Security Affairs

MAY 27, 2022

A new version of the ERMAC Android banking trojan is able to target an increased number of apps. was discovered by ESET researchers after a campaign impersonating Bolt Food targeted Polish users. A new #Android banker ERMAC 2.0 is distributed rapidly through various phishing sites, primarily targeting Polish users.”

Banking 140

Banking Malware Cybercrime Phishing 140

Security Affairs

DECEMBER 21, 2023

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware. Agent Tesla is a spyware that is used to spy on the victims by collecting keystrokes, system clipboard, screenshots, and credentials from the infected system.

Malware 93

Malware Phishing Spyware Cyber threats 93

eSecurity Planet

JULY 13, 2023

Now security researchers have discovered a black hat generative AI tool called WormGPT that has none of the ethical restrictions of tools like ChatGPT, making it even easier for hackers to craft cyber attacks based on AI tools. Refining phishing or BEC attack emails using generative AI.

Cybercrime 98

Cybercrime Phishing Marketing System Administration 98

Security Affairs

MAY 2, 2023

“ROKRAT has not changed significantly over the years, but its deployment methods have evolved, now utilizing archives containing LNK files that initiate multi-stage infection chains. “The first sample we will discuss below was first discovered in July 2022, the same month that Microsoft began enforcing this new rule.”

Malware 81

Malware Education Media Phishing 81

SecureList

OCTOBER 5, 2022

Our answer is nearly always the same: (spear) phishing. Last month, we focused on infection methods used in various malware campaigns: methods that we do not see used very often. Last month, we focused on infection methods used in various malware campaigns: methods that we do not see used very often.

Malware 126

Malware Architecture Spyware Ransomware 126

Security Affairs

JUNE 18, 2022

Malibot is a new Android malware targeting online banking and cryptocurrency wallet customers in Spain and Italy. F5 Labs researchers spotted a new strain of Android malware, named Malibot, that is targeting online banking and cryptocurrency wallet customers in Spain and Italy. ” reads the advisory published by F5 Labs.

Banking 113

Banking Cryptocurrency Malware Mobile 113

Duo's Security Blog

OCTOBER 4, 2023

Recognizing and reporting phishing 4. Updating software Cisco Duo is all about cybersecurity, so every week we’re going to publish a blog focused on those respective topics. Past When the use of passwords began, they were a “good enough” method to control user access to digital systems. Enabling multi-factor authentication 3.

Password Management 109

Password Management Passwords Authentication Social Engineering 109

Krebs on Security

AUGUST 5, 2021

We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Among the oldest tricks in the book is to fake one’s demise or retirement and invent a new identity.

Ransomware 323

Ransomware Cybercrime Malware System Administration 323

Security Boulevard

JANUARY 2, 2024

Amidst the ever-evolving realm of enterprise security, a new year unfolds, introducing a dynamic array of emerging threats. In September, the Zscaler ThreatLabz team conducted an analysis of AI/ML and ChatGPT trends amongst enterprises stretching back across 2023 and, unsurprisingly, discovered upward trajectories in AI/ML traffic and usage.

CISO 104

CISO Social Engineering Architecture Ransomware 104

SecureList

DECEMBER 27, 2022

We continue to track the group’s activities and this October we observed the adoption of new malware strains in its arsenal. However, it has recently started to adopt new methods of malware delivery. In addition, the group tested different file types to refine malware delivery methods. Executive summary. Background.

Malware 136

Malware Banking Passwords Antivirus 136

SecureList

FEBRUARY 8, 2024

In a recent investigation, we encountered a new malware that specifically targets users of more than 60 banking institutions, mainly from Brazil. This malware utilizes the Squirrel installer for distribution, leveraging NodeJS and a relatively new multiplatform programming language called Nim as a loader to complete its infection.

Banking 109

Banking Encryption Malware Technology 109

Security Boulevard

APRIL 20, 2022

Download your free copy of the 2022 ThreatLabz Phishing Report, and check out our infographic. For decades, phishing has been a complex and time-consuming challenge for every security team. Avoiding the latest breed of phishing attacks requires heightened awareness from users, additional context, and a zero trust approach.

Phishing 115

Phishing Retail Risk Architecture 115

Security Affairs

FEBRUARY 17, 2019

Security experts at Myki have recently discovered a new phishing campaign that could deceive even most tech-savvy users. Crooks are distributing links to blogs and services that display users “login using Facebook account” to read an exclusive article or purchase a discounted product. Pierluigi Paganini.

