Cybercriminals can now generate convincing phishing pages using a new Phishing-as-a-Service platform
A new phishing-as-a-service (PhaaS or PaaS) platform called Greatness has been utilized by cybercriminals to target business users of Microsoft 365 cloud service since mid-2022. This Phishing kit provides affiliates with a link and attachment builder to create convincing decoy and login pages that have features like pre-filled victim email addresses and company logos and
- Published in News
A zero-day bug has been fixed in Microsoft’s May Patch Tuesday
Microsoft has released its Patch Tuesday updates for May 2023, which include fixes for 38 security vulnerabilities, including one zero-day flaw currently being actively exploited. The Zero Day Initiative (ZDI) from Trend Micro reports that this is the lowest number of security fixes released since August 2021, but warns that this number is likely to
- Published in News
New Web-Inject Toolkit DrIBAN Targets Italian Corporate Banking Clients
Italian corporate banking clients are under attack from an ongoing financial fraud campaign that uses a web-inject toolkit called drIBAN since at least 2019. According to Cleafy researchers Federico Valentini and Alessandro Strino, the main goal of drIBAN fraud operations is to infect Windows workstations in corporate environments and alter legitimate banking transfers performed by
- Published in News
North Korea’s ScarCruft uses LNK file infection chains to spread RokRAT malware
North Korea’s ScarCruft, also known as APT37, InkySquid, Nickel Foxcroft, Reaper, RedEyes, and Ricochet Chollima, is a threat group that targets South Korean individuals and entities through spear-phishing attacks. The group’s malware of choice, RokRAT, is capable of credential theft, data exfiltration, system information gathering, command and shellcode execution, and file and directory management. ScarCruft’s
- Published in News
Critical Flaws in Illumina’s DNA Sequencing Instruments Warned by CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an Industrial Control Systems (ICS) medical advisory warning of a critical flaw that affects Illumina medical devices. The Universal Copy Service (UCS) software in several DNA sequencing instruments, including the iSeq 100, MiSeq, NextSeq 550, and NovaSeq 6000, is impacted by the issues. CVE-2023-1968, a severe bug with a CVSS score of 10.0, can enable remote
- Published in News
PingPull Linux Variant Used in Targeted Cyberattacks by Chinese Hackers
Alloy Taurus, a Chinese nation-state group notorious for attacking telecom companies since 2012, has been spotted using a Linux variation of the backdoor PingPull and a new unnamed tool called Sword2033. Palo Alto Networks Unit 42 discovered these malicious activities recently, targeting South Africa and Nepal. These attacks also include financial institutions and government entities. PingPull is
- Published in News, Uncategorized
Iranian Government-Sponsored Hackers Target US Energy and Transit Infrastructure
A group backed by the Iranian government, dubbed Mint Sandstorm, has been connected to cyber-attacks targeting critical US infrastructure from late 2021 to mid-2022. Microsoft’s Threat Intelligence team stated that this subgroup is skilled and operationally mature, capable of swiftly developing custom tools and exploiting N-day vulnerabilities. The group’s focus appears to align with Iran’s
- Published in News
Urgent Chrome update fixes actively exploited zero-day vulnerability
Google has released an urgent update to fix a zero-day vulnerability in Chrome that is being actively exploited, making it the first such bug to be addressed this year. The vulnerability, tracked as CVE-2023-2033, is a high-severity type confusion issue in the V8 JavaScript engine. Google acknowledged that an exploit for the vulnerability exists in
- Published in News
Cryptocurrency Stealer Malware Found in 13 Malicious NuGet Packages
Experts in cybersecurity have uncovered the mechanics behind a cryptocurrency stealer malware distributed through 13 malignant NuGet packages. This supply chain attack targeted .NET developers and employed a sophisticated typosquatting campaign. Impersonating legitimate packages, the attackers executed PowerShell code to obtain a secondary binary from a pre-programmed server. The two-stage assault led to the deployment of a
- Published in News
Attack on Taiwanese PC manufacturer MSI resulted in a ransomware attack
MSI, the Taiwanese PC company, has officially confirmed that it was the victim of a cyber attack on its systems. The company promptly initiated incident response and recovery measures after detecting network anomalies and alerted law enforcement agencies. However, MSI did not disclose any specifics about the attack or whether any proprietary information, including source
- Published in News