Summary: The UK’s National Cyber Security Centre (NCSC) has launched a new initiative called Advanced Mobile Solutions (AMS) to enhance cyber-resilience for organizations targeted by nation-state threats on their mobile infrastructure.

Threat Actor: Nation-state threat actors | nation-state threat actors Victim: High-threat organizations | high-threat organizations

Key Point :

The NCSC’s Advanced Mobile Solutions (AMS) risk model aims to protect against the targeting of consumer-grade devices by commercial spyware, which can serve as a gateway for sophisticated threat actors to access corporate systems and data.…
Read More

Summary: The content discusses the increase in the exploitation of vulnerabilities as an initial access step for a breach, highlighting the significant growth between 2022 and 2023.

Threat Actor: Cybercriminals | Cybercriminals Victim: Organizations | Organizations

Key Point :

The exploitation of vulnerabilities as an initial access step for a breach increased by 180% between 2022 and 2023, accounting for 14% of malicious actors’ way into a network.…
Read More

Summary: A hacking group linked to Iran’s Revolutionary Guard Corps impersonated journalists and human rights activists as part of a social engineering campaign, targeting organizations such as The Washington Post and prominent think tanks.

Threat Actor: APT42 | APT42 Victim: Various news organizations and think tanks including The Washington Post, The Economist, and the Aspen Institute.…

Read More

Verizon’s 17th annual Data Breach Investigations Report (DBIR) for 2024 offers an in-depth look at the latest trends in data breaches and cyber security incidents. Analyzing data from over 30,458 incidents and 10,626 confirmed breaches between November 2022 and October 2023, Verizon DBIR 2024 provides crucial insights into the evolving threat landscape.…

Read More

Summary: A social engineering campaign known as DEV#POPPER is targeting software developers with bogus npm packages disguised as job interviews to trick them into downloading a Python backdoor. The campaign is linked to North Korean threat actors.

Threat Actor: North Korean threat actors | North Korean threat actors Victim: Software developers | software developers

Key Point :

An ongoing social engineering campaign known as DEV#POPPER is targeting software developers with bogus npm packages under the guise of a job interview.…
Read More

Key Points

Escalated tensions between Iran and Israel could give rise to cyber threats.Several advanced persistent threat (APT) groups are involved on both sides: APT34, APT35, and CyberAv3ngers in Iran, and Predatory Sparrow in Israel.Iranian-affiliated APTs utilize a wide array of TTPs, including spearphishing and drive-by compromise, to significantly expand the attack surface for companies with ties to Israel or Israeli vendors.…
Read More

Published On : 2024-04-26

EXECUTIVE SUMMARY:

At Cyfirma, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on the Fletchen stealer, an information stealing malware crafted with advanced functionalities and anti-analysis defense.…

Read More
Securonix Threat Research Security Advisory – Fast Track/Early-Warning Coverage Advisory (FCA) By Securonix Threat Research: D.Iuzvyk, T. Peck, O.Kolesnikov

Apr 24, 2024

tldr:

The Securonix Threat Research Team has been monitoring a new ongoing social engineering attack campaign (tracked by STR as DEV#POPPER) likely associated with North Korean threat actors who are targeting developers using fake interviews to deliver a Python-based RAT.…

Read More

Summary: The content discusses the risks associated with employee use of generative AI (GenAI) and the potential data leaks it can cause. It also highlights the concerns of UK CISOs regarding the use of GenAI by threat actors.

Threat Actor: N/A

Victim: UK companies

Key Point :

One in five UK companies has had potentially sensitive corporate data exposed due to employee use of generative AI (GenAI).…
Read More

Summary: The U.S. Treasury Department has sanctioned four Iranian nationals and two front companies for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies.

Threat Actor: Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) | IRGC-CEC Victim: U.S. government, defense contractors, and private companies | U.S.…

Read More

In the 1960s and ’70s, the US firearms market saw an influx of cheaply-made, imported handguns. Legislators targeted the proliferation of these inexpensive and frequently unreliable weapons, ostensibly because they were believed to pose a risk to their owners and facilitate criminality. This was not an issue unique to the US or to that time period, of course; in the UK, where handguns are now strictly regulated, criminals often resort to reactivated, or even home-made or antique, firearms.…

Read More

Threat Actor: Chinese keyboard apps | Chinese keyboard apps Victim: Users of Baidu, Tencent, iFlytek, Honor, Huawei, OPPO, Vivo, Samsung, Xiaomi | users of Chinese keyboard apps Price: Not specified Exfiltrated Data Type: Keystrokes

Additional Information:

Massive Impact: Up to a billion users could be affected by the security flaws in Chinese keyboard apps from Baidu, Tencent, iFlytek, and popular phone brands used across China (Honor, Huawei, OPPO, Vivo, Samsung, Xiaomi).…
Read More
CrowdStrike Falcon® Next-Gen SIEM enables companies to search, investigate and hunt down threats, including detection of advanced ransomware targeting VMware ESXi  Initial access to the ESXi infrastructure1 is typically gained through lateral movement using valid credentials eCrime actors target and deploy ransomware in ESXi environments to increase the impact and scale of their attacks, which can be devastating for organizations

CrowdStrike Falcon Next-Gen SIEM, the definitive AI-native platform for detecting, investigating and hunting down threats, enables advanced detection of ransomware targeting VMware ESXi environments. …

Read More

Summary: Researchers at SafeBreach discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files, even after both vendors claim to have patched the problem.

Threat Actor: N/A

Victim: Microsoft and Kaspersky

Key Point:

Researchers found that Microsoft Defender and Kaspersky’s Endpoint Detection and Response (EDR) can be manipulated to detect false positive indicators of malicious files and delete them.…
Read More

Summary: The rise of Western affiliates of Russian ransomware groups is a growing concern for ransomware experts and law enforcement agencies. These Western teenagers, often with ties to the cybercrime community, are actively participating in ransomware attacks against major domestic corporations.

Threat Actor: Western teenagers with ties to the cybercrime community known as “The Community” or “The Com.”…

Read More

Summary: Cybersecurity researchers have discovered almost 30 phishing websites that are impersonating the electronic toll collection service E-ZPass, following an FBI warning about smishing attacks targeting road toll collection services.

Threat Actor: Unknown threat actor | Unknown threat actor Victim: E-ZPass customers and users of road toll collection services

Key Point :

Cybersecurity researchers have identified nearly 30 newly created domains related to tolls, 15 of which are likely to be used for phishing, malware, or spam.…
Read More

General Information

The government computer emergency response team of Ukraine CERT-UA takes organizational and technical measures to prevent, detect and respond to cyber incidents and cyber attacks.

Therefore, during 2024, the increased activity of the UAC-0184 group is recorded, which aims to gain access to the computers of representatives of the Defense Forces of Ukraine in order to steal documents and messenger data.…

Read More