If you have anything to do with cyber security, you know it employs its own unique and ever-evolving language. Jargon and acronyms are the enemies of clear writing—and are beloved by cyber security experts. So Morphisec has created a comprehensive cyber security glossary that explains commonly used cybersecurity terms, phrases, and technologies.…
Tag: SPOOFING
February 1, 2024
Stately Taurus Continued – New Information on Cyberespionage Attacks against Myanmar Military JuntaOn January 23rd, CSIRT-CTI published a blogpost describing a pair of campaigns believed to be launched by Stately Taurus (alias Bronze President, Camaro Dragon, Earth Preta, Mustang Panda, Red Delta, TEMP.Hex…
By Oded Vanunu, Dikla Barda, Roman Zaikin
A recent investigation conducted by Check Point Research has revealed a sophisticated NFT scam campaign operating on a large scale:
This campaign is unique in its methodology, employing a source spoofing technique to target a broad spectrum of token holders.…
Table of contentsIntroduction
Read More The next Olympic Games hosted in Paris will take place from 26 July to 11 August 2024, while the Paralympic Games will be carried out from 28 August to 8 September 2024. The Olympic and Paralympic Games, which bring together all the nations around sport competitions every two years, is a showcase for States in front of the world.…
Masterminds of Tech Excellence in the World of Cybercrime
Read More Resecurity has uncovered a cybercriminal group known as “GXC Team“, which specializes in crafting tools for online banking theft, ecommerce fraud, and internet scams. Around November 11th, 2023, the group’s leader, operating under the alias “googleXcoder“, made multiple announcements on the Dark Web.…
Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme (App Installer) to distribute malware. In addition to ensuring that customers are protected from observed attacker activity, Microsoft investigated the use of App Installer in these attacks.…
SUMMARY
Read More Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
December 05, 2023
Greg Lesnewich, Crista Giering and the Proofpoint Threat Research Team
Key takeaways Since March 2023, Proofpoint researchers have observed regular TA422 (APT28) phishing activity, in which the threat actor leveraged patched vulnerabilities to send, at times, high-volume campaigns to targets in Europe and North America. …The Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller (RIC) subsystem.
The Open Radio Access Network (Open RAN or O-RAN) architecture has provided access to previously closed Radio Access Network (RAN) systems by establishing standard interfaces and protocols.…
More and more people nowadays prefer to buy goods online. And why not? It’s convenient, goods will be delivered to your doorstep, and if you choose one of many online marketplaces, it’s even possible to save some money. Sadly, scammers abuse this, targeting these services and their customers for the scammer’s benefit.…
By Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll and Vinoo Thomas · November 21, 2023
On September 2023, the Trellix Security Operations Center (SOC) successfully detected and stopped an attack against Musarubra, the holding company for Trellix and Skyhigh Security, involving an emerging malware family named DarkGate.…
SUMMARY
Read More In early 2023, Secureworks® Counter Threat Unit™ (CTU) researchers discovered how to manipulate the consenting process of a legitimate verified publisher application to implant malicious unverified applications within a Microsoft Entra ID (formerly known as Azure Active Directory) tenant[1]. Any tenant that retained the default user consent configuration for enterprise applications was susceptible to this attack.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian. The actor also appears to have a defensive interest in the website of the Kazakhstani state-owned email service and has rarely targeted Kazakh entities.…
Read More The fake USPS phishing page.
Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries.…
Key TakeawaysCyble Research and Intelligence Labs (CRIL) encountered a RAR archive file that could propagate through adult websites or fake adult sites, etc.
In this malware campaign, Threat Actors (TAs) exploit a vulnerability in WinRAR (CVE-2023-38831) to distribute their malicious payloads onto the systems of their victims.…
Read More
I. Abstract
Read More NSFOCUS Security Labs recently discovered a new attack process based on phishing documents in their daily threat-hunting operations. Delving deeper into this finding through extensive research, they confirmed two new Trojan horse programs and many rare attack techniques and tactics.
NSFOCUS Security Labs believes that this new attack process comes from a new APT attacker, who has a high technical level and cautious attack attitude.…
Key InsightsAPT29’s pace of operations and emphasis on Ukraine increased in the first half of 2023 as Kyiv launched its counteroffensive, pointing to the SVR’s central role in collecting intelligence concerning the current pivotal phase of the war.
During this period, Mandiant has tracked substantial changes in APT29’s tooling and tradecraft, likely designed to support the increased frequency and scope of operations and hinder forensic analysis. …
Read More Remote Access Trojan (RAT) is a type of malware that, as the name suggests, can remotely access a victims’ system after successful infection. This blog is about one such RAT, RomCom RAT which can take complete control of a compromised system by spoofing and deploying fake versions of legitimate applications on the victims’ system to gain initial trust. …
A burgeoning attack involving Google Looker Studio is making the rounds. In the last few weeks, we’ve seen over a hundred of these attacks.
Google Looker Studio is a tool that converts information—slideshows, spreadsheets, etc—into visualized data, such as charts and graphs.
Hackers are utilizing it to create fake crypto pages that are designed to steal money and credentials.…