Tag: SOCIAL ENGINEERING

Summary: Sporting events create extensive consumer engagement and interconnected networks that enhance experiences but also introduce significant cybersecurity risks. Businesses and fans must be aware of these vulnerabilities and implement robust strategies to mitigate potential threats during high-activity periods.

Threat Actor: Cybercriminals | cybercriminals Victim: Sporting venues and attendees | sporting venues and attendees

Key Point :

Sporting events are susceptible to various cyber threats, including DDoS attacks, bot attacks on ticketing, and deceptive Wi-Fi hotspots.…
Read More
Short Summary

Kimsuky is a North Korean APT group focused on intelligence collection, particularly targeting South Korean entities, as well as the U.S. and Europe. Active since at least 2012, Kimsuky employs phishing tactics to infiltrate university networks and steal sensitive information. Recent advisories from the NSA and FBI highlight their use of social engineering and misconfigured DMARC records to facilitate their operations.…

Read More

Summary: The Ronin Network experienced a security incident where white hat hackers exploited a vulnerability in the Ronin bridge, withdrawing $12 million in cryptocurrency. The incident was reported to the Ronin team, leading to a temporary pause of the bridge for investigation and subsequent fixes.

Threat Actor: White Hat Hackers | white hat hackers Victim: Ronin Network | Ronin Network

Key Point :

White hat hackers exploited a vulnerability in the Ronin bridge, withdrawing 4,000 ETH and 2 million USDC.…
Read More

Summary: Researchers have uncovered a method to bypass the ‘First Contact Safety Tip’ anti-phishing feature in Microsoft 365, increasing the risk of users falling victim to malicious emails. Despite reporting the vulnerability to Microsoft, the company has decided not to address the issue at this time, citing it as a social engineering tactic rather than a technical vulnerability.…

Read More
Short Summary

The RHADAMANTHYS stealer has emerged as a sophisticated threat targeting Israeli users through social engineering tactics, particularly phishing emails. This malware, developed by Russian-speaking actors, employs a multi-stage infection process, advanced anti-analysis techniques, and extensive data exfiltration capabilities, posing a significant risk to sensitive information.…

Read More

Summary: The report by Cyfirma details the Mint Stealer malware, which operates as a “Malware-as-a-Service” (MaaS) and specializes in stealing sensitive data while employing advanced evasion techniques. It targets various applications and uploads stolen data through unsecured connections, posing a significant cybersecurity threat.

Threat Actor: Unknown | Mint Stealer Victim: Individuals and organizations | Mint Stealer victims

Key Point :

Mint Stealer targets data from web browsers, cryptocurrency wallets, gaming accounts, VPN clients, and messengers.…
Read More

Summary: This blog post details a sophisticated Android-targeted SMS stealer campaign that has been active since February 2022, highlighting the tactics used by attackers to steal one-time passwords (OTPs) and sensitive information from victims. Researchers from zLabs have identified over 107,000 malware samples associated with this campaign, showcasing its scale and evolution over time.…

Read More

Summary: This report highlights a recent case of brand impersonation involving Google ads, where users searching for Google Authenticator were misled into downloading malware. The attack exploited a fake advertisement to redirect victims to a fraudulent website that hosted malicious software.

Threat Actor: Unknown | unknown Victim: Google Users | Google Users

Key Point :

Malicious ads impersonated Google to trick users into downloading malware disguised as Google Authenticator.…
Read More

“`html Short Summary:

APT40, a Chinese cyber-espionage group linked to the Ministry of State Security, has been active since 2009, targeting various sectors such as maritime, defense, and technology. The group employs a range of tactics, techniques, and procedures (TTPs) to infiltrate networks, maintain persistence, and exfiltrate sensitive data, aligning its activities with China’s strategic objectives.…

Read More

“`html

Short Summary

The Securonix Threat Research team has released an advisory detailing the ongoing DEV#POPPER campaign, which targets software developers using advanced social engineering tactics and new malware variants. The campaign has expanded to include support for Linux, Windows, and macOS, employing sophisticated obfuscation techniques to hide malicious code and facilitate data exfiltration.…

Read More

“`html Short Summary:

This article discusses a recent incident of brand impersonation involving Google ads, where users searching for Google Authenticator were misled into downloading malware. The fraudulent ad directed users to a fake website that hosted the malicious software, DeerStealer, which exfiltrates personal data. The article emphasizes the importance of distinguishing real advertisers from fake ones to prevent such attacks.…

Read More

“`html Short Summary:

This report from Cyfirma provides an analysis of Mint Stealer, an information-stealing malware operating as a malware-as-a-service (MaaS) tool. It targets sensitive data from compromised systems, employing sophisticated evasion techniques to avoid detection. The report discusses Mint Stealer’s methods, its impact on cybersecurity, and offers guidance for defense strategies against such threats.…

Read More

Summary: Researchers have discovered a malicious Python package named “lr-utils-lib” that targets a specific set of macOS machines to steal Google Cloud Platform credentials. The campaign employs social engineering tactics, including a fake LinkedIn profile of the package owner, to enhance its deception.

Threat Actor: Unknown | Lucid Zenith Victim: Specific macOS users | macOS users

Key Point :

The malicious package “lr-utils-lib” was uploaded to PyPi and is designed to exfiltrate credentials from a predetermined list of 64 macOS machines.…
Read More

“`html Short Summary:

The Trellix Advanced Research Center has identified a sophisticated phishing campaign targeting Microsoft OneDrive users. This campaign utilizes social engineering tactics to lure victims into executing a PowerShell script, leading to system compromise. The attack involves enticing users to click on a button claiming to resolve a DNS issue, ultimately tricking them into running malicious commands.…

Read More

“`html Short Summary:

The investigation revealed that the Python package “lr-utils-lib” contained malicious code designed to target macOS systems and steal Google Cloud Platform credentials. The malware activates upon installation, exfiltrating sensitive data to a remote server. Additionally, a fake LinkedIn profile linked to the package owner suggests possible social engineering tactics, highlighting significant cybersecurity challenges in the digital age.…

Read More

The threat intel data noted in this report is available to tens of thousands of customers, partners and prospects – and hundreds of thousands of users. Adversaries exploit current events for attention and gain. We remain committed to sharing data with the community.

On July 24, 2024, hacktivist entity USDoD claimed on English-language cybercrime forum BreachForums to have leaked CrowdStrike’s “entire threat actor list.”1…

Read More