Cyber threats are becoming increasingly sophisticated and frequent, making it imperative for organizations to leverage cyber threat intelligence to stay ahead of potential cyber attacks. Organizations across all industries are recognizing the importance of implementing robust threat intelligence solutions to stay ahead of cybercriminals and protect their valuable assets.…
Tag: SOCIAL ENGINEERING
Summary: This content discusses the challenges of trying to “get ahead” of cyber attackers and emphasizes the importance of focusing on dissuasion and resilience instead.
Threat Actor: Cyber attackers | cyber attackers Victim: Security professionals | security professionals
Key Point :
Truly “getting ahead” of cyber attackers and preventing their full impact is impossible at scale.…Summary: This content provides information about a vulnerability in PTC’s Creo Elements/Direct License Server that allows unauthenticated remote attackers to execute arbitrary OS commands.
Threat Actor: Unauthenticated remote attackers
Victim: PTC’s Creo Elements/Direct License Server
Key Point :
The vulnerability affects versions 20.7.0.0 and prior of Creo Elements/Direct License Server.…
Table of contentsContext
Read More Over the past few years, cybercriminals have increasingly used the drive-by download technique to distribute malware via user web browsing. This technique mostly involves SEO-poisoning, malvertising, and code injection into compromised websites to trick users into downloading fake software installers or browser updates.…
Summary: The report warns of a resurgence of CapraRAT spyware targeting mobile gamers and weapons enthusiasts through malicious Android applications.
Threat Actor: Transparent Tribe, also known as APT36 | Transparent Tribe Victim: Mobile gamers and weapons enthusiasts | Mobile gamers and weapons enthusiasts
Key Point :
The CapraRAT spyware, used by Transparent Tribe, is primarily used for surveillance and has targeted Indian government and military personnel and human rights activists.…Summary: The content discusses how the four major banks in Australia are constantly under attack from threat actors, with the aim of stealing sensitive information and money from customers.
Threat Actor: Unknown threat actors
Victim: ANZ Bank, Commonwealth Bank, National Australia Bank (NAB), and Westpac
Key Point :
The four major banks in Australia are under constant attack, with threat actors launching a barrage of attacks every minute of every day.…Key Points
In June 2024, ReliaQuest responded to detections from an endpoint detection and response (EDR) tool signaling the beginning of a ransomware attack by the “Medusa” ransomware group that resulted in the encryption of various hosts in a customer environment. Since 2022, the Ransomware-as-a-Service (RaaS) group Medusa has targeted organizations in the technology, education, manufacturing, and healthcare sectors by taking advantage of unpatched vulnerabilities and hijacking legitimate accounts.…Summary: Operation First Light 2024, orchestrated by Interpol, resulted in the arrest of thousands of suspects involved in online scams, the freezing of bank accounts, and the seizure of assets worth millions of dollars.
Threat Actor: Online scam networks | online scam networks Victim: Various individuals and organizations targeted by online scams | online scam victims
Key Point :
Operation First Light 2024, led by Interpol, resulted in the arrest of 3950 suspects involved in online scams and the identification of 14,643 more.…Summary: Three novel credential-phishing campaigns have emerged from state-sponsored actors, compromising at least 40,000 corporate users in just three months. These campaigns demonstrate an evolution in capabilities and can bypass controls such as multifactor authentication and URL filtering.
Threat Actor: State-sponsored actors | state-sponsored actors Victim: Corporate users | corporate users
Key Point :
The campaigns, named LegalQloud, Eqooqp, and Boomer, use highly evasive and adaptive threat (HEAT) attack techniques to compromise corporate users.…Published On : 2024-06-29
Executive SummaryAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This report provides a comprehensive analysis of Lumma Stealer, an advanced information-stealing malware operating within a malware-as-a-service (MaaS) framework.…
Summary: This article discusses the use of social engineering and phishing by scammers to deceive workers and IT help desk staff.
Threat Actor: Scammers | scammers Victim: Workers and IT help desk staff | workers and IT help desk staff
Key Point :
Federal authorities warn of social engineering and phishing techniques used by scammers to deceive workers and IT help desk staff.…Summary: BlackBerry detected and stopped 3.1 million cyberattacks in the first quarter of 2024, with a significant increase in malicious hashes compared to the previous reporting period.
Threat Actor: N/A
Victim: N/A
Key Point :
BlackBerry detected and prevented 3.1 million cyberattacks in Q1 2024, averaging 37,000 attacks per day.…Summary: The European Union has sanctioned Russian state hackers, including two military officers, who were involved in “hack and leak” operations against Western governments.
Threat Actor: Russian state hackers | Russian state hackers Victim: Western governments | Western governments
Key Point :
The European Union has imposed sanctions on four Russian domestic intelligence agency hackers, including two military officers from the Federal Security Service.…
Key Takeaways Cyble Research and Intelligence Labs (CRIL) recently came across a malware campaign involving a malicious lnk file associated with the UAC-0184 threat actor group.
Previously, UAC-0184 targeted Ukrainian entities in Finland, utilizing the Remcos RAT in their operations.
In their latest campaign, there are signs suggesting the group may be focusing on Ukraine, using disguised lure documents to distribute the XWorm RAT. …
Read More
Key PointsIn May 2024, the Cleafy Threat Intelligence team tracked new fraud campaigns involving the Medusa (TangleBot) banking trojan, which had been under the radar for almost a year.
Medusa is a sophisticated malware family with RAT capabilities discovered in 2020. Its features include a keylogger, screen controls, and the ability to read/write SMS.…
Read More Summary: A new adware family called AdsExhaust is being distributed through a campaign that tricks users searching for the Meta Quest application into downloading it.
Threat Actor: AdsExhaust | AdsExhaust Victim: Users searching for the Meta Quest application | Meta Quest
Key Point :
The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes.…Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
ModiLoader aka DBatLoader – Active IOCsJune 21, 2024Multiple IBM i and WebSphere Application Server VulnerabilitiesJune 21, 2024
Analysis SummaryThe SideWinder APT (Advanced Persistent Threat) Group is a sophisticated cyber espionage group active since at least 2012. The group is believed to be based in India and has targeted government agencies, military organizations, and financial institutions in South Asia and the Middle East.…
Recent history could be termed the Age of Ransomware in the realm of cybercrime. However, threat actors have discovered a way to profit without the need for malware development or sophisticated methods. SpaceBears is a new participant in the Data Broker trend, which has gained momentum particularly due to major crackdowns on ransomware groups by security forces.…
Summary: Multifactor authentication (MFA) is playing a significant role in determining the success of attackers in penetrating network defenses, with MFA appearing in almost half of all security incidents encountered by Cisco Talos incident response teams in the first quarter of the year.
Threat Actor: Attackers attempting to bypass MFA Victim: Various organizations affected by security incidents
Key Point :
Multifactor authentication was involved in almost 50% of security incidents encountered by Cisco Talos incident response teams.…