CSO
US AI experts targeted in cyberespionage campaign using SugarGh0st RAT
Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
DarkReading
US AI Experts Targeted in SugarGh0st RAT Campaign
Researchers believe the attacker is likely China-affiliated, since a previous version of the malware was used by a China nation-state attack group.
Infosecurity News
SugarGh0st RAT Variant Used in Targeted AI Industry Attacks
Proofpoint said the attackers modified registry key names for persistence
The Hacker News
Ongoing Campaign Bombarded Enterprises with Spam Emails and Phone Calls
A new social engineering campaign is targeting enterprises with spam emails to gain initial access. The threat actor overwhelms users' email and calls
SC Magazine
LockBit ransomware spread in millions of emails via Phorpiex botnet
Emails from “Jenny Green” delivered LockBit Black through attached ZIP files.
Bleeping Computer
Botnet sent millions of emails in LockBit Black ransomware campaign
Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign.
The Cyber Express
The Top 10 Cybersecurity Unicorns in The World
The ever-evolving digital landscape presents a constant challenge for businesses and individuals alike: staying secure in the face of increasingly
Infosecurity News
#RSAC: Experts Highlight Novel Cyber Threats and Tactics
Well-funded cybercriminals are adopting more sophisticated techniques, creating a need for defenders to stay informed about the evolving threat landscape
SecurityWeek
RSA Conference 2024 – Announcements Summary (Day 1)
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
The Hacker News
NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources
U.S. government warns of North Korean hackers sending spoofed emails to gather intelligence.
CSO
Iranian hackers harvest credentials through advanced social engineering campaigns
Mandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials.
Bleeping Computer
New Latrodectus malware attacks use Microsoft, Cloudflare themes
Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious.
.webp)
Cyber Security News
TransparentTribe Hackers Weaponize Websites & Documents to Attack Indian Orgs
The hacker group known as TransparentTribe, also referred to as APT-36, has intensified its cyber espionage activities.
The Hacker News
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage
North Korea's state-linked hackers are enhancing their operations with advanced artificial intelligence tools.
Infosecurity News
North Korean Group Kimsuky Exploits DMARC and Web Beacons
Proofpoint confirmed Kimsuky has directly contacted foreign policy experts since 2023 through seemingly benign email conversations
The Hacker News
Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign
MuddyWater, linked to Iran's MOIS, strikes again with DarkBeatC2. Our latest blog unpacks the latest tactics in cyber warfare.
Security Affairs
TA547 targets German organizations with Rhadamanthys malware
TA547 group is targeting dozens of German organizations with an information stealer called Rhadamanthys, Proofpoint warns.
SC Magazine
AI-generated code potentially used in new Rhadamanthys campaign
A PowerShell script used to deploy the infostealer contains unusually specific comments, researchers say.
CyberNews
Paris 2024 partners lax about email fraud – experts
Two-thirds of the official Paris Olympic Games partners do not have sufficient measures to protect the public from email fraud, cybersecurity experts have warned.
The Hacker News
TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer
TA547 hacker group adopts new tactics, possibly harnessing the power of generative AI, to deploy the Rhadamanthys info stealer in attacks on German or
CyberNews
Cybergang attack Germany using AI-generated code
Cybercriminals impersonating legitimate German companies are attacking organizations in the country.
DarkReading
TA547 Uses an LLM-Generated Dropper to Infect German Orgs
It's finally happening: Rather than just for productivity and research, threat actors are using LLMs to write malware. But companies need not worry just yet.
Infosecurity News
Rhadamanthys Malware Deployed By TA547 Against German Targets
Proofpoint said this is the first time the threat actor has been seen using LLM-generated PowerShell scripts
Bleeping Computer
Malicious PowerShell script pushing malware looks AI-written
A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot.
Infosecurity News
New Malware “Latrodectus” Linked to IcedID
The malware, discovered by Proofpoint and Team Cymru, was mainly utilized by initial access brokers
The Hacker News
Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox
'Latrodectus' strikes via phishing emails. This powerful downloader can execute commands, evade detection, and pave the way for further attacks.
DarkReading
Latrodectus Downloader Picks Up Where QBot Left Off
Initial access brokers are using the new downloader malware, which emerged just after QBot's 2023 disruption.
