Matrix Unleashes A New Widespread DDoS Campaign
Aqua Nautilus researchers uncovered a new and widespread DDoS campaign orchestrated by a threat actor named Matrix.
Threat Campaign Spreads Winos4.0 Through Game Application
FortiGuard Labs reveals a threat actor spreads Winos4.0, infiltrating gaming apps and targeting the education sector. Learn more.
HijackLoader evolution: abusing genuine signing certificates
Since mid-September 2024, our telemetry has revealed a significant increase in “Lumma Stealer”1 malware deployments via the “HijackLoader”2 malicious loader. On October 2, 2024, HarfangLab EDR detected and blocked yet another HijackLoader deployment attempt – except this time, the malware sample was properly signed with a genuine code-signing certificate. In response, we initiated a hunt for code-signing certificates (ab)used to sign malware samples. We identified and reported more of such certificates. This report briefly presents the associated stealer threat, outlines the methodology for hunting these certificates, and providees indicators of compromise.
Fake recruiter coding tests target devs with malicious Python packages
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.
Behind the CAPTCHA: A Clever Gateway of Malware
McAfee Labs recently observed an infection chain where fake CAPTCHA pages are being leveraged to distribute malware, specifically Lumma Stealer. We are observing a campaign targeting multiple countries. Below is a map showing the geolocation of devices accessing fake CAPTCHA URLs, highlighting the global distribution of the attack.
New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition
Authored by SangRyol Ryu Recently, McAfee’s Mobile Research Team uncovered a new type of mobile malware that targets mnemonic keys by scanning for images
The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”
Key findings Proofpoint researchers identified an unusual campaign delivering malware that the threat actor named “Voldemort”. Proofpoint assesses with moderate confidence the goal of the activi...
The gift that keeps on giving: A new opportunistic Log4j campaign
In this post, we analyze a new opportunistic exploitation campaign based on the Log4j vulnerability.
Extension Trojan Malware Campaign
Malwares make no distinction between corporate and personal devices. Therefore, past perceptions of different levels of antivirus for businesses and households must be challenged. ReasonLabs is the first endpoint protection based on a multilayered machine-learning engine, that provides enterprise-grade security for all your personal devices.
Ongoing Social Engineering Campaign Refreshes Payloads
On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing Techniques, Tactics, and Procedures (TTPs) that are consistent with an ongoing social engineering campaign being tracked by Rapid7.
Trump campaign confirms it was hacked after POLITICO received internal documents from "Robert"
The campaign suggested Iran was to blame. POLITICO has not independently verified the identity of the hacker or their motivation.
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft
We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites.
SeleniumGreed Cryptomining Campaign Exploiting Grid Services | Wiz Blog
SeleniumGreed is an active crypto-mining campaign targeting older versions of Grid services. Explore the risks, attack methods, and essential security measures. Wiz Research has detected an ongoing threat campaign that exploits exposed Selenium Grid services for cryptomining, dubbed “SeleniumGreed”. Selenium is among the most commonly used testing frameworks. Our data shows that the technology can be found in 30% of cloud environments, and the official selenium/hub docker image has over 100 million pulls in Docker Hub. Unbeknownst to most users, Selenium WebDriver API enables full interaction with the machine itself, including reading and downloading files, and running remote commands. By default, authentication is not enabled for this service. This means that many publicly accessible instances are misconfigured and can be accessed by anyone and abused for malicious purposes. We have identified a threat actor targeting publicly exposed instances of Selenium Grid and leveraging features of Selenium WebDriver API to run Python with a reverse shell to deploy scripts that download a XMRig miner. The threat actor is still active as of this blog post’s date of publication. * We believe this is the first documentation of this misconfiguration being exploited in the wild.
Exploiting CVE-2024-21412: A Stealer Campaign Unleashed
FortiGuard Labs has observed a stealer campaign spreading multiple files that exploit CVE-2024-21412 to download malicious executable files. Read more.
entagon ran secret anti-vax campaign to undermine China during pandemic
The U.S. military launched a clandestine program amid the COVID crisis to discredit China’s Sinovac inoculation – payback for Beijing’s efforts to blame Washington for the pandemic. One target: the Filipino public. Health experts say the gambit was indefensible and put innocent lives at risk.
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since September.
Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling
Netskope Threat Labs is tracking multiple phishing campaigns that abuse Cloudflare Workers. The campaigns are likely the work of different
Ongoing Malvertising Campaign leads to Ransomware
Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains.
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since September.
The Darkside of TheMoon
Executive Summary The Black Lotus Labs team at Lumen Technologies has identified a multi-year campaign targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices, associated with an updated version of “TheMoon” malware. TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since September.
Large-Scale StrelaStealer Campaign in Early 2024
We unravel the details of two large-scale StrelaStealer campaigns from 2023 and 2024. This email credential stealer has a new variant delivered through zipped JScript. #2024 #Campaign #EN #JScript #StrelaStealer #analysis #paloaltonetworks
PIKABOT, I choose you!
Elastic Security Labs observed new PIKABOT campaigns, including an updated version. PIKABOT is a widely deployed loader malicious actors utilize to distribute additional payloads.
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since September.
Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments
Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accoun...
Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware
Arctic Wolf Labs has investigated several cases where ransomware victims are being targeted for follow-on extortion attempts by threat actors who are aware of ransom attack details.
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since September.
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since September.
LinkedIn Smart Links Fuel Credential Phishing Campaign
Learn what LinkedIn Smart Links are and how they're being used to bypass email security gateways. Get up-to-date information on this credential phishing threat
X-Force uncovers global NetScaler Gateway credential harvesting campaign
In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related incident response engagements were associated with the use of stolen credentials.