Keypoints :
The CERT-AGID now supports a ClamAV format for IoC flows.…
Keypoints :
New Vidar malware campaign identified on January 6, 2025.…Summary :
A new smishing campaign impersonating Poste Italiane has been identified, aiming to steal personal and financial data from victims through fraudulent SMS messages. #Smishing #CyberSecurity #DataTheft
Keypoints :
Users receive SMS about a delivery issue supposedly from Poste Italiane. Clicking the link leads to a fraudulent website mimicking the official Poste Italiane site.…Summary :
On December 17, 2024, the Vidar malware launched a new campaign targeting Italian users through compromised PEC mailboxes. The attack utilized formal emails simulating payment reminders, leading victims to download a malicious JavaScript file named Fattura.js. The campaign adapted its timing and methods to increase effectiveness, highlighting the attackers’ flexibility in their strategies.…
Summary :
A smishing campaign impersonating INPS has been reported, tricking victims into providing personal and financial data through fraudulent communications. #Smishing #CyberSecurity #DataProtection
Keypoints :
A smishing campaign using the INPS logo and name is actively targeting users. Victims are lured to a fake website to provide sensitive personal and financial information.…Summary:
A recent phishing campaign has been detected that exploits the WeTransfer brand and cPanel control panel. Fraudulent emails contain links to fake login pages designed to steal user credentials. The phishing page is hosted on GitHub Pages, enhancing its credibility, and utilizes Telegram bots to collect stolen information.…Summary:
The Vidar malware has resurfaced, targeting Italian email accounts through compromised PEC mailboxes. This new wave of attacks employs VBS files to execute PS1 scripts and utilizes over 100 distinct domains with nearly a thousand randomly generated subdomains for downloading the malware. The attackers have strategically activated these links on November 18, suggesting a planned approach to maximize impact at the start of the workweek.…Summary:
A recent phishing campaign targeting DocuSign has been identified by CERT-AGID. The fraudulent emails contain HTML attachments designed to steal user credentials, allowing attackers to access sensitive accounts and information. The phishing page mimics the DocuSign login interface and sends captured credentials to a Telegram bot.…Summary:
A new malspam campaign is targeting victims in Italy with the Formbook malware, known for its infostealer capabilities. The emails, disguised as urgent communications regarding unpaid invoices, prompt recipients to open a compressed 7Z file containing a malicious VBS script. This script decodes data to extract an executable that ultimately installs Formbook on the victim’s machine.…Summary:
The Vidar malware has resurfaced in Italy, targeting email users through compromised PEC mailboxes. This new campaign mirrors previous tactics, utilizing VBS payloads and updated download URLs to evade detection. Vidar is known for stealing credentials and sensitive data, exploiting the trust associated with PEC communications.…Summary:
CERT-AGID has released version 2.0.1 of the hashr tool, a free and open-source software designed to detect malicious files by comparing their hash values with known hashes. Public administrations can access real-time Indicators of Compromise (IoC) to enhance cybersecurity efforts.Keypoints:
New version of hashr (v.2.0.1) released by CERT-AGID.…Summary:
The CERT-AGID has recently identified and mitigated a new malspam campaign aimed at spreading the Vidar malware. The emails, disguised as legitimate communications from an Italian company regarding unpaid invoices, contain malicious links that initiate the download of a harmful VBS file. This file executes a PowerShell script that connects to a known domain, facilitating further malicious activities.…Summary:
The CERT-AGID has identified a malicious campaign distributing the XWorm RAT trojan through deceptive emails masquerading as official communications from Namirial. The emails contain a password-protected PDF that lures victims into downloading a ZIP file from Dropbox, which initiates a chain of compromise leading to the installation of various malware, including XWorm.…The criminal group behind Vidar is intensifying its operations in Italy, primarily using PEC mailboxes to conduct attacks. This strategy has proven effective in spreading malware across the country. The CERT-AGID has observed and countered three malicious campaigns from Vidar, with support from PEC managers.…