Bleeping Computer
New Latrodectus malware replaces IcedID in network breaches
A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023.
HACKRead
New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators
Latrodectus is a downloader malware used by cybercriminals to gain initial access to victim systems and deploy further malicious payloads.
.webp)
Cyber Security News
Hackers Hijacking YouTube Channels to Steal Your Data
Cybercriminals are increasingly exploiting YouTube, a platform beloved by millions, to orchestrate sophisticated malware attacks.
SC Magazine
‘Latrodectus’ uses sandbox evasion techniques to launch malicious payloads
Proofpoint researchers say new malware aligns with trend by cybercriminals to find more creative ways to bypass defenders.
Infosecurity News
YouTube Video Game ‘Hacks’ Contain Malware Links
Proofpoint has spotted a new infostealer campaign using malicious links in YouTube video descriptions
The Hacker News
Mispadu Trojan Targets Europe, Thousands of Credentials Compromised
Banking trojan Mispadu expands from Latin America, now targets users in Italy, Poland & Sweden. Finance, automotive, legal & commercial entities at ri
CyberNews
YouTube being used to distribute malware
Information stealer malware is being delivered via YouTube in the guise of pirated software and video game cracks, cybersecurity firm Proofpoint warns.
The Record
YouTube channels found using pirated video games as bait for malware campaign
Researches at Proofpoint have been tracking a campaign in which hackers put links in YouTube video descriptions that appear to take victims to other sites that deliver information-stealing malware such as Vidar, StealC and Lumma Stealer.
The DFIR Report
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report
Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, … Read More
DarkReading
Cloud Email Filtering Bypass Attack Works 80% of the Time
A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them.
DarkReading
Corporations With Cyber Governance Create 4X More Value
Those with special committees that include a cyber expert rather than relying on the full board more likely to improve security and financial performance.
Krebs on Security
Thread Hijacking: Phishes That Prey on Your Curiosity
Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient's natural curiosity about being copied…
Cyber Security News
TA450 Hackers Uses Embedded Links in PDF Attachments to Attack Windows
TA450, also recognized by aliases such as MuddyWater, Mango Sandstorm, and Static Kitten, has been reported to employ a new strategy in its phishing campaigns.
Security Affairs
Iran-Linked APT TA450 embeds malicious links in PDF attachments
In recent campaigns, Iran-linked APT group MuddyWater used a legitimate Remote Monitoring and Management (RMM) solution called Atera.
The Hacker News
Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks
Iran-linked hackers, MuddyWater, launch new phishing attacks against Israeli organizations.
Ars Technica
Never-before-seen Linux malware gets installed using 1-day exploits
Discovery means that NerbianRAT is cross-platform used by for-profit threat group.
HACKRead
Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware
Magnet Goblin targets businesses using outdated software. Patch immediately and implement strong security measures to protect against attacks.
Cyber Security News
Magnet Goblin Hackers Exploiting 1-day Vulnerabilities To Attack Linux Servers
Linux servers are often targeted by threat actors due to their widespread use in critical infrastructure, web hosting, and cloud environments
The Hacker News
Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT
Magnet Goblin, a threat group known for fast exploitation of 1-day vulnerabilities, targets edge devices & public servers to deploy malware.
%20(1).webp)
Cyber Security News
TA4903 Hackers Spoofing U.S. Government Entities To Steal Corporate Credentials
Financially motivated threat who impersonates both US government institutions & private businesses across a wide range of industries.
Infosecurity News
TA4903 Phishing Campaigns Evolve, Targets US Government
Proofpoint said TA4903 adopted new tactics, including lure themes referencing confidential docs and ACH payments
Bleeping Computer
Hackers steal Windows NTLM authentication hashes in phishing attacks
The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks.
DarkReading
Middle East Leads in Deployment of DMARC Email Security
Yet challenges remain as many nation's policies for the email authentication protocol remain lax and could run afoul of Google's and Yahoo's restrictions.
