SecureList

DECEMBER 1, 2023

Analysis of samples exploiting CVE-2023-23397 vulnerability On March 14, Microsoft reported a critical Elevation of Privilege (EoP) vulnerability (CVE-2023-23397) in the Outlook client. This feature bypass vulnerability (CVE-2023-29324) was itself patched in May. The end result is the DarkGate loader.

Malware 140

Malware Ransomware Encryption Energy and Utilities 140

Malwarebytes

MARCH 1, 2023

Malware and phishing are two particular mobile threats that you need to defend against in 2023. Just check out the following stats from last year: 18 percent of clicked phishing emails in 2022 came from a mobile device. Verizon Mobile Security Index 2022) 9 percent of organizations suffered a mobile malware attack in 2022.

Mobile 96

Mobile Phishing Malware Adware 96

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 132

Spyware Data breaches Hacking Ransomware 132

The Hacker News

AUGUST 1, 2023

Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023.

Banking 96

Banking Spyware Phishing Cybersecurity 96

SecureList

MAY 27, 2024

Compared to the first quarter of 2023, the percentage decreased by 1.3 Malicious activity in numbers Malicious objects used for initial infection Malicious objects that are used for initial infection of computers include dangerous internet resources that are added to denylists, malicious scripts and phishing pages, and malicious documents.

Spyware 130

Spyware Malware Internet Internet 130

SecureList

AUGUST 30, 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. We had observed few victims compromised using Gopuram, but the number of infections increased in March 2023 — a spike that was directly related to the 3CX supply chain attack.

Malware 98

Malware Spyware Government Cryptocurrency 98

SecureList

NOVEMBER 22, 2022

A look back on the year 2022 and what to expect in 2023. This report assesses how accurately we predicted the developments in the financial threats landscape in 2022 and ponder at what to expect in 2023. Forecasts for 2023. Analysis of forecasts for 2022. Rise and consolidation of information stealers.

Cryptocurrency 107

Cryptocurrency Mobile Ransomware Banking 107

SecureList

SEPTEMBER 26, 2024

pp compared to the second quarter of 2023, when the indicator reached its highest level since records began in 2022. pp compared to the first quarter of 2024); Malicious scripts and phishing pages (JS and HTML) – 5.69% (-0.15 Spyware (spy Trojans, backdoors and keyloggers) – 4.08% (+0.18 pp from the previous quarter to 23.5%.

Spyware 112

Spyware Malware Ransomware Internet 112

SecureList

JULY 27, 2023

This is our latest installment, focusing on activities that we observed during Q2 2023. The group’s latest activities, from September 2022 until March 2023, involve a new set of custom loaders and its private post-exploitation tool “Ninja,” used to help it remain undetected.

Malware 98

Malware Government Phishing Social Engineering 98

Security Affairs

SEPTEMBER 3, 2023

Being Used to Phish So Many of Us? Hacks QakBot, Quietly Removes Botnet Infections Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs Why is.US

Social Engineering 131

Social Engineering Data breaches Spyware Malware 131

Security Affairs

NOVEMBER 11, 2023

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform Serbian pleads guilty to running ‘Monopoly’ dark web drug market McLaren Health Care revealed that a data breach impacted 2.2 Every week the best security articles from Security Affairs are free for you in your email box.

DDOS 133

DDOS Data breaches Ransomware Marketing 133

The Last Watchdog

MAY 13, 2024

This process not only safeguards computers, mobile devices, and IoT systems from a diverse array of threats like malware, phishing, spyware, and botnets, ensuring privacy, but also optimizes performance.

DNS 130

DNS Cyber threats Engineering Spyware 130

SecureList

DECEMBER 9, 2024

User data was stolen from Cisco Duo, a service that provides organizations with multi-factor authentication (MFA) and single sign-on (SSO) network access, as a consequence of a phishing attack targeting an employee of a third-party telephony provider. The breach allowed the threat actor to download SMS message logs. Why does it matter?

