Summary: A sophisticated cyber campaign has been identified utilizing the fasthttp library to conduct brute-force login attempts and spam multi-factor authentication (MFA) requests targeting Azure Active Directory environments. The campaign, which began showing signs on January 6, 2025, is primarily driven by malicious traffic from Brazil and aims to overwhelm security mechanisms to gain unauthorized access to user accounts.…
Read More
Tag: SPAM
Summary: A malicious campaign exploiting Blogspot redirectors has been uncovered, facilitating the distribution of phishing pages and malware. This operation, part of the larger “ApateWeb” initiative, utilizes Blogspot’s reputation to mislead users through seemingly legitimate links. Researchers have identified advanced techniques used by attackers to evade detection and enhance the effectiveness of their scams.…
Read More
Summary: Sophos X-Ops’ Managed Detection and Response (MDR) warns of ransomware attacks that utilize email bombing and vishing tactics through Microsoft Office 365. These attacks are attributed to two threat groups, STAC5143 and STAC5777, which have been active in recent months. The researchers emphasize the need for organizations to enhance their security measures and employee awareness to combat these evolving threats.…
Read More
Sophos X-Ops’ Managed Detection and Response (MDR) has reported on two active threat clusters, STAC5143 and STAC5777, utilizing Microsoft Office 365 to infiltrate organizations for data theft and ransomware deployment. The tactics include email-bombing, fake tech support, and exploiting remote control tools. Both clusters exhibit overlapping techniques with known threat groups like FIN7 and Storm-1811.…
Read More
![Facilitating Phishing and Pig Butchering Activities using Zendesk Infrastructure [Bait & Switch Mode]](https://cdn.prod.website-files.com/635e632477408d12d1811a64/678e179d3f078769208938db_AD_4nXcUpvsKiLZIKbE66dKsS7PMosIW2RSxS1tMOYwog9EqV2asY2sdDYYUOsBkYfgpROtJo4CbNsPiDWQuxvksD4XN_sP7o7oh4si8SX0mjujuO3pa46qioEt6nKuCmkZUqzqni8m_LQ.png "Facilitating Phishing and Pig Butchering Activities using Zendesk Infrastructure [Bait & Switch Mode]")
This report serves as an advisory to organizations regarding the misuse of Zendesk’s platform for creating subdomains that impersonate legitimate companies, potentially facilitating investment scams. The analysis highlights how these domains can be exploited for phishing attacks, particularly through a technique known as Pig Butchering. Organizations are urged to block or take down suspicious domains to prevent disruptions.…
Read More
Summary: A recent consumer survey highlights that phishing attacks are the most prevalent security concern among smartphone users, followed by malware and physical theft. Testing reveals that while Samsung S24 excels in anti-phishing protection, other premium devices, including the iPhone 16 Pro, lack adequate security features.…
Read More
Summary: NVISO Labs has identified a sophisticated phishing campaign linked to the Black Basta ransomware group, utilizing Microsoft Teams for social engineering attacks. The campaign employs an email bombing strategy to distract victims before attackers impersonate IT personnel to gain remote access. Once inside, they disable security measures, exfiltrate data, and deploy malware, highlighting the need for proactive detection measures.…
Read More
This weekly threat intelligence report from RST Cloud summarizes 49 threat intelligence reports, highlighting various cyber threats and tactics used by different threat actors. Notable campaigns include “Sneaky 2FA,” which targets Microsoft 365 accounts, and “Contagious Interview,” a social engineering tactic by the Lazarus APT group.…
Read More
Cyble Research and Intelligence Labs (CRIL) has uncovered a cyberattack targeting organizations in Germany, utilizing a deceptive LNK file within an archive to execute a malicious payload known as Sliver. The attack employs DLL sideloading and proxying techniques to maintain stealth and control over the infected systems.…
Read More
This week’s cybersecurity newsletter highlights critical vulnerabilities in Fortinet and BeyondTrust products, the exploitation of multiple zero-day flaws by Microsoft, and emerging ransomware tactics targeting AWS. Additionally, it discusses a significant data breach at Stiiizy, the impact of healthcare data breaches in the US, and various government responses to cyber threats.…
