Mar 14, 2024NewsroomMalware / Cyber Attack
A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers.
“During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 that led to malicious Microsoft (.MSI)…
Driven by the promise of new lines of revenue and lower manufacturing costs, automobile manufacturers are enthusiastically turning vehicles into next-gen application platforms. Increasingly, organizations that run fleets or have transport as a key part of their business can opt into “software defined” features that can be turned on and off over the air, offered on a subscription basis.…
In my free time, i updated “Indonesia got Hacked! on telegram.
Web defacement is a cyber attack where hackers alter the visual appearance or content of a website. It’s essentially digital vandalism.
Motives:
Bragging rights: Hackers might deface a website to showcase their skills or promote their hacking group.…In the digital society, defenders are grappling with the transformative impact of artificial intelligence (AI), automation, and the rise of Cybercrime-as-a-Service. Recent research commissioned by Darktrace reveals that 89% of global IT security teams believe AI-augmented cyber threats will significantly impact their organisations within the next two years, yet 60% feel unprepared to defend against these evolving attacks.…
In late 2022, 4 ransomware strains were discovered that are derived from Conti‘s leaked ransomware strain. One of them was Meow ransomware. The operation of this crypto-ransomware was observed from late August to the first half of September 2022 and persisted until February 2023. In March 2023, a free decryptor for the Meow ransomware was released, leading to the cessation of their operation.…
Voice phishing, or vishing, is having a moment right now, with numerous active campaigns across the world that are ensnaring even savvy victims who might seem likely to know better, defrauding them in some cases of millions of dollars.
South Korea is one of the global regions being hit hard by the attack vector; in fact, a scam in August 2022 caused the largest amount ever stolen in a single vishing case in the country.…
Ever since the Internet became a commercial entity, hackers have been using it to impersonate businesses through a variety of clever means. And one of the most enduring of these exploits is the practice of typosquatting — i.e., using look-alike websites and domain names to lend legitimacy to social engineering efforts.…
Through a recent report by PIXM, a cybersecurity firm specialising in artificial intelligence solutions, public schools in the United States face a significant increase in sophisticated phishing campaigns. Threat actors are employing targeted spear phishing attacks, utilising stealthy patterns to target officials in large school districts, effectively bypassing Multi-Factor Authentication (MFA) protections.…
This post is also available in: 日本語 (Japanese)
Executive SummaryMuddled Libra stands at the intersection of devious social engineering and nimble technology adaptation. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses.…
It’s that time of the year when not only do you have to be worried about filing your federal taxes in the U.S., you must also be on the lookout for a whole manner of tax-related scams.
These are something that pop up every year through email, texts, phone calls and even physical mail — phony promises to get your tax return back faster, file your taxes “easy and free” or maximizing your possible return.…
Social engineering is present in 90% of phishing attacks today. However, business email compromise (BEC) attacks stand apart in the cybercrime industry for their emphasis on social engineering and the art of deception.
Part of what makes social engineering such a prominent part of BEC and other types of phishing attacks is its ability to manipulate human levers to achieve a desired outcome.…
Analysis of an Android Malware-as-a-Service Operation
Coper, a descendant of the ,,Exobot malware family, was ,,first observed in the wild in July 2021, targeting Colombian Android users. At that time, Coper (the Spanish translation of “Copper”) was distributed as a fake version of Bancolombia’s “Personas” application.…
A ransomware group that emerged last April is quickly making a name for itself by expanding its scope of attacks with high-impact tactics as it tramples across geographies, hitting a wide range of global targets in less than a year of activity.
The RA World ransomware group, previously known as RA Group, recently was spotted targeting several healthcare organizations in Latin America with a multistage cyberattack that manipulated the targeted environment’s group policy settings, researchers from Trend Micro revealed in a blog post.…
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.…
Published On : 2024-03-05
EXECUTIVE SUMMARYAt CYFIRMA, our commitment is to provide timely insights into prevalent threats and malicious tactics affecting both organizations and individuals. Our research team recently identified a malicious .docx file linked to the stego-campaign, revealing a sophisticated cyber threat.
This campaign utilizes template injection in a Microsoft Office document to bypass traditional email security measures.…
BYOVD (Bring Your Own Vulnerable Driver) is a class of attack in which threat actors drop known vulnerable drivers on a compromised machine and then exploit the bug(s) to gain kernel-level privileges. At this level of access, attackers can accomplish a lot: hide malware, dump credentials, and, crucially, attempt to disable EDR solutions.…