Email Security Appliances (ESAs) are hardware or software solutions designed to protect an organization’s email system from a wide range of email-based threats. These appliances play a crucial role in securing inbound and outbound emails by filtering spam, blocking malware, preventing phishing attacks, and ensuring that sensitive information is safeguarded.…
Tag: SPAM
AhnLab Security Intelligence Center (ASEC) has recently confirmed cases of the TargetCompany ransomware group installing Mallox ransomware on MS-SQL servers.The TargetCompany ransomware group primarily targets poorly managed MS-SQL servers to install Mallox ransomware.These attacks have been ongoing for years, but this analysis focuses on the newly discovered malicious code and its connection to previous attacks involving Tor2Mine coin miners and BlueSky ransomware.…
Read More In early 2024, Group-IB’s Threat Intelligence team observed a surge in phishing URLs targeting INTERAC, a Canadian payment service. Subsequently, a client operating in Canada reported an uptick in phishing attempts against their customers and shared a suspicious URL, lab-host[.]ru, prompting an investigation.
This inquiry unveiled a connection between the shared URL and INTERAC phishing pages, all originating from the LabHost Phishing-as-a-Service (PhaaS) platform.…
Many people make banking transactions online now. And since mobile devices are one of the most popular and convenient ways to shop and make payments, criminals are naturally drawn to this. A current example of a malware that specifically targets online banking shows how easy it is to fall for malware.…
Summary: Malicious bots now account for a third of internet traffic, leading to an increase in account takeover attacks, according to Imperva’s Bad Bot Report. The report also highlights the targeting of API endpoints and the use of residential ISPs by threat actors to evade detection.…
Summary: Microsoft plans to impose a daily Exchange Online bulk email limit of 2,000 external recipients starting January 2025 to prevent abuse and unfair usage of resources.
Threat Actor: N/A Victim: N/A
Key Point :
Microsoft will introduce a new External Recipient Rate (ERR) limit of 2,000 external recipients within the existing Recipient Rate limit of 10,000 recipients.…
Must-Read Cybersecurity Blogs [List of Blogs & Websites]
Read More 1. Unsupervised Learning
An experienced cybersecurity expert, consultant and writer, Miessler takes a personal approach on his blog with an “about me” page that not only details his professional interests but also his hobbies, interests and political views. His offerings include newsletters and essays on a variety of topics and a podcast called Unsupervised Learning that focuses on security and artificial intelligence.…
Krebs on Security is a popular blog focused on in-depth security news and investigations. It’s authored by Brian Krebs, a well-known journalist in the field of cybersecurity. The site provides detailed coverage of security threats, breaches, cybercrime, and other related topics aimed at educating readers on protecting their personal and organizational data.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
Last year, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to launch attacks targeting exploitable Oracle WebLogic Servers. ScrubCrypt has been described as an “antivirus evasion tool” that converts executables into undetectable batch files.…
Victim: rjcorp.in Country : IN Actor: lockbit3 Source: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/post/9Qhvfpu5Xd0LlwhE6609ebb46862c Discovered: 2024-03-31 23:53:58.773396
Description: This question is for testing whether you are a human visitor and to prevent automated spam submission. Audio is not supported in your browser. …
Key Point : – A cybercrook has been setting up websites that mimic privnote.com. – These phishing sites alter messages containing cryptocurrency addresses. – The real Privnote encrypts messages and does not send or receive them. – Privnote clones inject their own cryptocurrency payment addresses. – A user on GitHub complained about a site being flagged as malicious.…
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators.
Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims.…
In this blog we will identify 6 malicious domains that are likely hosting MatanBuchus malware. We will identify these domains through the usage of hardcoded subdomains in the TLS Certificate of the initial shared domain.
After leveraging the hardcoded subdomains, we will leverage registration dates and certificate providers to hone in on our final results.…
Key Point : – PikaBot is a malicious backdoor that has been active since early 2023. – PikaBot employs distribution methods, campaigns, and behavior reminiscent of Qakbot. – PikaBot heavily depends on email spam campaigns for distribution. – PikaBot uses Server Message Block (SMB) shares hosting malicious zip files for distribution.…
Key Point : —————————— – The Manipulaters, a cybercrime group, have attempted to rebrand themselves as legitimate but still engage in illegal activities. – The core brand of The Manipulaters is a shared identity named “Saim Raza” who sells spamming and phishing services. – The group’s main product, HeartSender, leaks user information and poses risks to its customers.…
Author: Yoav Arad Pinkas
Key FindingsAI is already extensively utilized in election campaigns worldwide. Deepfakes and voice cloning have been employed in elections in three main venues:By candidates for self-promotion. By candidates to attack and defame political opponents. By foreign nation-state actors to defame specific candidates.…Research by: Antonis Terefos, Raman Ladutska
Part I from the series E-Crime & Punishment
When considering a notoriously famous topic known for quite a long time, it may feel like there is nothing new to add to this area anymore – all paths traced, all words said, all “i”s dotted.…
In this post we leverage passive DNS analysis tools to expand on an ACTINIUM intelligence report published by Microsoft.
This analysis will leverage the initial domains provided in the report to identify new domains of interest that match the reported style and structure detailed in the original report.…
Google recently announced the release of Magika, an “AI-powered file-type identification system”. I tested this on a corpus of nearly 125k files to see how it fared.
Why?File type detection is useful in a number of places, such as:
Anti-spam – detecting unwanted attachments, for example those with executable content.…