Google announced major security-focused revamps to Chrome’s ‘Safe Browsing’ mode, which enables the service to work while checking against a server-side malware-site list in real-time.
The added safety feature to Google Chrome’s ‘Safe Browsing’ mode is a massive improvement compared to the browsing mode cross-checking against lists of malware-infected sites that were manually added every two hours.
According to Salt Labs research, third-party OpenAI ChatGPT plugin security flaws could allow attackers to install malicious plugins, and hijack third-party website accounts.
Leveraging security gaps in ChatGPT plugins’ large language models (LLMs), OAuth workflow, and PluginLab both feature weaponizable vulnerabilities.
Microsoft announced the cyber campaign by the Russian-state-sponsored ‘Midnight Blizzard’ hackers, resulting in the group stealing the tech giant’s source code.
The sophisticated ‘Midnight Blizzard’ campaign is said to be rooted in a grander scheme to gain unauthorized access to Microsoft’s environment using the stolen source code.
Zscaler discovered a new remote access trojan (RAT) campaign that lures victims through fake online meeting links.
Once the victims are lured into downloading the RAT through the meeting links impersonating Skype, Google Meet, and Zoom, the RAT payload may enable threat actors to steal sensitive information.
Following actions taken against the infamous BlackCat ransomware group in December by the US Federal Bureau of Investigation (FBI), the cybercriminal gang has warned it is taking off the gloves in its fight with law enforcement. BlackCat previously took pride in regularly announcing that it does not encourage or support affiliates who target crucial sectors such as healthcare. But this approach has changed radically since the end of 2023.
“Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized. This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023,” said the FBI.
A Viakoo survey unveiled that 50% of respondents experienced IoT cyber incidents in 2023.
Among those IoT cyber incidents, 44% were reported to be ‘severe’, while 22% were labeled as ‘threatening’.
Highly organized cybercriminals suspected to be based in Russia and Nigeria are targeting hundreds of executives in dozens of organizations in an ongoing Microsoft Azure cloud account takeover (ATO) campaign.
According to US cybersecurity firm Proofpoint: “As part of this campaign, which is still active, threat actors target users with individualized phishing lures within shared documents.”
Innocent but weaponized documents sent to key executives include embedded links to “View Document”, which automatically directs them to a malicious site. The users affected by the attacks occupy a variety of trusted positions within their organizations. Victims include chief financial officers (CFOs), finance managers, account managers, corporate vice presidents, and sales directors. Proofpoint believes that targeting this variety of executive positions is far from being a series of random phishing attacks.
Hackers with close ties to the intelligence arm of Iran’s military, the Islamic Revolutionary Guard, are now personally targeting journalists, professors, and researchers. According to Microsoft, which detected the new activity, Iran is anxious to gather information on the entire range of Western views regarding the ongoing conflict in the Middle East.
“Based on the identities of the targets observed in this campaign and the use of lures related to the Israel-Hamas war, this campaign may be an attempt to gather perspectives on events related to the war from individuals across the ideological spectrum,” says Microsoft.
The Iran-backed hackers, known as Mint Sandstorm, a composite name used to describe several subgroups of activity with ties to the Islamic Revolutionary Guard, use a range of new techniques. For example, the hackers use legitimate but compromised email accounts to conduct highly planned phishing attacks against key journalists.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory (CSA) containing the Indicators of Compromise (IOC) associated with the Androxgh0st malware.
The joint CSA also contained the dangerous Androxgh0st malware tactics, techniques, and procedures associated with the malware’s threat actors. The malware establishes a botnet for victim identification, exploits vulnerable networks, targets the theft of sensitive data, and may lead to remote code execution.
Web 3.0, the blockchain version of the traditional internet that hosts decentralized blockchain crypto-currencies, lost over US$1.8 billion in 2023 to cybercrime.
Newly released findings from cybersecurity firm Certik’s latest Hack3D Annual Report cast a pall over the US Securities and Exchange Commission (SEC)’s much-anticipated approval of up to a dozen Bitcoin ETFs (exchange-traded funds) on Wednesday. It will also cast a long shadow over the hoped-for institutional acceptance of crypto-currencies by influential financial entities, including Swift, the Hong Kong Monetary Authority, and the Australia and New Zealand Banking Group (ANZ). In the second half of last year, the SEC scrutinized a series of proposals, notably extending review periods for Bitcoin ETF applications from major firms like BlackRock, ARK, and Fidelity.
Based on a Netwrix survey, the financial sector in 2023 experienced the most cyberattacks among any other sector in 2023.
Surveying 1,610 IT and security professionals from more than 100 countries, the survey also revealed phishing and malware to be the most common attacks across all sectors.
MongoDB revealed a data breach exposing customer metadata and sensitive information in an email announcement to their customers.
The email, alerting MongoDB’s customers of the cyberattack, also informed customers to be aware of heightened phishing email risk due to the data breach, and to set up multi-factor authentication for their accounts as a phishing safety measure.
