Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution.
Summary
The TargetCompany ransomware group is now employing a new Linux variant that uses a custom shell script as a means of payload delivery and execution, a technique not seen in previous variants.…Sophos Managed Detection and Response initiated a threat hunt across all customers after the detection of abuse of a vulnerable legitimate VMware executable (vmnat.exe) to perform dynamic link library (DLL) side-loading on one customer’s network. In a search for similar incidents in telemetry, MDR ultimately uncovered a complex, persistent cyberespionage campaign targeting a high-profile government organization in Southeast Asia.…
Summary: This content discusses a campaign involving malicious ads related to utility bills that direct victims to call centers where scammers collect their identity and attempt to extort money from them.
Threat Actor: Scammers | scammers Victim: U.S. residents | U.S. residents
Key Point:
A campaign involving fraudulent ads related to utility bills is targeting mobile devices and U.S.…Threat Actor: Unknown | Unknown Victim: Railway Assets Corporation (RAC) | Railway Assets Corporation Price: Not specified Exfiltrated Data Type: Employee database
Additional Information:
The Railway Assets Corporation (RAC) is a key federal statutory body under Malaysia’s Ministry of Transport. The RAC manages and develops the nation’s railway assets.…MANILA, PHILIPPINES – Within this week, a series of data breaches, personal information from Toyota Makati, a renowned car dealership, Robinsons Malls, a prominent shopping mall chain, and S&R, a popular membership shopping club, has been compromised, affecting hundreds of thousands of customers.
Toyota Makati Data Breach:
An alleged data breach at Toyota Makati, discovered on May 29, 2024, has exposed over a terabyte of data spanning from 2016 to 2024.…
Summary: This article discusses a WhatsApp scam where the author receives a message from an unknown sender claiming to have added a financial account and provides login details.
Threat Actor: Scammer | scammer Victim: Author | author
Key Point :
The author receives a WhatsApp message from an unknown sender claiming to have added a financial account with login details.…Resecurity has uncovered a cybercriminal group that is equipping fraudsters with sophisticated phishing kits to target banking customers in the EU. These kits are designed to intercept sensitive information, including credentials and OTP codes. The attackers use various social engineering tactics to trick victims into revealing their sensitive information.…
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics
Targeted attacks Operation Triangulation: the final mysteryLast June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware platform distributed via zero-click iMessage exploits that allowed an attacker to browse and modify device files, get passwords and credentials stored in the keychain, retrieve geo-location information and execute additional modules that extended their control over compromised devices.…
Threat Actor: Unknown | Unknown Victim: Dkhoonemirates | Dkhoonemirates Price: $4,800 Exfiltrated Data Type: Customer information, order details, financial information, additional data
Additional Information:
The threat actor claims to have obtained a database from Dkhoonemirates, a prominent online retailer. The database allegedly consists of 1,187,492 rows of data.…Threat Actor: Unknown | Unknown Victim: Riyadh Airport | Riyadh Airport Price: Not mentioned Exfiltrated Data Type: Employee database
Additional Information:
The leaked database allegedly contains information on 864 employees of Riyadh Airport, including employee numbers, full names, email addresses, and mobile numbers. Riyadh Airports Company is responsible for managing and operating King Khalid International Airport in Riyadh.…Authored by Dexter Shin
Many government agencies provide their services online for the convenience of their citizens. Also, if this service could be provided through a mobile app, it would be very convenient and accessible. But what happens when malware pretends to be these services?
McAfee Mobile Research Team found an InfoStealer Android malware pretending to be a government agency service in Bahrain.…
Summary: This content discusses a case involving a hospital allegedly reneging on paying a settlement in a lawsuit related to a baby’s death and ransomware attack.
Threat Actor: N/A Victim: Hospital | Springhill Medical Center
Key Point :
A hospital is accused of not paying a settlement in a lawsuit involving a baby’s death and a ransomware attack.…Summary: Researchers have discovered a macOS version of the LightSpy spyware that has been active since January 2024, with threat actors using publicly available exploits to deliver the spyware and exfiltrate private information from devices.
Threat Actor: LightSpy | LightSpy Victim: macOS users | macOS
Key Point :
The macOS version of LightSpy spyware has been active since January 2024.…Update 31.05.2024: Added clarification on severity of the vulnerability, recommendations and mitigations. A Proof of Concept (POC) to exploit the vulnerability is now publicly available. CVSS score has been increased from 7.5 to 8.6. Updated Check Point support links.
A critical vulnerability has been discovered in Check Point Security Gateways with Remote Access VPN enabled, also referred to as the “Mobile Access” blade.…
On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade.
On May 29, 2024, security firm mnemonic published a blog reporting that they have observed in-the-wild exploitation of CVE-2024-24919 since April 30, 2024, with threat actors leveraging the vulnerability to enumerate and extract password hashes for all local accounts, including accounts used to connect to Active Directory.…
Summary: Microsoft has identified a new North Korean threat actor called Moonstone Sleet, which has been active since August 2023 and shows similarities to another North Korean group, Diamond Sleet.
Threat Actor: Moonstone Sleet | Moonstone Sleet Victim: Not specified
Key Point :
Moonstone Sleet is a new North Korean threat actor that has been active since August 2023.…Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.…
In October 2023 we posted our research about the notorious surveillance framework LightSpy2. In our research, we proved with a high degree of confidence that both implants for Android and iOS came from the same developer and shared the same network infrastructure, but also that they were just a small part of a larger framework.…
CryptoChameleon is a phishing kit first discovered in February 2024. As of publication, the identity of CryptoChameleon’s creator remains elusive.
The kit is used by unknown threat actors to harvest usernames, passwords, password reset URLs, and photo IDs from employees and customers’ mobile devices.
Silent Push Threat Analysts have conducted a wide-ranging research campaign that has revealed a large amount of CryptoChameleon fast flux Indicators of Future Attack (IOFAs) targeting Binance, Coinbase and FCC users, and a host of other platforms, including:
Apple iCloud Google Gemini Kraken Gamdom Ledger Swan Bitcoin Trezor Hardware Wallet Uphold Nexo Crypto Shake Pay CryptoBackgroundOn 6th February 2024, Silent Push analysts noticed malicious activity targeting the FCC, and reported it confidentially to CISA.…