Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Published On : 2024-07-21
EXECUTIVE SUMMARYA recent update from cybersecurity firm CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers due to a faulty update to the Falcon Sensor agent. Millions of Windows-based systems across the globe experienced the dreaded Blue Screen of Death (BSOD), causing total system crashes.…
Threat Actor: Unknown | unknown Victim: CrowdStrike | CrowdStrike Price: Potential financial loss due to scams Exfiltrated Data Type: Sensitive data requests
Key Points :
Threat actors registered fake domains to exploit the CrowdStrike update issue. The malicious domains may be used for social engineering attacks, requesting sensitive information.…Summary: A public-private initiative called Operation Spincaster has been launched to combat cryptocurrency-related phishing scams, identifying over 230 victims in the U.K. and recovering some of the £33 million lost. The operation involves collaboration between law enforcement and crypto exchanges across multiple countries to disrupt organized crime linked to these scams.…
Published On : 2024-07-19
EXECUTIVE SUMMARYIn the second quarter of 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and Russia demonstrated a surge in dynamic and innovative cyber activities, significantly challenging the global cybersecurity landscape.
Starting with Iran, state-sponsored threat actors exhibited advanced capabilities across various regions and sectors.…
Summary: This article discusses a new Mac malware called BeaverTail that targets users through a trojanized meeting app.
Threat Actor: DPRK | DPRK Victim: Users of the trojanized meeting app | trojanized meeting app
Key Point :
A new Mac malware called BeaverTail has been discovered, which is believed to be developed by the DPRK.…Summary: Ransomware activity increased in the second quarter, with threat groups listing 1,237 organizations on data leak sites, and LockBit accounting for a significant number of victims in May. U.S.-based businesses were the most targeted, particularly in the manufacturing and professional services sectors.
Threat Actor: LockBit | LockBit Victim: Various organizations | LockBit ransomware victims
Key Point :
Ransomware activity increased in Q2, with 1,237 organizations listed on data leak sites, a 20% increase from Q1.…Summary: The content discusses the cybersecurity threats faced by the Paris 2024 Olympic Games and the increase in cybersecurity services spending to defend against these threats.
Threat Actor: Cybercriminals | Cybercriminals Victim: Paris 2024 Olympic Games | Paris 2024 Olympic Games
Key Point :
The Paris 2024 Olympic Games will face the largest number of cybersecurity threats, with a complex threat landscape and a large ecosystem of threat actors.…The Kimsuky APT is a North Korea-based cyber espionage group operating since at least 2012. Initially, The group targeted South Korean government entities, think tanks, and individuals identified as experts in various fields.
Tracked as: APT43, Black Banshee, Velvet Chollima, THALLIUM, ARCHIPELAGO, and Emerald Sleet
Targets and Objectives: The group primarily targets South Korea, Japan, and the United States, focusing on sectors such as national defense, education, energy, government, healthcare, and think tanks.…
Lazarus Group (APT38) is a North Korean state-sponsored cyber threat group that has been attributed to the Reconnaissance General Bureau that has been active since 2009 and is widely thought to be responsible for the Sony Pictures Entertainment cyber-attack in 2014.…
Summary: This article discusses the Ukrainian hacker Vyacheslav Penchukov, who was on the FBI’s ‘Most Wanted’ list for a decade.
Threat Actor: Ukrainian Hacker Vyacheslav Penchukov | Vyacheslav Penchukov Victim: N/A
Key Point :
Vyacheslav Penchukov was a Ukrainian hacker who was on the FBI’s ‘Most Wanted’ list for ten years.…Summary
Insikt Group's research reveals that OilAlpha, a likely pro-Houthi group, continues to target humanitarian and human rights organizations operating in Yemen. They use malicious Android applications to steal credentials and gather intelligence, potentially to control aid distribution. Notable organizations affected include CARE International and the Norwegian Refugee Council.…
Summary: Japanese organizations are being targeted by the North Korean ‘Kimsuky’ threat actors, who use social engineering and phishing to gain initial access to networks and deploy custom malware to steal data and maintain persistence.
Threat Actor: Kimsuky | Kimsuky Victim: Japanese organizations | Japanese organizations
Key Point :
The North Korean ‘Kimsuky’ threat actors are targeting Japanese organizations.…Summary: This article discusses the shift in tactics of ransomware groups, who are now stealing sensitive information instead of just encrypting files and demanding ransom payments.
Threat Actor: Various ransomware groups
Victim: Multiple victims targeted by the ransomware groups
Key Point :
Ransomware groups are developing custom malware to steal sensitive information from victims.…Written by: John Hultquist
As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges—the cyber threat. The Alliance faces a barrage of malicious cyber activity from all over the globe, carried out by emboldened state-sponsored actors, hacktivists, and criminals who are willing to cross lines and carry out activity that was previously considered unlikely or inconceivable.…
Summary: This content discusses the arrest of 54 individuals involved in a vishing fraud scheme that targeted Spanish senior citizens, resulting in €2.5m ($2.7m) in losses. Additionally, Interpol’s “Operation First Light 2024” led to the arrest of thousands of suspects involved in various scams globally.
Threat Actor: Vishing fraud gang
Key Points:
The Spanish National Police, Mossos d’Esquadra, and Portuguese Judicial Police have arrested 54 individuals suspected of participating in a vishing fraud scheme that targeted Spanish senior citizens.…Published On : 2024-07-06
EXECUTIVE SUMMARYAt CYFIRMA, we deliver timely insights into prevalent threats and malicious tactics impacting organizations and individuals. Our research team recently discovered a RAR archive in the wild, likely distributed via spam or phishing emails. This archive contains a loader binary that, upon infection, deploys batch and PowerShell scripts designed to collect sensitive user information.…
This report is a summarized version of “Analysis Report of Kimsuky Group’s HappyDoor Malware” introduced in AhnLab Threat Intelligence Platform (TIP), containing key information for analyzing breaches. …
We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we’ll provide an overview of the trojan and what it does.
IntroductionThe Mekotio banking trojan is a sophisticated piece of malware that has been active since at least 2015, primarily targeting Latin American countries with the goal of stealing sensitive information — particularly banking credentials — from its targets.…
Summary: The content discusses the emergence of the FakeBat loader as a prominent threat in the first half of 2024, which utilizes the drive-by download technique to spread malware.
Threat Actor: FakeBat loader | FakeBat loader Victim: Unsuspecting users | unsuspecting users
Key Point :
The FakeBat loader, also known as EugenLoader or PaykLoader, is a threat that utilizes the drive-by download technique to spread malware.…Summary: Spanish and Portuguese police have arrested 54 individuals suspected of participating in a vishing fraud scheme that targeted Spanish senior citizens, resulting in €2.5m ($2.7m) in losses.
Threat Actor: Unknown | Unknown Victim: Spanish senior citizens | Spanish senior citizens
Key Point :
54 individuals have been arrested in Spain and Portugal for participating in a vishing fraud scheme that targeted Spanish senior citizens.…