Open-Source Stealer Widely Abused by Threat Actors The threat of InfoStealers is widespread and has been frequently employed by various Threat Actors (TA)s to launch attacks and make financial gains. Until now, the primary use of stealers by TAs has been to sell logs or to gain initial entry into a corporate network.

Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web service that catered to cybercriminals operating DDoS-for-hire services. Fly Hosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that…

L'uso di piattaforme didattiche fornite da Google e Microsoft nelle scuole italiane solleva interrogativi sullo scambio di dati con gli Stati Uniti, al centro di un braccio di ferro tra Washington e la Commissione europea. E per il ministero dell'Istruzione il problema è delle scuole

* Proofpoint has observed recent espionage-related activity by TA473, including yet to be reported instances of TA473 targeting US elected officials and staffers. TA473 is a newly minted Proofpoint threat actor that aligns with public reporting on Winter Vivern. * TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes of government entities in Europe. * TA473 recons and reverse engineers bespoke JavaScript payloads designed for each government targets’ webmail portal. * Proofpoint concurs with Sentinel One analysis that TA473 targeting superficially aligns with the support of Russian and/or Belarussian geopolitical goals as they pertain to the Russia-Ukraine War.

Google’s Threat Analysis Group (TAG) tracks actors involved in information operations (IO), government backed attacks and financially motivated abuse. For years, TAG has been tracking the activities of commercial spyware vendors to protect users. Today, we actively track more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government backed actors. These vendors are enabling the proliferation of dangerous hacking tools, arming governments that would not be able to develop these capabilities in-house. While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments to target dissidents, journalists, human rights workers and opposition party politicians.

Vulkan engineers have worked for Russian military and intelligence agencies to support hacking operations, prepare for attacks on infrastructure and spread disinformation

The 3CX VoIP Desktop Application has been compromised to deliver malware via legitimate 3CX updates. Huntress has been investigating this incident and working to validate and assess the current supply chain threat to the security community.

A security issue arose on Update 7, version numbers 18.12.407 & 18.12.416 only for our Electron Windows App. Check this post for more info.

The 3CX supply chain attack, gives us an opportunity to analyze a trojanized macOS application

North Korean-sponsored actors believed to be linked to attack that Trojanized several versions of 3CX DesktopApp

What Happened On March 29, 2023, Falcon OverWatch observed unexpected malicious activity emanating from a legitimate …

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack.

A Trojanized version of the popular VOIP/PBX software is in the news; here’s what hunters and defenders are doing [IOCs](https://github.com/sophoslabs/IoCs/blob/master/3CX%20IoCs%202023-03.csv)

We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022.

In response to the growing public attention given to ChatGPT, the Europol Innovation Lab organised a number of workshops with subject matter experts from across Europol to explore how criminals can abuse large language models (LLMs) such as ChatGPT, as well as how it may assist investigators in their daily work.