Infosecurity News
TA577 Exploits NTLM Authentication Vulnerability
Proofpoint warned the method could be used for data gathering and further malicious activities
Infosecurity News
69% of Organizations Infected by Ransomware in 2023
Proofpoint found that 69% of organizations experienced a successful ransomware incident in the past year, with 60% hit on four or more occasions
The DFIR Report
SEO Poisoning to Domain Control: The Gootloader Saga Continues - The DFIR Report
Key Takeaways More information about Gootloader can be found in the following reports: The DFIR Report, GootloaderSites, Mandiant, Red Canary, & Kroll. An audio version of this report can be … Read More
CyberSecurity Dive
Cloud intrusions spiked 75% in 2023, CrowdStrike says
Threat actors are targeting organizations’ inconsistent cloud security systems to intrude networks and maintain persistence.
DarkReading
BumbleBee Malware Buzzes Back on the Scene After 4-Month Hiatus
Cyberattacks targeting thousands of US organizations wields a new attack vector to deliver the versatile initial-access loader — and is a harbinger of a surge in threat activity.
Cyber Security News
CharmingCypress Use Poisoned VPN Apps to Install Backdoor
CharmingCypress frequently uses novel social-engineering techniques in its phishing efforts, like emailing people & long-lasting discussions
The Hacker News
Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses
Bumblebee, QakBot, Zloader, & PikaBot are back, sneakier than ever. Don't trust those shady emails or downloads.
PCMag
Hackers Target Azure Accounts With Malware-Laden Shared Documents
Threat actors are directing their attacks against senior-level executives and employees across multiple organizations, says cybersecurity firm Proofpoint.
Bleeping Computer
Bumblebee malware attacks are back after 4-month break
The Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns.
The Hacker News
PikaBot Resurfaces with Streamlined Code and Deceptive Tactics
PikaBot malware undergoes a dramatic transformation, simplifying its code and communication methods
Infosecurity News
Notorious Bumblebee Malware Re-emerges with New Attack Methods
Proofpoint researchers observed a new Bumblebee social engineering campaign in February following a four-month absence
CyberNews
Bumblebee malware: on a buzz and back stinging
An unidentified cybercriminal gang codenamed Bumblebee has returned to the malware scene with a campaign that targeted thousands of potential victims.
CyberSecurity Dive
Microsoft Azure customers hit by phishing, account takeover attacks
More than 200 organizations have been targeted via employee compromise, Proofpoint said.
SC Magazine
Azure account takeover campaign targets senior execs
The ongoing campaign incorporates individualized phishing lures and has targeted hundreds of user accounts across dozens of organizations.
Ars Technica
Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA
The wide range of employee roles targeted indicates attacker's multifaceted approach.
Bleeping Computer
Ongoing Microsoft Azure account hijacking campaign targets executives
A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives.
SecurityWeek
Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel
An active cloud account takeover campaign has impacted dozens of Azure environments and compromised hundreds of user accounts.
Infosecurity News
Malicious Campaign Impacts Hundreds of Microsoft Azure Accounts
Proofpoint has observed an ongoing campaign targeting the Microsoft Azure applications of hundreds of individuals with operational and executive roles
DarkReading
Ongoing Azure Compromises Target Senior Execs, Microsoft 365 Apps
Attackers are breaching cloud environments and playing games with corporate Microsoft 365 apps, and further victims are likely to come.
Security Affairs
26 Cyber Security Stats Every User Should Be Aware Of in 2024
26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technology.
SC Magazine
Should tech layoff wave worry cybersecurity pros?
Cybersecurity workers and infosec firms are well positioned to weather the layoff storm, experts say.
Cyber Security News
Top 10 Security Service Edge (SSE) Solutions for Network Security - 2024
Best Security Service Edge (SSE) Solutions: 1. Perimeter 81 2. wingate 3. Cisco Umbrella 4. Forcepoint 5. Skyhigh Security 6. Netskope.
SecurityWeek
Layoffs Hit Security Vendors Okta, Proofpoint, Netography
Prominent security vendors Okta and Proofpoint announced layoffs affecting almost 1,000 employees in the United States and Israel.
The Hacker News
Brazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top Operatives
Brazilian law enforcement has taken down a major cybercrime ring behind the notorious Grandoreiro banking trojan
The Hacker News
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware
TA866 is back with thousands of invoice-themed, booby-trapped emails targeting users with WasabiSeed and Screenshotter malware.
