HP’s new report reveals that cybercriminals are increasingly using “cat-phishing” techniques, exploiting open redirects in legitimate websites to deceive users and deliver malware.
A “multi-faceted campaign” has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro. “The presence of multiple malware variants suggests a broad cross-platform […]
The CISA has issued new guidance to help federal civilian agencies better encrypt their Domain Name System (DNS) traffic as part of a broader effort to improve the security posture of their internal networks and meet a zero trust deadline this fall.
CISA has added a high-severity vulnerability (CVE-2024-4761) in Chrome’s V8 JavaScript engine to its ‘Known Exploited Vulnerabilities’ catalog, which is being actively exploited.
The Norwegian NCSC recommends organizations replace SSL VPN/WebVPN solutions with more secure alternatives, like IPsec with IKEv2, by 2025 to prevent breaches from repeated vulnerabilities.
Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. “These campaigns typically involve a recognizable infection chain involving oversized JavaScript files that utilize WMI’s ability to invoke msiexec.exe and install a remotely-hosted MSI
The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles on April 12 and May 16, respectively. The foreign […]
The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target over 1,500 banks across the world, spanning more than 60 countries in Central and South
Knowing what to play next, if you think about it, is at the actual heart of what DJs do. Runners put one foot in front of another. Cyclists push down on the left pedal, then the right pedal, and then do it again and again and again. And DJs, every few minutes, play a new […]