Read More
WhoisXML API has launched the First Watch Malicious Domains Data Feed, which uses advanced deep learning technology to provide daily predictive threat intelligence, detecting malicious domains with high precision. This tool enhances the proactive capabilities of security operations centers and managed security service providers. Affected: WhoisXML API, Security Operations Centers (SOCs), Managed Security Service Providers (MSSPs)
Read More
Keypoints :
Launch of First Watch Malicious Domains Data Feed by WhoisXML API.…
eSentire’s Threat Response Unit (TRU) has identified a campaign involving MintsLoader malware, which delivers payloads like Stealc through spam emails. This campaign primarily affects organizations in the Electricity, Oil & Gas, and Legal Services sectors in the US and Europe. The malware employs various evasion techniques and utilizes a Domain Generation Algorithm (DGA) to communicate with its command and control servers.…
Read More
In December 2024, a new Adversary-in-the-Middle (AiTM) phishing kit known as Sneaky 2FA was identified, targeting Microsoft 365 accounts. This phishing kit, sold as Phishing-as-a-Service (PhaaS) by the cybercrime service “Sneaky Log”, utilizes sophisticated techniques including autograb functionality and anti-bot measures. The analysis reveals its operational methods, including the use of Telegram for distribution and support.…
Read More
Summary: A newly discovered botnet comprising 13,000 compromised MikroTik devices exploits misconfigured DNS records to bypass email protections and deliver malware. The botnet utilizes an overly permissive SPF record, allowing the spoofing of around 20,000 web domains, and has been linked to a malspam campaign impersonating DHL Express.…
Read More
The article discusses the evolution and impact of the Agent Tesla malware and its variant, Origin Logger, which have been pivotal in the Malware-as-a-Service (MaaS) ecosystem since 2014. The report details the methods of the developers, their targeted sectors, and the ongoing business email compromise (BEC) attacks.…
Read More
This report analyzes recent cyber threats impacting the financial sector in South Korea and beyond, highlighting malware, phishing cases, and ransomware attacks. It details incidents such as database leaks, ransomware breaches, and unauthorized access sales. The report emphasizes the urgency for financial institutions to enhance their security measures.…
Read More
Summary: A recent Infoblox Threat Intel report reveals the extensive use of spoofed domains in spam operations, highlighting how threat actors exploit neglected domains to bypass security measures. The report categorizes various malspam campaigns and emphasizes the financial gains for cybercriminals despite advancements in email security.…
Read More
This report from AhnLab Security Intelligence Center (ASEC) analyzes malware collected in Q4 2024, categorizing it by type and providing detailed statistics on their distribution methods and features. Notably, CoinMiner and Banking malware are excluded due to low incidence. Affected: Infostealer, Downloader, Backdoor, Ransomware
Read More
Keypoints :
AhnLab’s RAPIT system is used to analyze and categorize malware.…
Summary: In October, Japanese electronics manufacturer Casio suffered a ransomware attack that compromised data of thousands of employees, business partners, and customers. The incident was linked to phishing emails and claimed by the Underground ransomware gang, leading to significant data theft and operational disruptions.
Read More
Threat Actor: Underground ransomware gang | Underground ransomware gang Victim: Casio | Casio
Key Point :
6,456 employees, 1,931 business partners, and 91 customers had their data compromised.…
Summary: Cybersecurity researchers have identified ongoing malspam campaigns where threat actors spoof sender email addresses, often using neglected domains to bypass security measures. These campaigns include phishing attempts and extortion schemes targeting various sectors, utilizing tactics like QR codes and impersonation of trusted brands.
Read More
Threat Actor: Muddling Meerkat | Muddling Meerkat Victim: Various sectors including legal, government, and construction | Various sectors
Key Point :
Threat actors are using old, neglected domains to spoof sender addresses and evade security checks.…