DarkReading
Threat Actors Team Up for Post-Holiday Phishing Email Surge
Just like you and me, cyberattackers returned from winter break and immediately started sending thousands of emails.
Infosecurity News
TA866 Resurfaces in Targeted OneDrive Campaign
Proofpoint said it thwarted a large-scale campaign on January 11 primarily targeting North America
CyberNews
Cyber spies launch PDF campaign
After a nine-month sabbatical, a cyber espionage group has returned to the scene, targeting organizations across North America with infected PDF documents.
DarkReading
North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught
The post-exploitation backdoor is the latest in a string of custom tools aimed at spying on Apple users.
Cyber Security News
DarkGate Malware Delivered Via Weaponized Fake Browser Updates
Weaponized Fake Browser Updates and Emails Spread DarkGate Malware also known as BattleRoyal, permits the execution of further malware.
The Hacker News
Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware
A new phishing campaign is using Microsoft Word docs as bait to deliver Nim-based malware.
DarkReading
'BattleRoyal' Hackers Deliver DarkGate RAT Using Every Trick
The shadowy threat actor uses some nifty tricks to drop popular malware with targets that meet its specifications.
Infosecurity News
BattleRoyal Cluster Signals DarkGate Surge
Proofpoint said the cluster’s use of multiple attack chains highlights a new trend among cybercriminals
The Cyber Express
Top 25 Cybersecurity CEOs to Watch in 2024
In an era marked by relentless technological evolution and the omnipresence of cyber threats, the role of cybersecurity professionals has
The Hacker News
Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits
Attackers could achieve remote code execution on Outlook without any user interaction. Learn how these zero-click exploits were discovered and patched
Security Affairs
Security Affairs newsletter Round 450 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Hacker News
BazaCall Phishing Scammers Now Leveraging Google Forms for Deception
BazaCall phishing attacks are evolving. Threat actors now use Google Forms to appear more credible.
Cyber Security News
Recruiters Beware! Hackers Deliver Malware Posing as Job Applicant
Recruiters Beware! Threat actors have been targeting recruiters disguised as job applicants to deliver their malware.
SC Magazine
Hiring? New scam campaign means ‘resume’ downloads may contain malware
Cybercriminals posing as job candidates are luring recruiters to install the “more_eggs” backdoor.
HACKRead
Fake Resumes, Real Malware: TA4557 Exploits Recruiters with Backdoor
Job seekers and recruiters should be vigilant for malicious emails and messages on LinkedIn, where TA4557 threat actors feign interest in a job, but their actual intent is to deliver a backdoor.
The Hacker News
Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign
APT28, the Russian nation-state threat actor, is using lures related to the Israel-Hamas war to distribute the HeadLace backdoor.
Infosecurity News
Threat Actor Targets Recruiters With Malware
Recruiters are warned to educate staff about surge in phishing attacks from threat group TA4557
CyberNews
Russian cyber gang mimics job candidates to steal data
Change of tactics involves building rapport with intended victims via convincing emails, says cybersecurity firm Proofpoint.
CSO
New malware is using direct emails to hunt the head-hunters
The new technique has the threat actor email malicious URLs directly to recruiters in response to job postings.
The Record
More evidence of Russian intelligence exploiting old Outlook flaw
Entities in NATO member countries were among the targets spotted by researchers at Palo Alto Networks, in the third report in a week about Russian state-backed hackers exploiting a long-patched Microsoft bug.
The Cyber Wire
Ukraine at D+649: Managing mobilization.
A Russian privacy law seems to have as its principal purpose controlling anything that might resemble independent journalism in advance of the upcoming presidential election theater.
CyberNews
Microsoft targeted 10K times over the summer
Microsoft Outlook targeted more than 10,000 times this summer by a single threat actor believed to be aligned with Russia.
The Hacker News
Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails
New Malware Alert: WailingCrab, a sophisticated loader, is spreading via shipping-themed email messages.
DarkReading
Exploit for Critical Windows Defender Bypass Goes Public
Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.
DarkReading
Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw
Threat actors were actively exploiting CVE-2023-36025 before Microsoft patched it in November.
Loading more articles....