Blogs
-
Read moreThe Lazarus hacking group exploited a Google Chrome zero-day vulnerability (CVE-2024-4947) through a fake decentralized finance (DeFi) game, "DeTankZone," targeting individuals in the cryptocurrency sector. This attack demonstrates Lazarus' evolving tactics, using browser exploits and rebranded games to steal sensitive data and potentially cryptocurrency. -
Read moreA new phishing campaign has been uncovered targeting Russian-speaking users, leveraging the Gophish framework to deliver two remote access trojans (RATs)—DarkCrystal RAT (DCRat) and a newly identified malware, PowerRAT. The campaign exploits phishing emails, malicious documents, and HTML pages to initiate infection chains, resulting in system compromise and data exfiltration. -
Read moreThe Bumblebee malware loader, believed to be a creation of TrickBot developers, has resurfaced after going silent following a law enforcement disruption in May 2024. New attacks tied to Bumblebee have been observed, signaling a possible resurgence of the malware. It continues to target victims through phishing and malvertising, delivering dangerous payloads like ransomware and information-stealing malware. -
Read moreA recently discovered phishing campaign is exploiting a stored cross-site scripting (XSS) vulnerability in the open-source Roundcube webmail software to steal login credentials. Threat actors are leveraging a now-patched flaw (CVE-2024-37383) via malicious emails, targeting government organizations in Commonwealth of Independent States (CIS) countries. The vulnerability, patched in May 2024, allowed attackers to execute JavaScript within victims' browsers, tricking them into revealing sensitive login information. -
Read moreA new ClickFix campaign is targeting users with fake Google Meet conference errors, luring them to download infostealing malware on both Windows and macOS systems. The campaign impersonates technical issues and prompts victims to run malicious PowerShell code, infecting devices with malware like Stealc, Rhadamanthys, and AMOS Stealer. -
Read moreCybercriminals are increasingly abusing the open-source EDRSilencer tool to tamper with Endpoint Detection and Response (EDR) solutions and conceal their malicious activities. This tool uses the Windows Filtering Platform (WFP) to block security software from communicating, making it harder for organizations to detect and remove malware. -
Read moreIn May 2024, North Korean hacking group ScarCruft (APT37) exploited an Internet Explorer zero-day flaw (CVE-2024-39178) to distribute RokRAT malware through malicious toast pop-up ads. This zero-click malware campaign, dubbed "Code on Toast," compromised an advertising server, targeting systems to exfiltrate sensitive data and perform espionage activities. Despite Internet Explorer’s retirement, its components still pose a significant risk as threat actors continue exploiting these vulnerabilities. -
Read moreNew variants of the TrickMo banking trojan can now capture Android unlock patterns and PINs, allowing attackers to access locked devices. By using a deceptive user interface that mimics the actual unlock screen, TrickMo tricks victims into revealing sensitive information. This malware can also steal one-time passwords (OTPs) and execute unauthorized transactions across various applications, reflecting a 29% increase in mobile attacks, particularly targeting users in India. -
Read moreCybersecurity researchers have uncovered a new malware campaign leveraging the PureCrypter loader to deliver DarkVision RAT, a commodity remote access trojan with a broad range of malicious capabilities. First identified by Zscaler ThreatLabz in July 2024, the campaign employs a multi-stage attack process, exploiting persistence techniques and targeting Windows systems. DarkVision RAT’s versatility, combined with its low cost, has made it a popular tool for cybercriminals. -
Read moreThreat actors are exploiting a now-patched vulnerability in Veeam Backup & Replication (CVE-2024-40711) to deploy Akira and Fog ransomware. Using compromised VPN credentials, attackers create local accounts and spread ransomware, targeting enterprise backup systems. The flaw, rated 9.8 on the CVSS scale, enables remote code execution and was patched in September 2024. -
Read moreA new phishing campaign targeting the insurance and finance sectors uses GitHub, Telegram bots, and ASCII QR codes to deliver malware and evade security measures. The attack leverages GitHub links and trusted repositories to distribute Remcos RAT, with the payload delivered via phishing emails. Additional techniques such as blob URLs and QR code-based phishing add complexity to detection, while Telegram bots facilitate scams on platforms like Booking.com and Airbnb. -
Read moreCasio, the renowned Japanese tech company, has confirmed that a ransomware attack earlier this month compromised personal and confidential data of employees, job candidates, business partners, and some customers. The Underground ransomware group has claimed responsibility for the attack, leaking sensitive documents. Casio is urging affected individuals to remain cautious as they continue to investigate the breach. -
Read moreA critical security vulnerability in Firefox and Firefox Extended Support Release (ESR) is actively being exploited in the wild. The flaw, tracked as CVE-2024-9680, has a high severity rating (CVSS 9.8) and allows attackers to execute remote code. Mozilla has issued an urgent advisory urging users to update their browsers immediately to safeguard against potential attacks. -
Read moreFidelity Investments has disclosed a data breach that exposed the personal information of more than 77,000 customers. The breach, which occurred in August, involved unauthorized access to two customer accounts and has raised concerns about the security of personal data. Fidelity is offering affected customers free credit monitoring and identity restoration services. -
Read moreThe Internet Archive, known for its "Wayback Machine," has been hacked, leading to the exposure of a user authentication database with 31 million records. Stolen data includes email addresses, Bcrypt-hashed passwords, and internal user information, putting millions at risk of further cyber threats. -
Read moreGoldenJackal, a little-known but highly capable threat actor, has been carrying out targeted cyberattacks against embassies and government organizations. With a focus on infiltrating air-gapped systems, GoldenJackal uses advanced malware toolsets like JackalWorm and GoldenDealer to steal confidential information from high-profile machines that aren't connected to the internet. -
Read moreMoneyGram has revealed that hackers accessed their network in a September 2024 cyberattack, stealing sensitive customer information, including personal and transaction data. The breach led to a five-day service outage and exposed crucial details such as social security numbers, government IDs, and bank account information. The attack was reportedly initiated through a social engineering attempt on MoneyGram's IT help desk. -
Read moreLEGO's official website was hacked briefly to promote a fraudulent cryptocurrency token, urging visitors to buy a "LEGO Coin" in exchange for Ethereum. While the breach lasted just over an hour, no user accounts were compromised, but the incident highlights the growing risks of online scams targeting high-profile platforms. -
Read moreComcast and Truist Bank customers are the latest to be affected by a massive data breach at Financial Business and Consumer Solutions (FBCS). The breach, initially reported in early 2024, compromised the personal details of millions of individuals, including Social Security numbers and account information, raising concerns about identity theft and data misuse. -
Read moreA sophisticated cyberattack has crippled Uttarakhand's IT infrastructure, rendering over 90 government websites, including the CM helpline, non-functional. This unprecedented breach has halted essential online services and internal operations across the state, with cybersecurity experts working tirelessly to restore the systems.
Recent Posts