Kyivstar, Ukraine’s largest telecom provider announced it was hit by a devastating cyberattack, disrupting internet access for over 26 million users.
Kyivstar’s parent company, VEON Ltd confirmed the devastating cyberattack, claiming it to be “one of the largest cyberattacks in the history of the global telecom market.”
Researchers from the International Institute of Information Technology (IIIT) presented a new attack named ‘AutoSpill’ that enables attackers to steal account credentials on Android devices via an autofill operation, during the Black Hat Europe security conference.
IIIT researchers pinpointed WebView, the Android feature used to open external links through an internal browser view as the starting point of the security flaw, leaving autofilled usernames and passwords vulnerable.
An unknown threat actor has breached an as-yet-unnamed US aerospace company. According to BlackBerry, who first highlighted the attack, the threat actor’s weaponization of a phishing attack became operational around September 2022, with the offensive phase of the attack occurring almost a year later in July of this year.
The cybercriminals responsible, whom BlackBerry has christened “AeroBlade,” are believed to have used the intervening nine months to develop the additional resources necessary to ensure access to the aerospace company’s systems to exfiltrate potentially highly valuable information – pointing to a high degree of professionalism and persistence on the part of the attacker.
Abnormal Security published a study revealing a Disney+ impersonation attack, demonstrating never-before-seen phishing tactics.
The cybercriminals initiated the impersonation attack through an auto-generated notification email, about pending charges for their Disney+ subscription. The emails also demonstrated customized PDFs, with legitimate numbers & emails, inflated charges, and believable branding.
A staggering 14 percent of cyber incidents are due to senior IT security staff errors, compounded by a further 15% of errors caused by other IT staff. According to a new study published by cybersecurity firm Kaspersky, over the last two years, 77 percent of companies experienced between one and six cybersecurity breaches, with IT security staff being directly culpable for almost a third of all cybersecurity breaches.
The attacks first identified by the FBI frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons. As of June 2023, the FBI also reports that the Silent Ransom Group (SRG), also called Luna Moth, conducted callback phishing data theft and extortion attacks by sending victims a phone number in a phishing attempt, usually relating to pending charges on the victim’s account. When the victims called the provided phone number, cybercriminals directed them to a legitimate system management tool via a link provided in a follow-up email.
Conducting an innocent online search for any business-related document, such as a legal contract, has become as potentially risky as opening a link in an unsolicited email. Ransomware gangs, usually outside US, UK, and EU jurisdiction, are now luring business users of popular search engines to compromised websites designed to look like professional forums, creating a back door into the searcher’s entire organization.
Reports show that phishing and malware attacks have spiked by 173% and 110% respectively in the third quarter of this year, compared with the second quarter of the year.
A staggering 493.2 million phishing attacks and 125.7 million malware attacks were logged during this period.
A new malware threat, identified as BunnyLoader, is being sold in the cyber underground market.
This Malware-as-a-Service (MaaS) threat has various capabilities, including stealing browser credentials, and system information as well as executing a second-stage payload.
Artificial intelligence (AI) services are enabling unscrupulous online blackmailers to create fake but highly realistic sexually explicit photographs and videos of innocent victims. The blackmailer usually emails the target individual to show them pornographic images of themselves, threatening to send the pictures to the victim’s contacts – a process known as “sextortion.” A variation is to claim to have compromising images of the victim recorded via the webcam on their smartphone.
When cybercriminals speak about “jailbreaking,” they are not discussing springing someone from prison. It refers instead to circumventing safety restrictions on AI-driven chatbots to effectively weaponize AI for criminal purposes.
A new phishing attack campaign using DarkGate Loader malware has been identified, with Microsoft Teams users being urged to exercise caution.
This malware is specifically a ‘loader malware’ meaning that it is able to download and execute other malware programs on the infected device. The additional malware then downloads in the infected device’s memory structure, making it hard to detect since it isn’t in the device’s file system.
The healthcare sector is coming under increasingly severe pressure from cyber-attacks. On the heels of news earlier last week that the infamous Lazarus Group is launching a new campaign targeting internet backbone infrastructure and healthcare facilities in the US and Europe comes news of a major attack by the Rhysida ransomware group on Los Angeles-based Prospect Medical Holdings.
Microsoft, PayPal, Facebook, Google, and Amazon are some of the world’s most respected brands, but they’re also the most impersonated. With 300,000 successful phishing attacks recorded last year in the US alone and 71% of organizations experiencing an attempted or actual business email compromise the issue is only getting worse.
Discord.io data leak Discord.io exposes the personal data of more than 760,000 users. The invite service for the popular messaging app Discord was allegedly due to a flaw in the site’s code. The information is being offered up by a hacker on the dark web. Joint Interpol-Afripol opp nets cybercriminals across Africa Interpol and Afripol […]
admin