Phishing 95

Phishing Advertising Accountability Authentication 95

Malwarebytes

JANUARY 4, 2022

Common distribution methods for this type of installer are phishing campaigns, forum spam, YouTube posts and comments, as well as untrustworthy software download sites. The final stage of the infection requires a reboot for the new registry settings to take effect, including the disabled UAC. Purple Fox background. rundll3222.exe.

Artificial Intelligence 102

Artificial Intelligence Malware Antivirus Phishing 102

SecureList

MAY 27, 2022

The group uses various malware families, including Wroba, and attack methods that include phishing, mining, smishing and DNS poisoning. On February 23, ESET published a tweet announcing new wiper malware targeting Ukraine. On March 22, the Ukraine CERT published a new alert about the DoubleZero wiper targeting the country.

Phishing 110

Phishing Spyware Firmware Malware 110

Security Affairs

MAY 7, 2023

An APT group tracked as Dragon Breath has been observed employing a new DLL sideloading technique. Sophos researchers observed an APT group, tracked as Dragon Breath (aka APT-Q-27 and Golden Eye), that is using a new DLL sideloading technique that adds complexity and layers to the execution of the classic DLL sideloading.

Malware 85

Malware Cryptocurrency Encryption Phishing 85

The Last Watchdog

MARCH 17, 2022

Threat actors are now using advanced methods to conduct intricate, personalized phishing and targeted attacks. The bad actors employed AI to discover social footprints, buying patterns and personal data, and launched personalized attacks unique to each potential victim. The larger question: Can cybersecurity be truly automated?

Cybersecurity 235

Cybersecurity Scams Artificial Intelligence Software 235

Security Affairs

FEBRUARY 8, 2019

Crooks leverage Google Translate service as camouflage on mobile browsers in a phishing campaign aimed at stealing Google account and Facebook credentials. The phishing campaign targets both Google and Facebook accounts, the use of Google Translate allows the attackers to make the phishing page as a legitimate form from a Google domain.

Phishing 84

Phishing Mobile Security Intelligence Advertising 84

SecureList

JULY 28, 2022

It supports multiple exfiltration methods and complicated networking infrastructure, including addressing, redirection, and routing. In March, Proofpoint published a blog post about a new spear-phishing campaign related to the war in Ukraine, tentatively attributed to the Russian-speaking actor UNC1151 (aka TA445 and Ghostwriter).

Malware 136

Malware Firmware Phishing Cryptocurrency 136

Security Affairs

JULY 6, 2022

Researchers from Palo Alto Networks Unit 42 discovered that a sample uploaded to the VirusTotal database on May 19, 2022 and considered benign by almost all the antivirus, was containing a payload associated with Brute Ratel C4 (BRc4), a new red-teaming and adversarial attack simulation tool. “Over the past 2.5

Antivirus 98

Antivirus Penetration Testing Phishing Manufacturing 98

Security Boulevard

AUGUST 2, 2022

ThreatLabz has discovered a new strain of a large-scale phishing campaign, which uses adversary-in-the-middle (AiTM) techniques along with several evasion tactics. Similar AiTM phishing techniques were used in another phishing campaign described by Microsoft recently here. Phishing campaign overview.

Phishing 52

Phishing Energy and Utilities Authentication Accountability 52

SecureList

FEBRUARY 7, 2022

We have been tracking Roaming Mantis since 2018, and published five blog posts about this campaign: Roaming Mantis uses DNS hijacking to infect Android smartphones. Roaming Mantis dabbles in mining and phishing multilingually. Link from smishing message redirects to Wroba or phishing page. Roaming Mantis, part III.

Phishing 86

Phishing DNS Mobile Malware 86

Duo's Security Blog

JANUARY 16, 2023

It wouldn’t be long after WWII when the burgeoning development of computer systems grew large enough that MIT had to solve a new problem: With limited computing power available and more researchers needing access than the system could handle at once, how could they divvy up a schedule that allowed all users a guaranteed window of access?

Passwords 80

Passwords Encryption Media Accountability 80

SecureList

NOVEMBER 1, 2022

In March, we detected new DTrack samples packed in a different way and with relatively few changes in the code. We will also highlight new victimology, including various targets across Europe. Their blogpost also introduced new malware, dubbed Jackpot – previously unknown fileless malware targeting IIS servers. and v0.6.5,

Malware 142

Malware Ransomware Spyware Encryption 142

eSecurity Planet

SEPTEMBER 30, 2021

Security expert Chris Krebs wrote in a blog post this week that he discovered such a service – called OPT Agency – earlier this year, noting that the service was shut down soon after his report was published. Phishing, Social Engineering are Still Problems. OTP Interception Services Emerge. Stealing Credentials.

