Security researchers have uncovered a sophisticated phishing campaign targeting Microsoft OneDrive users. The campaign employs advanced social engineering tactics to trick users into executing a PowerShell script, compromising their systems. The attack, discovered by the Trellix Advanced Research Center, begins with an email containing an HTML file urging users to resolve a DNS issue to
Month: July 2024
Generative AI (GenAI) is making waves across the world. Its popularity and widespread use has also attracted the attention of cybercriminals, leading to various cyberthreats. Yet much discussion around threats associated with tools like ChatGPT has focused on how the technology can be misused to help fraudsters create convincing phishing messages, produce malicious code or
Jul 30, 2024Ravie LakshmananMobile Security / Spyware A new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for download from the Google Play Store and remained undetected for two years. The applications attracted a total of more than 32,000 installations before being pulled from the app
Security researchers have shed light on a new iteration of Mandrake, a sophisticated Android cyber-espionage malware tool. Initially analyzed by Bitdefender in May 2020, Mandrake had operated undetected for at least four years. In April 2024, Kaspersky researchers discovered suspicious samples that were confirmed to be a new version of Mandrake. This latest variant was
Jul 29, 2024Ravie LakshmananEnterprise Security / Data Protection Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild. The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default passwords. The
Organizations are concerned about security threats stemming from developers using AI, according to a new Checkmarx report. The cloud-native application security provider found that 15% of organizations explicitly prohibit the use of AI tools for code generation, however 99% say that AI code-generating tools are being used regardless. Meanwhile, just 29% of organizations have established
Jul 27, 2024NewsroomCybersecurity / Cloud Security Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the goal of stealing users’ Google Cloud credentials from a narrow pool of victims. The package, named “lr-utils-lib,” attracted a total of 59 downloads before it was taken down.
A hacktivist group has claimed to have leaked CrowdStrike’s entire internal threat actor list, including indicators of compromise (IoC). CrowdStrike acknowledged the claims by the USDoD threat actor in a blog post on July 25, 2024. The firm noted that USDoD provided a link to download the alleged threat actor list and provided a sample
Video Attackers abusing the “EvilVideo” vulnerability could share malicious Android payloads via Telegram channels, groups, and chats, all while making them appear as legitimate multimedia files 26 Jul 2024 This week, ESET researchers documented their discovery of a zero-day exploit that appeared for sale on underground forums and targets the Telegram app for Android. The
Jul 27, 2024NewsroomMalware / Cyber Intelligence French judicial authorities, in collaboration with Europol, have launched a so-called “disinfection operation” to rid compromised hosts of a known malware called PlugX. The Paris Prosecutor’s Office, Parquet de Paris, said the initiative was launched on July 18 and that it’s expected to continue for “several months.” It further
Pathology services provider Synnovis has rebuilt “substantial parts” of its systems since the ransomware attack on June 3, 2024, restoring critical blood supplies to NHS hospitals. Despite this, the NHS issued an alert over blood supply shortages on July 25. However, in an update on July 25, Synnovis revealed it has made significant progress in
A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a “sophisticated AI-powered phishing-as-a-service platform” capable of targeting users of more
Ransomware and business email compromise (BEC) attacks accounted for 60% of all incidents in the second quarter of 2024, according to a Cisco Talos report. Technology was the most targeted sector in this period, making up 24% of incidents – a 30% rise on the previous quarter. The researchers said that attackers may view technology
In the past few months, the Telegram clicker game Hamster Kombat has taken the world of cryptocurrency game enthusiasts by storm. Even though the gameplay, which mostly entails repeatedly tapping the screen of one’s mobile device, might be rather simple, players are after something more: the possibility of earning big once Hamster Kombat’s creators unveil
Jul 25, 2024NewsroomMalware / Cyber Espionage A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the activity cluster under a new moniker APT45, which overlaps
Read more coverage on the CrowdStrike IT outage: CrowdStrike has published a preliminary Post Incident Review (PIR) into the global IT outage on July 19, which was caused by a bug in a content update for its Falcon platform. The cybersecurity vendor revealed the incident was caused by a Rapid Response Content update containing an
Digital Security Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances Tony Anscombe 23 Jul 2024 • , 3 min. read As the dust settles on the cyber-incident caused by CrowdStrike releasing a corrupted update, many businesses will, or should, conduct a
Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products
Prolific Chinese espionage group Daggerfly (aka Evasive Panda, Bronze Highland) has extensively updated its malware toolkit, increasing its abilities to target most major operating systems (OS), according to an analysis by Symantec. The latest developments suggest the group is using a shared framework to enable it to effectively target Windows, Linux, macOS and Android OS.
ESET Research ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos Lukas Stefanko 22 Jul 2024 • , 6 min. read ESET researchers discovered a zero-day exploit that targets Telegram for Android, which appeared for sale for an unspecified price in an underground forum post from June
Jul 23, 2024NewsroomCyber Espionage / Chinese Hackers Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group “also engages in internal espionage,” Symantec’s Threat Hunter Team, part
The Play ransomware group has introduced a Linux variant of its malware that specifically targets VMWare ESXi environments, according to recent findings from Trend Micro. First detected in June 2022, the Play ransomware has gained notoriety for its sophisticated double-extortion tactics, custom-built tools and significant impact on organizations, especially in Latin America. Expansion to ESXi
Digital Security If a software update process fails, it can lead to catastrophic consequences, as seen today with widespread blue screens of death blamed on a bad update by CrowdStrike Tony Anscombe 19 Jul 2024 • , 2 min. read Cybersecurity is often about speed; a threat actor creates a malicious attack technique or code,
The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced “technology suite” that runs the whole cybercrime supply chain spectrum to spearhead its operations. Infoblox
Researchers have uncovered a new form of malware called HotPage.exe. Initially detected at the end of 2023, this malware masquerades as an installer that ostensibly improves web browsing by blocking ads and malicious websites. However, it actually injects code into remote processes and intercepts browser traffic. As described in an advisory published by ESET earlier
Video A purported ad blocker marketed as a security solution hides kernel-level malware that inadvertently exposes victims to even more dangerous threats 21 Jul 2024 This week, ESET researchers have released their findings about HotPage, a browser injector that leverages a driver developed by a Chinese company and signed by Microsoft. The malware masquerades as
Jul 20, 2024NewsroomCybercrime / Data Breach Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious Scattered Spider cybercrime syndicate. The arrest was made “in connection with a global cyber online crime group which has been targeting large organizations with ransomware and
A suspected technical issue at cybersecurity vendor CrowdStrike is causing mass IT outages across the world, disrupting critical sectors such as airlines, banks, media and retailing. The issue appears to concern an update to CrowdStrike’s security platform Falcon Sensor, which is impacting Microsoft Windows operating systems. Reports suggest the affected systems are struggling to boot
Digital Security The widespread IT outages triggered by a faulty CrowdStrike update have put software updates in the spotlight. Here’s why you shouldn’t dread them. 19 Jul 2024 • , 3 min. read In the realm of computing, few things are as unsettling as encountering a blue screen of death (BSOD) on your Windows system.
Jul 20, 2024NewsroomMalware / IT Outage Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a