Summary: Cybersecurity researchers have discovered a renewed cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy.

Threat Actor: LightSpy | LightSpy Victim: Users in South Asia | South Asia

Key Point :

The LightSpy iOS spyware campaign, dubbed “F_Warehouse,” has a modular framework with extensive spying features.…
Read More

Threat Actor: SN_Blackmeta | SN_Blackmeta Victim: Orange Israel | Orange Israel Price: Not specified Exfiltrated Data Type: Not specified

Additional Information:

SN_Blackmeta has claimed responsibility for a large-scale cyber attack on Orange Israel. Orange Israel is a telecommunications company offering mobile, internet, TV, and digital solutions.…
Read More

Summary: Organizations using Delinea Secret Server are urged to update their installations immediately to fix a critical vulnerability that could allow attackers to bypass authentication and gain admin access to extract secrets.

Threat Actor: Unknown | Unknown Victim: Organizations using Delinea Secret Server | Delinea Secret Server

Key Point :

Delinea Secret Server has a critical vulnerability in its SOAP API that allows attackers to bypass authentication and gain admin access.…
Read More

Victim: Best Reward Federal Credit Union Country : United States Actor: akira Source: Discovered: 2024-04-15 13:26:37.158397 Description :

Best Reward Federal Credit Union offers low-rate loans, deposit accounts, VISA cards, and mobile services. Lots of financial documents, personal information including thousands of members’ names, SSNs, addresses, emails, and phone numbers.…
Read More

Summary: The GSM Association’s Fraud and Security Group (FASG) has released the Mobile Threat Intelligence Framework (MoTIF), which provides a structured approach to understanding and combating mobile network-related attacks.

Threat Actor: N/A Victim: N/A

Key Point :

The Mobile Threat Intelligence Framework (MoTIF) is a new framework developed by the GSM Association’s Fraud and Security Group (FASG) to describe mobile network-related attacks.…
Read More

Summary: The Federal Bureau of Investigation (FBI) has issued a warning about a wave of SMS phishing attacks targeting Americans with fake road toll fee messages, with thousands of people already reporting being targeted by scammers.

Threat Actor: Unknown | SMS phishing attacks Victim: Americans | Americans

Key Point :

The FBI has received over 2,000 complaints about smishing texts related to road toll collection services from at least three states.…
Read More
Must-Read Cybersecurity Blogs [List of Blogs & Websites]

1. Unsupervised Learning

An experienced cybersecurity expert, consultant and writer, Miessler takes a personal approach on his blog with an “about me” page that not only details his professional interests but also his hobbies, interests and political views. His offerings include newsletters and essays on a variety of topics and a podcast called Unsupervised Learning that focuses on security and artificial intelligence.…

Read More

Summary: Apple has updated its warning system to alert users when they may have been individually targeted by mercenary spyware threats, such as the surveillance tools developed by NSO Group.

Threat Actor: NSO Group | NSO Group Victim: Individuals targeted by mercenary spyware attacks

Key Point :

Apple has revised its documentation to specifically address mercenary spyware threats and highlight their advanced capabilities, including zero-day exploits and complex obfuscation techniques.…
Read More

Victim: Nexperia Country : Netherlands Actor: dunghill Source: http://p66slxmtum2ox4jpayco6ai3qfehd5urgrs4oximjzklxcol264driqd.onion/lot12.html Discovered: 2024-04-10 21:05:37.096896 Description :

Nexperia is a global semiconductor company headquartered in the Netherlands. The company has a rich European history and operates with more than 15,000 employees in Europe, Asia, and the United States. Nexperia is a leading expert in the design and manufacture of mission-critical semiconductors.…
Read More

Summary: This content provides a list of security vulnerabilities and their severity levels in various Microsoft products and services.

Threat Actor: N/A

Victim: N/A

Key Point:

The content highlights multiple security vulnerabilities in Microsoft products and services, including .NET and Visual Studio, Azure, Azure AI Search, Azure Arc, Azure Compute Gallery, Azure Migrate, Azure Monitor, Azure Private 5G Core, Azure SDK, Intel, Internet Shortcut Files, Mariner, Microsoft Azure Kubernetes Service, Microsoft Brokering File System, Microsoft Defender for IoT, Microsoft Edge (Chromium-based), Microsoft Install Service, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft WDAC ODBC Driver, Microsoft WDAC OLE DB provider for SQL, Role: DNS Server, Role: Windows Hyper-V, SQL Server, Windows Authentication Methods, Windows BitLocker, Windows Compressed Folder, Windows Cryptographic Services, Windows Defender Credential Guard, Windows DHCP Server, Windows Distributed File System (DFS), Windows DWM Core Library, Windows File Server Resource Management Service, Windows HTTP.sys,…
Read More

Key Takeaways

Cyble Research and Intelligence Labs (CRIL) has uncovered a novel phishing campaign tailored to cryptocurrency users.

This campaign was deploying a well-known FatalRAT along with additional malware such as Clipper and Keylogger.

The Threat Actors (TAs) orchestrating this campaign employ the DLL side-loading technique to load and execute FatalRAT, Clipper, and Keylogger modules.…
Read More

Summary: A new threat actor named “Starry Addax” is targeting human rights activists associated with the Sahrawi Arab Democratic Republic (SADR) cause in North Africa using a mobile malware called “FlexStarling.”

Threat Actor: Starry Addax | Starry Addax Victim: Human rights activists associated with the Sahrawi Arab Democratic Republic (SADR) cause | Sahrawi Arab Democratic Republic

Key Points:

Starry Addax conducts phishing attacks and uses malicious Android apps disguised as legitimate tools to compromise sensitive information.…
Read More

In December 2023, Sophos X-Ops received a report of a false positive detection on an executable signed by a valid Microsoft Hardware Publisher Certificate. However, the version info for the supposedly clean file looked a little suspicious.

Figure 1: Version info of the detected file. Note the typos ‘Copyrigth’ and ‘rigths’

The file’s metadata indicates that it is a “Catalog Authentication Client Service” by “Catalog Thales ” – possibly an attempt to impersonate the legitimate company Thales Group.…

Read More