Authentication 111

Authentication Social Engineering Phishing Banking 111

Webroot

JANUARY 7, 2022

This year, we will likely see new threat actors become strategic in their cost-benefit analysis of undertaking long-term mining versus short-term ransomware payments. Last year, we forecasted phishing would continue to remain a prevailing method of attack , as unsuspecting individuals and businesses would fall victim to tailored assaults.

Cybercrime 105

Cybercrime Phishing Ransomware Cryptocurrency 105

Troy Hunt

APRIL 5, 2023

Specific guidance prepared by the FBI in conjunction with the Dutch police on further steps you can take to protect yourself are detailed at the end of this blog post on the gold background. That's the short version, here's the whole story: Ever heard that saying about how "data is the new oil"?

Marketing 340

Marketing Passwords Authentication Accountability 340

Security Boulevard

APRIL 27, 2022

The Zscaler ThreatLabz research team has recently discovered a malware campaign targeting users applying for Thailand travel passes. In this blog, our team will provide a deep analysis of the malware campaign that we have observed related to these attacks. Figure 3 : Thailand pass phishing page drops ISO file.

Antivirus 98

Antivirus Malware Phishing Engineering 98

SiteLock

AUGUST 27, 2021

However, the truth is that businesses of all sizes hold valuable data in their hands, and cybercriminals work to create new sophisticated attack methods to acquire this information. However, SMB websites won’t face less risk — they’ll actually face different types of threats as cybercriminals adapt their methods.

Small Business 98

Small Business Cybersecurity Phishing DDOS 98

eSecurity Planet

OCTOBER 26, 2021

In a blog post , Tom Burt, corporate vice president of customer security and trust at Microsoft, wrote that the hacker group Nobelium is looking to use the same pathways that it leveraged in its attack on SolarWinds and its customers by compromising a set of companies to gain access to their customers.

Government 117

Government Cybercrime Accountability Software 117

Schneier on Security

JANUARY 5, 2018

The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution -- which of course is not a solution -- is to throw them all away and buy new ones. Throw it away and buy a new one" is ridiculous security advice, but it's what US-CERT recommends. It is also unworkable.

Firmware 195

Firmware Software Engineering Phishing 195

Security Affairs

AUGUST 4, 2019

Malware researchers from enSilo have spotted a new variant of the DealPly adware that uses a new method to avoid detection. The experts discovered that Some reputation modules are used only for certain countries. Let’s see in detail how the DealPly adware abuses the reputation services. ” conclude the experts.

Adware 75

Adware Advertising Malware Engineering 75

Cisco Security

MARCH 28, 2022

Even though this Emotet re-appearance happened at (almost) the same time as Log4J vulnerability was discovered, there is not enough evidence that these two things are related. We summarize in this blog Emotet threat, it’s lifecycle and typical detectable patterns. The file contained in the phishing email, is an Office document (2).

Banking 107

Banking Malware Ransomware Phishing 107

SiteLock

NOVEMBER 24, 2021

The New, Evolving Malware. Babuk ransomware was discovered fairly recently, in early 2021, but it hasn’t taken long for this destructive new malware to gain notoriety. The second faction split and formed a new group, Babuk V2. In summary, Babuk uses similar methods as other RaaS products to exploit a system.

Ransomware 59

Ransomware Malware Encryption Antivirus 59

SecureList

DECEMBER 11, 2023

Cybersecurity risks and vulnerabilities As any other technological advancement, along with exciting opportunities, generative AI brings new risks into the equation. Trust and reliability First of all, the technology is very new and not yet mature. The most capable models are closed-source, and also very idiosyncratic.

Cybersecurity 101

Cybersecurity Artificial Intelligence Technology Risk 101

Google Security

JULY 27, 2023

0-click exploits and new browser mitigations drive down browser 0-days. In addition, all major browsers also implemented new defenses that make exploiting a vulnerability more difficult and could have influenced attackers moving to other attack surfaces. Many attackers have been moving towards 0-click rather than 1-click exploits.

Spyware 91

Spyware Manufacturing Internet Internet 91

Security Boulevard

OCTOBER 24, 2023

Assuming they’ve achieved persistence and there’s evidence of their activity, defenders typically concentrate on the methods used for access, and overlook the post-breach domain environment. Attack Technique Format This blog covers multiple Kerberos abuse based attack techniques, detection guidance and remediation of a compromised domain.

Backups 69

Backups Passwords Authentication Accountability 69