Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: BlackBerry detected and stopped 3.1 million cyberattacks in the first quarter of 2024, with a significant increase in malicious hashes compared to the previous reporting period.
Threat Actor: N/A
Victim: N/A
Key Point :
BlackBerry detected and prevented 3.1 million cyberattacks in Q1 2024, averaging 37,000 attacks per day.…Summary: The European Union has sanctioned Russian state hackers, including two military officers, who were involved in “hack and leak” operations against Western governments.
Threat Actor: Russian state hackers | Russian state hackers Victim: Western governments | Western governments
Key Point :
The European Union has imposed sanctions on four Russian domestic intelligence agency hackers, including two military officers from the Federal Security Service.…Summary: A new adware family called AdsExhaust is being distributed through a campaign that tricks users searching for the Meta Quest application into downloading it.
Threat Actor: AdsExhaust | AdsExhaust Victim: Users searching for the Meta Quest application | Meta Quest
Key Point :
The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes.…Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
ModiLoader aka DBatLoader – Active IOCsJune 21, 2024Multiple IBM i and WebSphere Application Server VulnerabilitiesJune 21, 2024
Analysis SummaryThe SideWinder APT (Advanced Persistent Threat) Group is a sophisticated cyber espionage group active since at least 2012. The group is believed to be based in India and has targeted government agencies, military organizations, and financial institutions in South Asia and the Middle East.…
Recent history could be termed the Age of Ransomware in the realm of cybercrime. However, threat actors have discovered a way to profit without the need for malware development or sophisticated methods. SpaceBears is a new participant in the Data Broker trend, which has gained momentum particularly due to major crackdowns on ransomware groups by security forces.…
Summary: Multifactor authentication (MFA) is playing a significant role in determining the success of attackers in penetrating network defenses, with MFA appearing in almost half of all security incidents encountered by Cisco Talos incident response teams in the first quarter of the year.
Threat Actor: Attackers attempting to bypass MFA Victim: Various organizations affected by security incidents
Key Point :
Multifactor authentication was involved in almost 50% of security incidents encountered by Cisco Talos incident response teams.…Summary: The content discusses the prevalence of credential compromises caused by email-based social engineering attacks in organizations, with a focus on phishing and scamming as the primary methods used by threat actors.
Threat Actor: Social engineering attackers | social engineering attackers Victim: Organizations | organizations
Key Point :
92% of organizations experienced an average of six credential compromises caused by email-based social engineering attacks in 2023.…Summary: Threat actors are using free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer.
Threat Actor: Unknown | Unknown Victim: Unsuspecting users | Unsuspecting users
Key Point :
Threat actors are tricking users into downloading password-protected archive files containing trojanized copies of popular software.…Summary: A new malware distribution campaign is using fake Google Chrome, Word, and OneDrive errors to deceive users into running malicious PowerShell “fixes” that install malware.
Threat Actor: ClearFake, ClickFix, TA571
Victim: Multiple victims targeted by the threat actors mentioned above.
Key Point :
The campaign involves the use of website overlays that prompt users to install a fake browser update, resulting in malware installation.…Summary: A 22-year-old man from the UK, known as “Tyler,” has been arrested in Spain for allegedly leading the cybercrime group Scattered Spider, which is responsible for hacking into numerous organizations including Twilio, LastPass, DoorDash, and Mailchimp.
Threat Actor: Scattered Spider | Scattered Spider Victim: Various organizations including Twilio, LastPass, DoorDash, and Mailchimp | Twilio, LastPass, DoorDash, Mailchimp
Key Point :
A 22-year-old man from the UK, known as “Tyler,” has been arrested in Spain for allegedly leading the cybercrime group Scattered Spider.…Key findings
Proofpoint researchers identified an increasingly popular technique leveraging unique social engineering to run PowerShell and install malware. Researchers observed TA571 and the ClearFake activity cluster use this technique. Although the attack chain requires significant user interaction to be successful, the social engineering is clever enough to present someone with what looks like a real problem and solution simultaneously, which may prompt a user to take action without considering the risk.…
Summary: A Nigerian national has been convicted of participating in a $1.5 million business email compromise (BEC) scam, using social engineering and malicious software to deceive businesses into sending money or valuable data to the attackers.
Threat Actor: Ebuka Raphael Umeti | Ebuka Raphael Umeti Victim: Various businesses and organizations
Key Point :
Ebuka Raphael Umeti, along with two alleged partners, used social engineering and malicious software to perpetuate a $1.5 million BEC scam.…Summary: The Security Service of Ukraine (SSU) has dismantled the infrastructure used by pro-Russia Ukraine residents to break into soldiers’ devices and deploy spyware. The infrastructure included bot farms and thousands of mobile numbers and Telegram accounts.
Threat Actor: Russian intelligence services | Russian intelligence services Victim: Ukrainian armed forces | Ukrainian armed forces
Key Point :
The Security Service of Ukraine (SSU) dismantled the infrastructure used by pro-Russia Ukraine residents to target Ukrainian soldiers.…Summary: This article discusses the increasing cyber threats faced by Brazil due to its growing profile on the world stage.
Threat Actor: Cyber Spies, Extortionists, Domestic Crooks | Cyber Spies, Extortionists, Domestic Crooks Victim: Brazil | Brazil
Key Point :
Brazil’s growing profile on the world stage makes it an attractive target for cyber threats.…Summary: Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability.
Threat Actor: No specific threat actor identified.
Victim: No specific victim identified.
Key Point :
FIDO2 passkeys are physical or software-based authentication solutions that use public key cryptography to sign a challenge sent by the server for authentication.…Summary: This article discusses the phishing activity targeting Brazil, with a focus on the involvement of threat actors linked to North Korea.
Threat Actor: Threat actors linked to North Korea | North Korea Victim: Brazilian government, aerospace, technology, and financial services sectors | Brazil
Key Point :
Threat actors linked to North Korea have been responsible for one-third of all phishing activity targeting Brazil since 2020.…