LinkedIn Smart Links Fuel Credential Phishing Campaign
Learn what LinkedIn Smart Links are and how they're being used to bypass email security gateways. Get up-to-date information on this credential phishing threat
X-Force uncovers global NetScaler Gateway credential harvesting campaign
In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related incident response engagements were associated with the use of stolen credentials.
PSA: Ongoing Webex malvertising campaign drops BatLoader
A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco's brand and is displayed first when performing a Google search.
LinkedIn under attack, malicious hackers seize accounts
Security researchers have identified that a widespread LinkedIn hacking campaign has seen many users locked out of their accounts worldwide.
Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release
Crimeware actors have launched an extensive campaign to target macOS users with malware disguised in multiple fake blockchain games.
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since September.
New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others | Akamai
Akamai researchers have identified a new Magecart-style skimmer campaign that hides behind legitimate website domains to steal PII and credit card information.
Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie Consent Banner, a WordPress plugin installed on over 40,000 sites. The vulnerability, which was fully patched in January in version 2.10.2, offers unauthenticated attackers the ability to add malicious JavaScript to a website, potentially allowing ...Read More
Espionage campaign linked to Russian intelligence services
The Military Counterintelligence Service and the CERT Polska team (CERT.PL) observed a widespread espionage campaign linked to Russian intelligence services
Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service
We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an…
CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers
What Happened On March 29, 2023, Falcon OverWatch observed unexpected malicious activity emanating from a legitimate …
West ill-prepared to deal with evolving cyber threats, report concludes
Hacking and disinformation operation has continued to expand its activity, despite separate interventions in several European countries PDF
Uncle Sow: Dark Caracal in Latin America
In 2018, EFF along with researchers from Lookout Security published a report describing the Advanced Persistent Threat (APT) we dubbed "Dark Caracal." Now we have uncovered a new Dark Caracal campaign operating since March of 2022, with hundreds of infections across more than a dozen countries. In this report we will present evidence that the cyber mercenary group Dark Caracal is still active and continues to be focused on Latin America, as was reported last year. We have discovered that Dark Caracal, using the Bandook spyware, is currently infecting over 700 computers in Central and South America, primarily in The Dominican Republic and Venezuela.
Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs
We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures.
The Titan Stealer: Notorious Telegram Malware Campaign
The Uptycs threat research team discovered a Titan stealer malware campaign, which is marketed and sold by a threat actor (TA) through a Telegram channel.
![Massive ois[.]is Black Hat Redirect Malware Campaign](https://rdl.ink/render/https%3A%2F%2Fblog.sucuri.net%2Fwp-content%2Fuploads%2F2022%2F11%2FBlogPost_Feature-Image_1490x700_PHP-Login-Stealer.png?width=92&height=&ar=&mode=&format=avif&dpr=2)
Massive ois[.]is Black Hat Redirect Malware Campaign
Learn how attackers are redirecting WordPress website visitors to fake Q&A sites via ois[.]is. Nearly 15,000 websites affected by this malware so far.
Dormant Colors browser hijackers could be used for more nefarious tasks, report says
Dormant Colors, a browser extension campaign, was spotted stealing browser data and hijacking search results and affiliation to thousands of sites.
Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Interests, Including Midterm Elections
Mandiant has recently observed DRAGONBRIDGE, an influence campaign we assess with high confidence to be operating in support of the political interests of the People’s Republic of China (PRC), aggressively targeting the United States by seeking to sow division both between the U.S. and its allies and within the U.S. political system itself. Recent narratives include: * Claims that the China-nexus threat group APT41 is instead a U.S. government-backed actor. * Aggressive attempts to discredit the U.S. democratic process, including attempts to discourage Americans from voting in the 2022 U.S. midterm elections. * Allegations that the U.S. was responsible for the Nord Stream gas pipeline explosions.
“Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed
The “Dormant Colors” is yet another vast campaign of malicious extensions with millions of active installations worldwide, this time with a color-related theme and full of deception all through the chain. It starts with the trickery malvertising campaign, continues with a crafty novel way to side-load the real malicious code without anyone noticing (until now!), and finally with stealing not only your searches and browsing data, but also affiliation to 10,000 targeted sites — a capability that is easily leveraged for targeted spear phishing, account takeover and credential extraction — all using this powerful network of millions of infected computers worldwide!
Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers.
Under the hood of a Doppelgänger
This work is the result of a collaboration with EU DisinfoLab an independent non-profit organization focused on tackling sophisticated disinformation campaigns targeting the EU. EU DisinfoLab has during the past three months been investigating a large disinformation campaign targeting western audience with pro-Russian propaganda. While our partner has focused on the actual disinformation being spread, Qurium has looked into the technical infrastructure in use to better understand how the campaign has been setup and operated. The complete report from EU Disinfo Lab can be found here: Doppelganger. Below follows the results of Qurium’s digital forensics investigation and a list of more than 50 domains used in the disinformation campaign.
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.
In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
Analysis of APT28/Fancy Bear PowerPoint mouse-over campaign
Malvertising on Microsoft Edge's News Feed pushes tech support scams
We uncovered a campaign on the Microsoft Edge home page where malicious ads are luring victims into tech support scams.
Roasting 0ktapus: The phishing campaign going after Okta identity credentials
Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since September.
Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service
We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an…
CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers
What Happened On March 29, 2023, Falcon OverWatch observed unexpected malicious activity emanating from a legitimate …
West ill-prepared to deal with evolving cyber threats, report concludes
Hacking and disinformation operation has continued to expand its activity, despite separate interventions in several European countries [PDF](https://www.cardiff.ac.uk/__data/assets/pdf_file/0005/2699483/Ghostwriter-Report-Final.pdf)
Uncle Sow: Dark Caracal in Latin America
In 2018, EFF along with researchers from Lookout Security published a report describing the Advanced Persistent Threat (APT) we dubbed "Dark Caracal." Now we have uncovered a new Dark Caracal campaign operating since March of 2022, with hundreds of infections across more than a dozen countries. In this report we will present evidence that the cyber mercenary group Dark Caracal is still active and continues to be focused on Latin America, as was reported last year. We have discovered that Dark Caracal, using the Bandook spyware, is currently infecting over 700 computers in Central and South America, primarily in The Dominican Republic and Venezuela.