Hackers use Google Search ads to steal Google Ads accounts
Summary: Cybercriminals are exploiting Google search advertisements to promote phishing sites that impersonate Google Ads, tricking users into revealing their credentials. These fake ads lead victims to counterfeit login pages hosted on Google Sites, which closely mimic the official Google Ads interface. The attackers, operating from various regions, aim to steal accounts for resale and further malicious activities.…
Read More
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Summary: A new malvertising campaign is targeting Google Ads users by phishing for their credentials through fraudulent ads. The attackers aim to steal advertiser accounts and use the stolen credentials to perpetuate further scams. The campaign has been active since at least mid-November 2024 and employs sophisticated techniques to evade detection.…
Read More
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
Summary: Cybersecurity researchers have uncovered links between North Korean threat actors involved in fraudulent IT worker schemes and a 2016 crowdfunding scam. These actors have been infiltrating companies globally under false identities to generate revenue for North Korea, while also being connected to previous scams. Recent findings highlight the evolution of their tactics and the ongoing threat they pose in cyberspace, particularly in cryptocurrency thefts.…
Read More
Illicit HuiOne Telegram Market Surpasses Hydra, Hits  Billion in Crypto Transactions
Summary: HuiOne Guarantee has emerged as the largest online illicit marketplace, surpassing Hydra with over $24 billion in cryptocurrency transactions. The platform is linked to various criminal activities, including money laundering and human trafficking, and has connections to organized crime groups globally.

Threat Actor: HuiOne Guarantee | HuiOne Guarantee Victim: Global online users | online users

Key Point :

HuiOne Guarantee has received at least $24 billion in cryptocurrency, significantly more than the defunct Hydra marketplace.…
Read More
The Breach Report: My Top Picks from Christmas, January 12, 2025
In the latest cybersecurity incidents, various platforms faced significant breaches and hacks, including Litecoin and Foresight Ventures on Twitter, a vulnerability in Ivanti’s products, and a cyberattack on Russia’s oil sector by Ukraine. Additionally, Japan Airlines experienced flight disruptions due to a cyberattack, while the International Civil Aviation Organization revealed a massive data breach.…
Read More
This article discusses several recent cybersecurity threats, including vulnerabilities in Windows LDAP and Ivanti products, as well as various malware and phishing attacks targeting users and organizations. Affected: Windows, Ivanti, Chrome, Redis

Keypoints :

Windows LDAP vulnerability (CVE-2024-49113) allows unauthenticated attackers to cause denial of service or information disclosure.…
Read More
THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
Summary: This week’s cybersecurity recap highlights critical vulnerabilities, ongoing exploits, and legal actions against threat actors, emphasizing the importance of proactive security measures. Staying informed about these threats and implementing protective strategies is essential for individuals and organizations alike.

Threat Actor: UNC5337 | UNC5337 Victim: Ivanti | Ivanti

Key Point :

A critical vulnerability in Ivanti Connect Secure appliances has been exploited as a zero-day, allowing for remote code execution.…
Read More
RST TI Report Digest: January 13, 2025
This week’s threat intelligence report from RST Cloud highlights significant cyber threats from various actors, including the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, and Southeast Asia, as well as the emergence of new malware like Banshee and the Gayfemboy botnet. The report summarizes key findings from 29 threat intelligence reports, detailing tactics, techniques, and procedures (TTPs) used in these attacks, and includes numerous indicators of compromise (IoCs).…
Read More
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Summary: Cybersecurity researchers have identified a stealthy credit card skimmer campaign targeting WordPress e-commerce sites by injecting malicious JavaScript into database tables, allowing attackers to capture sensitive payment information. This campaign also includes phishing tactics and novel techniques to exploit Web3 wallet features for cryptocurrency theft.…
Read More
Phishing Scam Targets Job Seekers with XMRig Cryptominer
Summary: A phishing campaign impersonating CrowdStrike is distributing a cryptocurrency miner disguised as a CRM application, targeting job applicants. Additionally, a fake proof-of-concept for a Microsoft security flaw is being used to lure security researchers into downloading malware.

Threat Actor: Unknown | unknown Victim: CrowdStrike | CrowdStrike

Key Point :

The phishing email claims recipients have been shortlisted for a junior developer role, prompting them to download a malicious CRM tool.…
Read More
Recruitment Scam Targets Job Seekers with Fake CrowdStrike Branding
Summary: A phishing campaign has been uncovered that impersonates CrowdStrike’s recruitment branding to distribute a cryptominer disguised as a “CRM application.” Victims are tricked into downloading malware that exploits their system resources for cryptocurrency mining.

Threat Actor: Unknown | unknown Victim: Job seekers | job seekers

Key Point :

The phishing email mimics CrowdStrike’s recruitment process to lure victims.…
Read More
Cybersecurity News Review Week 2
This article discusses recent significant developments in cybersecurity, including vulnerabilities in Ivanti products, phishing scams, data exposure issues, and new government initiatives aimed at improving cyber resilience. Affected: Ivanti Connect Secure, CrowdStrike, Motorola ALPR, Gmail, WordPress, CISA, UK Government

Keypoints :

Ivanti disclosed two high-severity vulnerabilities (CVE-2025–0282, CVE-2025–0283) affecting its products.…
Read More
The Feed 2025-01-10

“`html

Check Point Research has identified a new version of the Banshee macOS stealer malware, which has been evading detection since September 2024. The malware targets macOS users, stealing sensitive information and utilizing an encryption algorithm similar to Apple’s XProtect. Despite the shutdown of its original operations after a code leak, Banshee continues to be distributed through phishing websites and malicious GitHub repositories.…
Read More
New PayPal Phishing Scam Bypasses Security Measures
Summary: A new sophisticated PayPal phishing tactic has emerged, which effectively bypasses traditional phishing detection methods, as detailed by Fortinet’s CISO, Carl Windsor. This attack tricks users into linking their accounts to attackers by using seemingly legitimate emails and URLs.

Threat Actor: Unknown | unknown Victim: Individuals using PayPal | PayPal

Key Point :

The phishing email appears legitimate, with a valid sender address and genuine-looking URL.…
Read More