Internet 113

Internet Internet Risk Social Engineering 113

Security Affairs

APRIL 4, 2023

The attacker can also use the compromised accounts to carry out lateral phishing attacks and further infiltrate the target organizations TA473 targeted US elected officials and staffers since at least February 2023. CISA orders federal agencies to fix this flaw by April 24, 2023.

Phishing 98

Phishing Government Spyware Passwords 98

Security Affairs

SEPTEMBER 1, 2024

Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong EU investigating Telegram over user numbers Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Malware 125

Malware Surveillance Firewall Phishing 125

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 98

Spyware Ransomware Malware Data breaches 98

Security Affairs

JUNE 17, 2023

Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9 Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9

Data breaches 98

Data breaches DDOS Backups Firewall 98

Security Affairs

JULY 4, 2023

Neo_Net’s eCrime campaign was reportedly targeting clients of banks globally, with a focus on Spanish and Chilean banks, from June 2021 to April 2023. Neo_Net has set up and rented out a wide-ranging infrastructure, including phishing panels, Smishing software, and Android trojans to its network of affiliates.

Banking 98

Banking Phishing Social Engineering Authentication 98

Security Affairs

FEBRUARY 10, 2023

The TA886 hacking group targets organizations in the United States and Germany with new spyware tracked as Screenshotter. The attack chain starts with an phishing emails containing a malicious URL or malicious attachment that lead to deployment of WasabiSeed and Screenshotter malware. ” reads the post published by Proofpoint.

Malware 98

Malware Phishing Spyware Cybercrime 98

Malwarebytes

MAY 10, 2023

Just check out the following stats from last year: 18 percent of clicked phishing emails in 2022 came from a mobile device. Check Point 2023 Cyber Security Report) For Managed Service Providers (MSPs) , these stats represent more than just figures; they underscore the need for proactive action across their customers’ mobile endpoints.

Mobile 88

Mobile Malware Phishing Spyware 88

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 98

Data breaches Malware Mobile Spyware 98

Security Boulevard

FEBRUARY 17, 2025

Google's reCAPTCHA is not only useless, it's also basically spyware Techspot This study demonstrates Google's reCAPTCHA v2 and v3 are flawed and don't actually keep out bots. The research also shows that reCAPTCHA relies on fingerprinting (collecting "user agent data and other identifying information") and shares this data with advertisers.

Surveillance 52

Surveillance Data breaches VPN Malware 52

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Passwords 121

SecureList

NOVEMBER 14, 2023

In this article, we will review the past year’s trends to see which of our 2023 predictions have come true, and try to predict what is to come in 2024. The US Cybersecurity and Infrastructure Security Agency (CISA) provided additional IoCs associated with exploitation of CVE-2023-2868. A review of last year’s predictions 1.

Hacking 142

Hacking Energy and Utilities Malware Media 142

SecureWorld News

JULY 27, 2023

Incidents have more than doubled in Q1 2023, indicating a disturbing trend that threatens global organizations. The 17-page report has a wealth of information, including the impact of stealers, the lifecycle of a stealer, the workflow of a stealer, and statistics around the stealers trending in 2023.

Malware 95

Malware Social Engineering Passwords Spyware 95

Security Affairs

NOVEMBER 15, 2023

The data was first indexed by IoT devices on March 8th, 2023. Source: Cybernews The information exposed in this data leak could have been exploited for fraud, identity theft, phishing attempts, or as a source of data for meticulously targeted cyberattacks. User security log.

Passwords 104

Passwords Identity Theft Social Engineering Spyware 104

IT Security Guru

FEBRUARY 13, 2023

With so many well known banking sites falling short when it comes to blocking fraudsters, cybersecurity experts at VPNOverview have compiled a list of 12 safety tips to keep your money safe from malware and phishing scams. What are the possible dangers of online banking?

