Fake sites for popular software have occasionally been used by cyber criminal groups to push malware. Campaigns pushing IcedID malware (also known as Bokbot) also use this method as a distribution technique (we also commonly see IcedID sent through email).

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.

OpenAI chat has exploded in popularity over the last couple of weeks. People are using it to do all sorts of interesting things. If you are unfamiliar with OpenAI Chat and GPT-3, you can find a primer here. The gist is that it’s an artificial intelligence model that you can chat with as if it were a person. It can do all kinds of things like answer questions, write code, find bugs in code, and more. It also remembers context, so you can refer to something you already mentioned at it is able to follow along. I thought maybe this could be a useful tool for building email phishing campaigns for my pentesting work, so I thought I’d try it out and see what I could get it to do.

Ever since OpenAI launched ChatGPT at the end of November, commentators on all sides have been concerned about the impact AI-driven content-creation will have, particularly in the realm of cybersecurity. In fact, many researchers are concerned that generative AI solutions will democratize cybercrime.

Known as Operation Power Off, this operation saw law enforcement in the United States, the United Kingdom, the Netherlands, Poland and Germany take action against these types of attacks which can paralyse the internet.   The services seized were by far the most popular DDoS booter services on the market, receiving top billing on search engines. One such service taken...

En l’espace de quelques jours, Hacknowledge a été rachetée par La Poste, alors que SCRT a été acquise par Orange Cyberdefense. Le manque d’experts et la demande croissante des PME motivent ces opérations

Microsoft has revoked several Chardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents.

InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up…

Juniper Threat Labs analyzes a backdoor installed on a compromised VMware ESXi server that can execute arbitrary commands and launch reverse shells.

The iPhone security flaw was discovered by a Google unit that uncovers nation-state spyware, hacking and cyberattacks.

“TargetCompany” is a type of ransomware that was first identified in June 2021. The researchers named it TargetCompany ransomware because it adds the targeted company name as a file extension to the encrypted files. In September 2022, researchers identified a TargetCompany ransomware variant targeting Microsoft SQL servers and adding the “Fargo” extension to the encrypted files. TargetCompany ransomware is also known to add a “Mallox” extension after encrypting the files.

An unauthenticated RCE flaw (CVE-2022-27518) is being leveraged by APT5 to compromise Citrix ADC deployments.

Learn about security updates for versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32 of Citrix ADC and Citrix Gateway and get fixes for both (security bulletin CTX474995).

This latest release documents further extensive evidence of the establishment by local PRC Public Security authorities of at least 102 “Chinese Overseas Police Service Centers” in 53 countries around the world and how some of them have been partaking in the execution of "persuasions to return" operations. Patrol and Persuade (PDF) also documents the (silent) complicity of a number of host countries, instilling a further sense of fear into targeted communities and severely undermining the international rules-based order .

* Check Point Research (CPR) has analyzed the files that are for sale on the Dark Web, whose sellers claim are from WhatsApp users, revealing the leak includes 360 million phone numbers from 108 countries * Full list went on sale for 4 days, and is now being distributed freely amongst Dark Web users * Users are advised to be aware of links and unknown senders, while using any messaging services