Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: The Scattered Spider gang has shifted their focus to stealing data from software-as-a-service (SaaS) applications and creating new virtual machines for persistence.
Threat Actor: Scattered Spider | Scattered Spider Victim: Various targets | Various targets
Key Point :
The Scattered Spider gang is known for engaging in social engineering attacks such as SMS phishing, SIM swapping, and account hijacking.…UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of “0ktapus,” “Octo Tempest,” “Scatter Swine,” and “Scattered Spider,” and has been observed adapting its tactics to include data theft from software-as-a-service (SaaS) applications to attacker-owned cloud storage objects (using cloud synchronization tools), persistence mechanisms against virtualization platforms, and lateral movement via SaaS permissions abuse.…
In this walkthrough, we test SmartApeSG, a malware campaign distributed via compromised sites.
SmartApeSG, tested on June 11, 2024
DistributionSocial engineering attacks via fake browser updates are increasingly common. Criminals inject code into compromised websites, which then present unsuspecting website users with malware downloads disguised as browser updates.…
By Gi7w0rm, Asheer Malhotra and Vitor Ventura.
Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.” …Written by: Kristen Dennesen, Luke McNamara, Dmitrij Lenz, Adam Weidemann, Aline Bueno
Individuals and organizations in Brazil face a unique cyber threat landscape because it is a complex interplay of global and local threats, posing significant risks to individuals, organizations, and critical sectors of Brazilian society.…
Summary: The notorious Scattered Spider cybercrime group has become an affiliate of the RansomHub ransomware-as-a-service (RaaS) operator, leading to the emergence of a new RaaS model in the cybercrime landscape.
Threat Actor: Scattered Spider | Scattered Spider Victim: Change Healthcare | Change Healthcare
Key Point :
The Scattered Spider cybercrime group, formerly an ALPHV/BlackCat affiliate, is now conducting ransomware operations with RansomHub, according to analysis by GuidePoint Security.…Summary: This article discusses the discovery of 24 vulnerabilities in a biometric access system manufactured by a Chinese company, highlighting the potential security risks associated with biometrics.
Threat Actor: N/A Victim: N/A
Key Point :
A biometric access system manufactured by a Chinese company was found to have 24 vulnerabilities, raising concerns about the security of biometric authentication.…ClearFake, tested on June 3, 2024
Distribution (Compromised site->fake error->copy/paste PowerShell)ClearFake is a malware campaign using social engineering first discovered by Randy McEoin. It is one of the many “fake browser updates” inspired by OG SocGholish which leverages compromised websites to target potential victims. After a few months of stagnation, ClearFake has come back with a clever new modal attack.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
This staggering amount underscores the imminent need for cyber security to be treated as a global priority. Moreover, with the explosion of generative AI (besides chatGPT as well!), the current 2200 daily attacks, are expected to not only multiply manifold but become far more individualized.…
In the ever-evolving cybersecurity landscape, staying informed with the latest statistics and trends is not just beneficial—it’s imperative. The year 2024 is shaping up to be pivotal, with threats becoming more sophisticated and industries worldwide grappling with a digital environment that’s more integral to operations than ever before. …
Summary: This content discusses the CarnavalHeist banking Trojan, which targets users in Brazil and is capable of stealing banking credentials and performing other malicious actions.
Threat Actor: CarnavalHeist | CarnavalHeist Victim: Users in Brazil | Users in Brazil
Key Point :
CarnavalHeist is a banking Trojan that targets users in Brazil and can result in financial loss, identity theft, and other issues.…Written by: Michelle Cantos, Jamie Collier
Executive Summary Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations. Olympics-related cyber threats could realistically impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes and spectators traveling to the event. …
Threat Actor: Unknown | Unknown Victim: Facebook | Facebook Price: Not specified Exfiltrated Data Type: Full names, profiles, emails, phone numbers, DR (date of registration), and locations
Additional Information:
The leaked database allegedly contains 100,000 lines of data. Affected users are at risk of identity theft, phishing scams, and social engineering attacks.…Summary: This article discusses the cost of a phishing-as-a-service platform and how cybercriminals are targeting European banking clients with this method.
Threat Actor: Cybercriminals | Cybercriminals Victim: European banking clients | European banking clients
Key Point :
Cybercriminals are using a phishing-as-a-service platform to target European banking clients.…Summary: Africa has seen a significant increase in phishing-related cybercrime, particularly targeting small and midsize businesses, due to inadequate user training and the rapid growth of technology and connectivity on the continent.
Threat Actor: Phishing attackers Victim: Small and midsize businesses in Africa
Key Point :
Africa has experienced exponential growth in phishing-related cybercrime, especially against small and midsize businesses.…Resecurity has uncovered a cybercriminal group that is equipping fraudsters with sophisticated phishing kits to target banking customers in the EU. These kits are designed to intercept sensitive information, including credentials and OTP codes. The attackers use various social engineering tactics to trick victims into revealing their sensitive information.…
Published On : 2024-06-03
Executive SummaryAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on the Vidar Stealer, an information stealer operating as a malware-as-a-service. The research explores the tactics employed by threat actor(s) to evade detection on the system and over the network, as well as their techniques for concealing malicious code and activities.…