Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Threat Actor: Unknown | Unknown Victim: Facebook | Facebook Price: Not specified Exfiltrated Data Type: Full names, profiles, emails, phone numbers, DR (date of registration), and locations
Additional Information:
The leaked database allegedly contains 100,000 lines of data. Affected users are at risk of identity theft, phishing scams, and social engineering attacks.…Summary: This article discusses the cost of a phishing-as-a-service platform and how cybercriminals are targeting European banking clients with this method.
Threat Actor: Cybercriminals | Cybercriminals Victim: European banking clients | European banking clients
Key Point :
Cybercriminals are using a phishing-as-a-service platform to target European banking clients.…Summary: Africa has seen a significant increase in phishing-related cybercrime, particularly targeting small and midsize businesses, due to inadequate user training and the rapid growth of technology and connectivity on the continent.
Threat Actor: Phishing attackers Victim: Small and midsize businesses in Africa
Key Point :
Africa has experienced exponential growth in phishing-related cybercrime, especially against small and midsize businesses.…Resecurity has uncovered a cybercriminal group that is equipping fraudsters with sophisticated phishing kits to target banking customers in the EU. These kits are designed to intercept sensitive information, including credentials and OTP codes. The attackers use various social engineering tactics to trick victims into revealing their sensitive information.…
Published On : 2024-06-03
Executive SummaryAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on the Vidar Stealer, an information stealer operating as a malware-as-a-service. The research explores the tactics employed by threat actor(s) to evade detection on the system and over the network, as well as their techniques for concealing malicious code and activities.…
Authored by Dexter Shin
Many government agencies provide their services online for the convenience of their citizens. Also, if this service could be provided through a mobile app, it would be very convenient and accessible. But what happens when malware pretends to be these services?
McAfee Mobile Research Team found an InfoStealer Android malware pretending to be a government agency service in Bahrain.…
Key Points
ReliaQuest observed new execution techniques in a campaign from the JavaScript framework “ClearFake,” tricking users into copying, pasting, and manually executing malicious PowerShell code. Upon execution, the PowerShell code performs multiple functions, including clearing the DNS cache, displaying a message box, downloading further PowerShell code, and installing “LummaC2” malware.…Intel-Ops researchers recently discovered that the 8Base Ransomware Group has been using Phobos ransomware to infect their targets’ networks. 8Base has reportedly been active since mid-2023.
The Phobos operators have been selling the ransomware’s multiple variants (e.g., Eking, Eight, Elbie, Devos and Faust) via the ransomware-as-a-service (RaaS) model.…
Summary: The content discusses the rise of identity-related incidents in businesses and highlights recent incidents involving social engineering, credential stuffing, and lack of multi-factor authentication.
Threat Actor: N/A
Victim: Clorox, MGM, Caesars, 23andMe, UnitedHealth
Key Point :
Identity-related incidents are on the rise due to identity sprawl and system complexity.…Water Sigbin (aka the 8220 Gang) exploited Oracle WebLogic vulnerabilities to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against.
SummaryWater Sigbin exploited the vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner via a PowerShell script.…Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
What happened
Proofpoint recently identified a cluster of activity conducting malicious email campaigns using piano-themed messages to lure people into advance fee fraud (AFF) scams. The campaigns have occurred since at least January 2024, and are ongoing. Most of the messages target students and faculty at colleges and universities in North America, however other targeting of industries including healthcare and food and beverage services was also observed.…
In this blog we examine how Darktrace was able to detect and block malicious phishing emails sent via Microsoft Teams that were impersonating an international hotel chain.
Social Engineering in Phishing AttacksFaced with increasingly cyber-aware endpoint users and vigilant security teams, more and more threat actors are forced to think psychologically about the individuals they are targeting with their phishing attacks. Social…
Summary: The content discusses the increase in vulnerability exploitation as an initial access vector in 2023, with a focus on the MOVEit breach. It also highlights the targeting of zero-day vulnerabilities by ransomware actors and the involvement of third parties in data breaches.
Threat Actor: N/A
Victim: N/A
Key Point :
The exploitation of vulnerabilities almost tripled as an initial access vector in 2023, fueled in part by the MOVEit breach.…Summary: This content discusses the limitations of using traditional metrics as key performance indicators (KPIs) for measuring security progress in cybersecurity and emphasizes the importance of considering security processes for a complete picture of security outcomes.
Threat Actor: N/A
Victim: N/A
Key Point:
CISOs have traditionally relied on specific metrics, such as vulnerabilities detected and patched, to measure security progress.…Summary: An Indian national pleaded guilty to wire fraud conspiracy for stealing over $37 million through a fake Coinbase website used to steal credentials.
Threat Actor: Chirag Tomar | Chirag Tomar Victim: Coinbase | Coinbase
Key Point :
Chirag Tomar and his co-conspirators created a fake website to mimic the Coinbase Pro website in order to trick legitimate Coinbase customers into entering their login credentials and two-factor authentication codes.…Google Chrome has been the dominant web browser for years now, which is why it may come as a surprise to hear of a startup, not even based in Silicon Valley, called The Browser Company offering a new take on the “window to the internet”.
The Arc browser has been available for MacOS since July 2023, but the Windows version was only released a couple of weeks ago.…
Threat Actor: Team R70 | Team R70 Victim: Various organizations and individuals | various victims Price: Not specified Exfiltrated Data Type: Financial information, personal information, sensitive data
Additional Information :
Team R70 is a high-level hacker group that aims to promote principles and actions independent of external entities.…Summary: This article discusses the decline of traditional phishing messages and the rise of more advanced social engineering-driven attacks, such as spear-phishing and business email compromise (BEC), and emphasizes the need for CISOs to enact the right policies to combat these threats.
Threat Actor: GenAI tools | GenAI tools Victim: CISOs | CISOs
Key Point :
Traditional phishing messages are on the decline, while more advanced social engineering-driven attacks, such as spear-phishing and BEC, are becoming more prevalent.…