses a significant phishing campaign named “EchoSpoofing,” which exploits Proofpoint’s email protection service to send millions of perfectly spoofed emails from well-known brands like Disney, …
“`html Short Summary:
Guardio Labs has identified a significant exploit known as “EchoSpoofing” affecting Proofpoint’s email protection service. This vulnerability allowed threat actors to send millions of spoofed phishing emails, …
Impacted Users: iPhone users in IndiaImpact: Possible financial loss; stolen information can be used for future attacksSeverity Level: Medium
The FortiGuard Labs Threat Research team recently observed a number of …
Written by: Emily Astranova, Pascal Issa
Executive Summary AI-powered voice cloning can now mimic human speech with uncanny precision, creating for more realistic phishing schemes. According to news reports, scammers…
On July 19th, 2024, Windows 7 and above systems running CrowdStrike’s Falcon sensor were served a faulty channel file that caused kernel instability and would result in a …
Summary: Microsoft is launching inbound SMTP DANE with DNSSEC for Exchange Online in public preview to enhance email security and integrity. This new capability aims to protect against various attacks, …
This is Part 1 of our two-part technical deep dive into APT41’s new tooling, which includes DodgeBox and MoonWalk. For details about MoonWalk, go to Part 2.
In April …
This is Part 2 of our two-part technical deep dive into APT41’s new tooling, DodgeBox and MoonWalk. For details of DodgeBox, go to Part 1.
In Part 2 of this …
Summary: Chinese government-backed cyber espionage group APT41 has added a loader called DodgeBox and a backdoor named MoonWalk to its malware arsenal, according to research by Zscaler’s ThreatLabz team.
Threat …
Summary: This article discusses the resurgence of the Russia-based cybercrime group Fin7, which was previously declared dead by U.S. authorities, and their collaboration with Stark Industries Solutions in launching cyberattacks …
In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the …
Summary: This content highlights the latest vulnerabilities and their severity in various Microsoft products, including .NET and Visual Studio, Active Directory Rights Management Services, Azure CycleCloud, and Azure DevOps.
Threat …
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities catalog.
Threat Actor: N/A Victim: N/A
Key Point :
CISA has…Threat Actor: Unknown | Unknown Victim: Vanguard | Vanguard Price: $200 (lifetime access) Exfiltrated Data Type: Not specified
Key Points :
A threat actor is selling a Vanguard bypass on…Summary: A security researcher discovered a bug that allows anyone to impersonate Microsoft corporate email accounts, potentially enabling phishing attacks.
Threat Actor: N/A
Victim: Microsoft
Key Point:
A bug was…Summary: A Nigerian national has been convicted of participating in a $1.5 million business email compromise (BEC) scam, using social engineering and malicious software to deceive businesses into sending money …
Summary: Cybersecurity researchers have identified a Chinese threat actor, known as SecShow, that has been conducting Domain Name System (DNS) probing on a global scale since June 2023.
Threat Actor: …
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three known exploited vulnerabilities to its catalog, including an Android Pixel Privilege Escalation Vulnerability, a Microsoft Windows Error Reporting …
Summary: This content discusses the STR RAT, a remote access trojan (RAT) written in Java, its capabilities, and its history of updates.
Threat Actor: STR RAT | STR RAT Victim: …