Many companies utilise vanity links mostly for their brands’ marketing purposes. However, researchers warned that threat actors had established ways to perform phishing attacks using this tool. Security experts explained that the issue regarding vanity links abuse begins when a cloud service would allow a vanity subdomain of a company but would not verify it or...Continue Reading
Nerbian RAT, a new remote access trojan, has recently been found by experts possessing advanced capabilities such as bypassing security detection and being analysed by security researchers. Written in the Go programming language, the new trojan is a cross-platform 64-bit threat spread through a small-scale phishing campaign using macro-laced documents. The malware was discovered in a...Continue Reading
Findings published by Mozilla exposed a worrying concern about the lack of security and user privacy for mental health apps found on mobile application stores. These apps are valuable for people undergoing personal distress like anxiety, PTSD, domestic violence, etc. Some religion-themed apps are also discovered in a similar case. The study made by Mozilla detailed...Continue Reading
A hacking group dubbed UNC3524 is found using thorough strategies in attacking corporate networks to intrude and steal data. According to experts, the threat group remained hidden from its victims for over 18 months while collecting information associated with mergers, acquisitions, and financial transactions. UNC3524 was first detected in December 2019. They utilised a wide array...Continue Reading
Recent research conducted by cybersecurity analysts revealed that the TA410 threat gang controls an operation containing three sub-groups. Although the groups are under the same umbrella, they have different tactics, techniques, and procedures for striking their victims. The three sub-groups working on the TA410 are JollyFrog, FlowingFrog, and LookingFrog. These three groups work separately but are...Continue Reading
A new report revealed how the Lapsus$ operators deploy their attacks, including some information about the TTPs of the highly unpredictable attacks of the group and an analysis of how they select and target victims. In the last five months, the Lapsus$ group became notorious after successfully breaching big-time firms such as Samsung, Nvidia, Okta, and...Continue Reading
A California resident phishing operator named Sercan Oyuntur has been indicted by the US Department of Justice (DoJ) for its malicious campaigns causing the US Department of Defense (DoD) to lose over $23.5 million in damages. The money swindled from the US DoD was meant for funding a jet fuel supplier. However, the phishing operator diverted...Continue Reading
Verified user accounts on Twitter are warned about an ongoing phishing campaign which aims to steal account credentials. Those verified users on Twitter have a blue checkmark or badge beside their names, indicating their status as celebrities, politicians, and other figures representing their distinction. All verified users must submit a list of their information for Twitter...Continue Reading
A new ransomware group called Black Basta has infected about a dozen organisations, and some researchers claim that it may have a link to the notorious Conti gang. The appearance of Black Basta was first discovered last month. Researchers also noted that they had already compiled samples regarding the new threat in February. The threat actors...Continue Reading
A newly discovered threat group called GOLD ULRICK continues to adapt and operate the Conti name-and-shame ransomware scheme and adjusted well to the massive data leak of Conti ransomware’s source code. Conti is still actively circulating in the wild based on recent findings despite experiencing enormous data leaks from security researchers. The efforts of many researchers...Continue Reading
After a cyberattack targeted their vendor, the library lending app Onleihe announced problems in multiple media formats endorsed on the platform, like audio, video, and e-book files. Onleihe is an application that enables visitors and users to connect to local libraries and borrow e-magazines and audiobooks. The application is utilised by various universities in Europe and...Continue Reading
Researchers link the North Korean-sponsored Lazarus group to a new malware that targeted over 40 institutions. The recent attacks in the first months of this year revealed further details regarding the malware attacking organisations by spoofing an executable of INISAFE CrossWeb EX version 3, a security program of INITECH. The threat actors input the malware through...Continue Reading
Several months after security analysts found the critical zero-day flaw under the Java logging library Apache Log4j, they disclosed that many servers and applications are still prone to cyberattacks posed by the flaw due to failure to apply proper security patches. The vulnerability tracked as CVE-2021-44228 was first detailed last December, allowing hackers to launch remote...Continue Reading
Phishing attacks from last year have broken previous records from the past years. Experts claimed that the emergence of phishing-as-a-service methods and new attack vectors caused this massive upsurge of the attacks. Some researchers also think that the low barrier of entry contributed to the widespread of similar attacks. Threat actors take advantage of current trends...Continue Reading
New data revealed that threat actors are reutilising the RedLine malware in their cyberattacks against networks from over 150 countries in April this year. In January, researchers first identified a campaign that exploits the CVE-2021-26411 security flaw of the web browser Internet Explorer to spread the malware. RedLine stealer is a password-stealing malware available on underground...Continue Reading
Scammers are becoming more advanced as technology progresses after security researchers discovered that AI-generated images are being used to conduct fraudulent activities. Based on a report, one victim received a suspicious email from an alleged attorney in a Boston law firm. After examining the email’s sender, it turned out that they are non-existent, and the email’s...Continue Reading
A massive Monero crypto mining attack using the Lemon Duck botnet has targeted Docker Application Programing Interface (API) on Linux servers. Researchers said its operators launch the botnet attacks to target misconfigured Docker systems. The threat actors operating the recent Lemon Duck campaign hide their crypto wallets behind proxy pools based on sample analysis. Moreover, the...Continue Reading
Researchers claimed that the Nokoyawa ransomware showed similarities with the Hive group after noticing resemblances in their tricks, tactics, and procedures (TTPs). However, the researchers have taken a step back and reevaluated some things after separate researchers shared new details and discoveries on the Nokoyawa ransomware. The Nokoyawa showed signs of being Hive related, but...Continue Reading
A security flaw was found within Google’s VirusTotal platform, allowing threat actors to exploit it to accomplish remote code execution or RCE via the unpatched third-party sandboxing machines employing anti-virus applications. The vulnerability was fixed immediately after being discovered. VirusTotal is a malware-scanning platform under Google’s security subsidiary that investigates suspicious links, domains, and files and...Continue Reading
After a year since its shutdown, the Emotet malware operation has resurfaced in the threat landscape to continue its attacks. Security analysts listed the malware as the top malicious tool deployed by its operators, which impacted about 10% of firms worldwide in March of this year. Moreover, the analysts have observed a rapid acceleration of a...Continue Reading