Banking 80

Banking Cybersecurity Antivirus Phishing 80

CyberSecurity Insiders

MAY 19, 2023

Phishing – By circulating emails with malicious attachments, Hive actors can gain access to the victim’s networks. Impair Defenses – Hive will seek to terminate all processes related to backups, antivirus/anti-spyware, and file copying. This is called Exploit Public-Facing Application. billion being paid in 2022 alone.

Ransomware 124

Ransomware Encryption Healthcare Education 124

SecureList

SEPTEMBER 3, 2024

Number of new ransomware modifications, Q2 2023 – Q2 2024 ( download ) Number of users attacked by ransomware Trojans In Q2 2024, Kaspersky solutions protected 85,819 unique users from ransomware Trojans. Attacks on macOS In Q2 2024, numerous samples of the spyware Trojan-PSW.OSX.Amos (also known as Cuckoo) were found.

Mobile 115

Mobile Antivirus Adware Ransomware 115

Malwarebytes

JANUARY 22, 2023

Windows 10 download pages now say this at the bottom of the promotional text: January 31, 2023 will be the last day this Windows 10 download is offered for sale. Windows 10 will remain supported with security updates that help protect your PC from viruses, spyware and other malware until October 14, 2025.

Retail 98

Retail Spyware Malware Phishing 98

Security Affairs

MAY 23, 2023

On March 2023, researchers from Kaspersky spotted a previously unknown APT group, tracked as Bad Magic (aka Red Stinger), that targeted organizations in the region of the Russo-Ukrainian conflict. The attackers were observed using PowerMagic and CommonMagic implants. The archive contained two files, a decoy document (i.e.

Malware 98

Malware Spyware Encryption Hacking 98

Hacker's King

MAY 20, 2023

You may also like: Ways To Earn Passive Income In Cyber Security In 2023 Brute Force Attacks: Cracking the Code In certain cases, hackers may employ brute force attacks to gain access to an account without triggering the 2FA process. These codes are typically meant to be used in case the primary 2FA method fails.

Authentication 52

Authentication Social Engineering Spyware Engineering 52

Google Security

JULY 27, 2023

While ARM had released the fixed driver version in October 2022, the vulnerability was not fixed by Android until April 2023 , 6 months after the initial release by ARM, 9 months after the initial report by Man Yue Mo, and 5 months after it was first found being actively exploited in-the-wild.

Spyware 95

Spyware Manufacturing Internet Internet 95

Security Affairs

JANUARY 10, 2021

It is a great question, particularly when you consider that $167 Billion was spent on Cybersecurity in 2019 and this is predicted to increase to $248 Billion by 2023 [Source: Forbes ]. For more information on this breach, see: Software Supply-Chain Attack Hits Vietnam Government Certification Authority.

Cyber Attacks 130

Cyber Attacks Government Software Surveillance 130

eSecurity Planet

JUNE 8, 2023

Email security consists of the policies, tools, and services deployed to protect against threats specific to email such as spam, phishing attacks, malware-infested attachments, impersonation, and email interception. Multi-factor Authentication Compromised credentials stolen from a phishing campaign can be quite dangerous. zip, etc.).

Firewall 80

Firewall DNS Authentication Malware 80

eSecurity Planet

MARCH 14, 2023

For example, hackers can use packet sniffers or a phishing link using a man-in-the-middle attack. For example, malware, spyware, adware, computer worms, botnets, trojan horses and similar malware do not normally impact network equipment (routers, firewalls, etc.) or network traffic. DNS security (IP address redirection, etc.),

Network Security 98

Network Security Firewall Penetration Testing Encryption 98

SecureWorld News

OCTOBER 31, 2024

From zombie botnets to phishing phantoms, these threats might sound like campfire tales, but they're some of the most sinister forces in cybersecurity today. Phishing phantoms: masters of disguise Phishing scams have become more sophisticated. Like a phantom in disguise, a phishing attack can appear harmless—until it's too late.

IoT 120

IoT Phishing DDOS Backups 120