The FBI’s Internet Crime Complaint Center (IC3) has published its annual report for 2023, which reveals that the number of cybercrime complaints received by the agency increased by nearly 10% compared to the previous year.

Cybercrime victims in the United States filed more than 880,000 complaints with the FBI in 2023, with reported losses totaling over $12.5 billion, which represents a 22% increase from 2022. …

Read More

ESET researchers discovered a cyberespionage campaign that, since at least September 2023, has been victimizing Tibetans through a targeted watering hole (also known as a strategic web compromise), and a supply-chain compromise to deliver trojanized installers of Tibetan language translation software. The attackers aimed to deploy malicious downloaders for Windows and macOS to compromise website visitors with MgBot and a backdoor that, to the best of our knowledge, has not been publicly documented yet; we have named it Nightdoor.…

Read More

Researchers have spotted a concerted cyber compromise campaign targeting cloud servers running vulnerable instances of Apache Hadoop, Atlassian Confluence, Docker, and Redis. The attackers are dropping a cryptomining tool, but also installing a Linux-based reverse shell that would allow potential future targeting and malware infestations.

According to an analysis from Cado Security, in most cases the adversary is hunting for common cloud misconfigurations to exploit.…

Read More

A cryptojacking campaign involving Linux malware is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances with new and unique malicious payloads, cybersecurity firm Cado Security warns.

As part of the campaign, the attackers employ four new Golang payloads to automate the discovery and exploitation of vulnerable hosts, as well as a reverse shell and multiple user-mode rootkits to hide their presence.…

Read More
Introduction

Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running the following web-facing services:

The campaign utilises a number of unique and unreported payloads, including four Golang binaries, that serve as tools to automate the discovery and infection of hosts running the above services.…

Read More

North Korean hackers are using a critical vulnerability in ConnectWise’s ScreenConnect software to spread new, shapeshifting espionage malware.

Two weeks ago, ConnectWise revealed two flaws in its popular remote desktop application: CVE-2024-1708, a path traversal bug given a “high” score of 8.4 out of 10 on the CVSS scale, and CVE-2024-1709, a rare “critical” 10 out of 10 authentication bypass bug.…

Read More

The proliferation of programmable logic controllers (PLCs) with embedded Web servers in them has given attackers a way to launch potentially catastrophic, remote attacks against operational technology (OT) for industrial control systems (ICS) in critical infrastructure sectors.

To highlight the threat, a team of researchers from the Georgia Institute of Technology has developed malware that an adversary could use to remotely access an embedded Web server within a PLC, and attack the underlying physical system.…

Read More

Mar 05, 2024NewsroomMalware / Artificial Intelligence

More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show.

These credentials were found within information stealer logs associated with LummaC2, Raccoon, and RedLine stealer malware.…

Read More
Key TakeawaysThe Kroll Cyber Threat Intelligence (CTI) team discovered new malware resembling the VBScript based BABYSHARK malware that we’ve called TODDLERSHARK.The malware was used in post-compromise activity following exploitation of a ScreenConnect application.BABYSHARK has been associated, by several sources, with a threat actor Kroll tracks as KTA082 (Kimsuky).The…
Read More

Published On : 2024-03-05

EXECUTIVE SUMMARY

At CYFIRMA, our commitment is to provide timely insights into prevalent threats and malicious tactics affecting both organizations and individuals. Our research team recently identified a malicious .docx file linked to the stego-campaign, revealing a sophisticated cyber threat.

This campaign utilizes template injection in a Microsoft Office document to bypass traditional email security measures.…

Read More

The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks.

TA577 is considered an initial access broker (IAB), previously associated with Qbot and linked to Black Basta ransomware infections.

Email security firm Proofpoint reports today that although it has seen TA577 showing a preference for deploying Pikabot recently, two recent attack waves demonstrate a different tactic.…

Read More