Summary: This content discusses the rise of social media as a browser security challenge in the modern workspace, where personal and professional digital spaces are becoming increasingly blurred. It highlights the cybersecurity challenges that arise when employees engage with their personal social media accounts on company devices, making them inadvertent targets for threat actors.…
Tag: SOCIAL ENGINEERING
Summary: This article discusses the escalating threat of a fake e-shop campaign that targets banking security across various regions. The campaign has expanded from targeting Malaysian banks to financial institutions in Vietnam and Myanmar, using sophisticated tactics and Android malware with screen-sharing capabilities.
Threat Actor: Unknown | fake e-shop campaign Victim: Financial institutions in Malaysia, Vietnam, and Myanmar | Malaysian banks, Vietnam, Myanmar
Key Point :
A fake e-shop campaign has expanded its reach from Malaysian banks to financial institutions in Vietnam and Myanmar.…Key Points
In early April 2024, ReliaQuest investigated numerous similar incidents targeting customers in the health care sector.We concluded that these intrusions form part of a new campaign targeting health care organizations with the goal of accessing banking information.The attacks used social engineering techniques against help desk staff to bypass account access controls.…In 2022, the DonutLeaks group emerged as a significant player, demonstrating a sophisticated approach to data extortion. Linked to cyber incidents targeting notable enterprises such as Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando, DonutLeaks has swiftly garnered attention for its aggressive tactics and extensive data leaks when it first emerged.…
Key Point: – Only 3% of organizations have the ‘mature’ level of readiness for cybersecurity risks. – Readiness has decreased significantly from one year ago. – Companies struggle to defend against various cyber attacks. – There is a disparity between confidence and readiness in companies. – Investments in integrated platforms and AI are necessary for effective defense.…
Key Point : – Phishing attacks targeting login credentials for IAM, cloud resources, and SSO-enabled systems are on the rise. – SMS phishing (smishing) has seen a significant surge in 2024. – The Com, a geographically diverse group of threat actors, is responsible for these attacks.…
On February 21st, 2024, Cofense Intelligence identified an advanced phishing campaign that targeted the Oil and Gas sector to deliver Rhadamanthys Stealer, an advanced information stealer offered as Malware-as-a-Service (MaaS). The campaign incorporates several complex tactics, techniques, and procedures (TTPs) along with a unique vehicle incident lure that spoofs the Federal Bureau of Transportation.…
This blog discusses the Darktrace Threat Research team’s investigation into Raspberry Robin, an evasive worm that is primarily distributed through infected USB drives. Once it has gained access to a target network, Raspberry Robin is able to infect devices with additional malware variants.
IntroductionIn the face of increasingly hardened digital infrastructures and skilled security teams, malicious actors are forced to constantly adapt their attack methods, resulting in sophisticated attacks that are designed to evade human detection and bypass traditional network security measures.…
Published On : 2024-03-27
EXECUTIVE SUMMARYAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on Sync-Scheduler stealer, a malware that specifically targets documents, and has been designed with anti-analysis capabilities.…
____________________
Armed forces use war-gaming exercises for training, and cybersecurity exercises are now being used to test and improve organizations’ ability to detect and respond to cyber threats.
Key Point :
Cybersecurity exercises help organizations proactively identify and address vulnerabilities.
Types of cybersecurity exercises include table-top simulations, digital simulations, red and blue teaming, penetration testing, and phishing exercises.…
On January 25, 2024, Microsoft reported a breach of their systems by the Russian APT group Midnight Blizzard, also known as APT29 and Cozy Bear. The attackers performed a password spray, compromised a Microsoft 365 test tenant account that didn’t have multi-factor authentication (MFA) enabled, and leveraged the account’s access to a legacy OAuth app to escalate privileges and exfiltrate email messages from Microsoft’s corporate Exchange Online environment.…
Jamf Threat Labs dissects ongoing infostealer attacks targeting macOS users. Each with different means of compromising victim’s Macs but with similar aims: to steal sensitive user data.
IntroductionOver the past year, the macOS environment has been under constant attack by infostealers. Many of these stealers are targeting individuals involved in the crypto industry with a focus on harvesting credentials along with data from various crypto wallets.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
macOS stealer found camouflaged in an Apple/Bash payload
In the ever-evolving landscape of cybersecurity threats, macOS users now face a new danger. This time, it comes in the form of a DMG trojan involving a partially obfuscated AppleScript and Bash payload hosted on a remote server.…
MuddyWater APT has targeted government and private companies since 2017, including critical sectors such as energy, telecommunications, government, and defense. In February 2024, MuddyWater resumed spear-phishing attacks using new techniques. The National Cyber Directorate of Israel attributed the team’s attack toolkit and attack pattern findings to the MuddyWater group in March 2024, following an increase in new attacks.…
Key TakeawaysThreat actors (TAs) are actively exploiting platforms like Google Ads and social media platforms such as X (formerly Twitter) to disseminate crypto drainers, employing tactics such as compromising famous accounts, generating counterfeit profiles, and using malicious advertisements.
Cyble Research and Intelligence Labs (CRIL) found multiple drainer source codes leaked on cybercrime forums, including a recent leak of a Solana drainer’s source code. …
Read More Summary : Trezor’s Twitter account was hijacked by cryptocurrency scammers through a fake Calendly invite, leading to offensive tweets being posted. Despite security precautions, the attackers managed to compromise the account.
Key Point :
Imposter posing as credible entity tricked PR team into clicking on fake Calendly invite link.…
Key FindingsExplosive AI growth: Enterprise AI/ML transactions surged by 595% between April 2023 and January 2024.Concurrent rise in blocked AI traffic: Even as enterprise AI usage accelerates, enterprises block 18.5% of all AI transactions, a 577% increase signaling rising security concerns. Primary industries driving AI traffic: manufacturing accounts for 21% of all AI transactions in the Zscaler security cloud, followed by Finance and Insurance (20%) and Services (17%).…
Read More Summary: The State Department is warning employees about a fraudulent scheme targeting their payroll accounts, involving phishing and social engineering tactics.
Key Point:
Cybercriminals are using phishing, email takeovers, and social engineering to redirect employee payroll deposits.
The scheme initially targeted annuity accounts before evolving into phishing attempts for login data.…
Key TakeawaysIn February, the FBI took down the WarzoneRAT malware operation, seizing its infrastructure and arrested two individuals linked to the cybercrime operation. Recently, Cyble Research and Intelligence Labs (CRIL) observed few samples of malware campaign possibly distributed via tax-themed spam emails, deploying WarzoneRAT (Avemaria) as the final payload. …
Read More