deliver
-
Saint Kitts and Nevis has engaged Travizory Border Security for the implementation of a modern, secure, and efficient biometric border management system, becoming the first country in the Caribbean to do so. According to an announcement from the company, the Electronic Travel Authorization (eTA) system will be launched in the Spring, in a move that…
-
A North Korea-aligned cybercriminal campaign dubbed DeceptiveDevelopment has been targeting freelance software developers through fake job interviews since early 2024. Posing as recruiters on platforms like LinkedIn, Upwork, and cryptocurrency-focused job boards, attackers lure victims with promising job opportunities or lucrative freelance projects. The ultimate goal is to trick developers into executing trojanized codebases that…
-
Authored By Sakshi Jaiswal McAfee Labs recently observed a surge in phishing campaigns that use fake viral video links to trick users into downloading malware. The attack relies on social engineering, redirecting victims through multiple malicious websites before delivering the payload. Users are enticed with promises of exclusive content, ultimately leading them to fraudulent pages and deceptive…
-
A newly discovered technique allows threat actors to circumvent Microsoft Outlook’s spam filters to deliver malicious ISO files, exposing organizations to sophisticated phishing campaigns. The bypass leverages hyperlink obfuscation to disguise malicious links as benign URLs, enabling attackers to distribute malware-laden disk image files directly to victims’ inboxes. As per a report by Afine, Security…
-
Security researchers have uncovered a significant evolution in the ShadowPad malware family, which is now being used to deploy ransomware in highly targeted attacks. ShadowPad, modular malware linked to Chinese threat actors, has historically been associated with cyber espionage. However, recent incidents reveal its expanded capabilities, marking an alarming shift toward ransomware deployment. Incident Analysis…
-
A new wave of cyberattacks orchestrated by the North Korea-linked Lazarus Group has been identified, leveraging fake LinkedIn job offers to infiltrate organizations and deliver sophisticated malware. Reports from cybersecurity firms, including Bitdefender, reveal that this campaign targets professionals across industries by exploiting their trust in LinkedIn as a professional networking platform. The operation begins…
-
SmartApeSG, a FakeUpdate cyber threat, has emerged as a significant vector for delivering NetSupport RAT, a maliciously exploited remote administration tool. The campaign ensnares victims by tricking them into downloading fake browser updates, ultimately enabling attackers to gain unauthorized access to infected systems. A Web of Connections Recent investigations examined SmartApeSG’s command-and-control (C2) infrastructure, revealing…
-
A new cyberattack campaign, dubbed the “Fake DeepSeek Campaign,” has been discovered targeting macOS users. DeepSeek, a Chinese-developed AI chatbot, has rapidly gained popularity globally. Threat Actors started exploiting its popularity to deliver malware & infect users’ computers. This campaign is designed to distribute the Poseidon Stealer, a sophisticated piece of malware to exfiltrate sensitive data…
-
A financially motivated threat actor has been linked to a sophisticated cyber campaign that has been targeting users in Poland and Germany since July 2024. The effort uses phishing emails to spread a range of malware payloads, including Agent Tesla, Snake Keylogger, and an undocumented backdoor called TorNet. This backdoor leverages Windows Scheduled Tasks for…
-
A recent phishing campaign has targeted customers of SBI Bank through a deceptive message circulating in WhatsApp groups. The message falsely claims that the recipient’s SBI reward points, amounting to Rs 9,980, will expire unless they download a purported “SBI BANK REWARD App.” This app is represented as an Android APK file, prompting users to…
-
Botnets are the networks of compromised devices that have evolved significantly since the internet’s inception. Threat actors exploit vulnerabilities to control these devices remotely by leveraging them for malicious activities. These activities range from spamming to launching devastating distributed denial-of-service (DDoS) attacks, as the decentralized nature of botnets presents significant challenges to defenders. By orchestrating…
-
Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through malicious packages disguised as legitimate tools. The threat actor, “k303903,” compromised hundreds of machines before the packages were removed. Subsequent analysis revealed that “k303903” likely operates under the aliases “shegotit2” and “pressurized,” all exhibiting identical or highly similar tactics, techniques,…
-
A new Mirai-based botnet, “Hail Cock Botnet,” has been exploiting vulnerable IoT devices, including DigiEver DVRs and TP-Link devices with CVE-2023-1389. The botnet, active since September 2024, leverages a variant of Mirai malware with enhanced encryption. A recent uptick in attacks targeting the URI /cgi-bin/cgi_main.cgi, exploiting an RCE vulnerability in DigiEver DS-2105 Pro devices, aligns…
-
Cybersecurity threats are increasingly targeting vulnerabilities in publicly exposed assets like VPNs and firewalls, exploited by various actors, including APT groups and ransomware gangs. While this focus is understandable, it’s crucial not to neglect traditional attack vectors like phishing emails, malicious websites, and social engineering, as they remain potent tools in the hands of attackers.…
-
The Securonix Threat Research team has uncovered a sophisticated phishing campaign named FLUX#CONSOLE, leveraging tax-related lures and the use of Windows MSC (Microsoft Management Console) files to deploy a stealthy… The post Tax-Themed Campaign Exploits Windows MSC Files to Deliver Stealthy Backdoor appeared first on Cybersecurity News.
-
COMMENTARY: Protecting healthcare data in the cloud has become more vital than ever. As the attack surface area expands, adversaries have more opportunities to access sensitive health data.
-
Some organizations can get creative when extending rewards to researchers, particularly when cash is not abundant or top management frowns on spending significant sums on outsiders. “It could be financial,” Josh Jacobson, director of professional services at HackerOne, tells CSO. “Or there could be some swag that blurs the lines a little bit. The first…
-
In a resurgence since May 2024, the Black Basta ransomware campaign has exhibited a troubling escalation in its attack methods, incorporating a multi-stage infection chain that blends social engineering, a custom packer, a mix of malware payloads, and advanced delivery techniques.
-
BlueAlpha, a Russian hacking group, is using Cloudflare Tunnels, a service that masks the origin of internet traffic, to hide its attacks on Ukrainian organizations. This makes it difficult to trace the source of the attack and allows malware to spread undetected.
-
The state-sponsored cyber threat group BlueAlpha has been active since at least 2014 and has recently upgraded its malware delivery system to leverage Cloudflare Tunnels to stage GammaDrop malware.