Monthly Archives: October 2024
-
Read moreThe Bumblebee malware loader, believed to be a creation of TrickBot developers, has resurfaced after going silent following a law enforcement disruption in May 2024. New attacks tied to Bumblebee have been observed, signaling a possible resurgence of the malware. It continues to target victims through phishing and malvertising, delivering dangerous payloads like ransomware and information-stealing malware. -
Read moreA recently discovered phishing campaign is exploiting a stored cross-site scripting (XSS) vulnerability in the open-source Roundcube webmail software to steal login credentials. Threat actors are leveraging a now-patched flaw (CVE-2024-37383) via malicious emails, targeting government organizations in Commonwealth of Independent States (CIS) countries. The vulnerability, patched in May 2024, allowed attackers to execute JavaScript within victims' browsers, tricking them into revealing sensitive login information. -
Read moreA new ClickFix campaign is targeting users with fake Google Meet conference errors, luring them to download infostealing malware on both Windows and macOS systems. The campaign impersonates technical issues and prompts victims to run malicious PowerShell code, infecting devices with malware like Stealc, Rhadamanthys, and AMOS Stealer. -
Read moreCybercriminals are increasingly abusing the open-source EDRSilencer tool to tamper with Endpoint Detection and Response (EDR) solutions and conceal their malicious activities. This tool uses the Windows Filtering Platform (WFP) to block security software from communicating, making it harder for organizations to detect and remove malware. -
Read moreIn May 2024, North Korean hacking group ScarCruft (APT37) exploited an Internet Explorer zero-day flaw (CVE-2024-39178) to distribute RokRAT malware through malicious toast pop-up ads. This zero-click malware campaign, dubbed "Code on Toast," compromised an advertising server, targeting systems to exfiltrate sensitive data and perform espionage activities. Despite Internet Explorer’s retirement, its components still pose a significant risk as threat actors continue exploiting these vulnerabilities. -
Read moreNew variants of the TrickMo banking trojan can now capture Android unlock patterns and PINs, allowing attackers to access locked devices. By using a deceptive user interface that mimics the actual unlock screen, TrickMo tricks victims into revealing sensitive information. This malware can also steal one-time passwords (OTPs) and execute unauthorized transactions across various applications, reflecting a 29% increase in mobile attacks, particularly targeting users in India. -
Read moreCybersecurity researchers have uncovered a new malware campaign leveraging the PureCrypter loader to deliver DarkVision RAT, a commodity remote access trojan with a broad range of malicious capabilities. First identified by Zscaler ThreatLabz in July 2024, the campaign employs a multi-stage attack process, exploiting persistence techniques and targeting Windows systems. DarkVision RAT’s versatility, combined with its low cost, has made it a popular tool for cybercriminals. -
Read moreThreat actors are exploiting a now-patched vulnerability in Veeam Backup & Replication (CVE-2024-40711) to deploy Akira and Fog ransomware. Using compromised VPN credentials, attackers create local accounts and spread ransomware, targeting enterprise backup systems. The flaw, rated 9.8 on the CVSS scale, enables remote code execution and was patched in September 2024. -
Read moreA new phishing campaign targeting the insurance and finance sectors uses GitHub, Telegram bots, and ASCII QR codes to deliver malware and evade security measures. The attack leverages GitHub links and trusted repositories to distribute Remcos RAT, with the payload delivered via phishing emails. Additional techniques such as blob URLs and QR code-based phishing add complexity to detection, while Telegram bots facilitate scams on platforms like Booking.com and Airbnb. -
Read moreCasio, the renowned Japanese tech company, has confirmed that a ransomware attack earlier this month compromised personal and confidential data of employees, job candidates, business partners, and some customers. The Underground ransomware group has claimed responsibility for the attack, leaking sensitive documents. Casio is urging affected individuals to remain cautious as they continue to investigate the breach.
Recent Posts
November 20, 2024
November 15, 2024
