Oct 04, 2023NewsroomCloud Security / Cyber Threat Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through an SQL Server instance. “The attackers initially exploited a SQL injection vulnerability in an application within the target’s environment,” security researchers Sunders Bruskin, Hagai Ran Kestenberg, and Fady Nasereldeen […]
Recent research from Menlo Labs has uncovered a sophisticated phishing campaign aimed at executives employed across industries, such as banking, insurance, property management, real estate, and manufacturing. The U.S.-based organizations have been the primary targets. Diving into details The phishing campaign began in July and abused an open redirection vulnerability on the job search platform […]
Oct 04, 2023THNCloud Security / Cyber Threat Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a SQL Server instance. “The attackers initially exploited a SQL injection vulnerability in an application within the target’s environment,” security researchers Sunders Bruskin, Hagai Ran Kestenberg, and Fady Nasereldeen […]
A recent phishing campaign targeting executives in senior roles has been exploiting an open redirection vulnerability in the Indeed website, cybersecurity firm Menlo Security warns. Headquartered in the US, Indeed is a popular worldwide job search platform, which claims to have more than 350 million unique visitors each month, and more than 14,000 employees globally. […]
A new phishing campaign detected by Perception Point and reported by Akamai is targeting Booking.com users and is a prime example of the lengths threat actors will go to for a payday. This attack exemplifies the alarming threat levels the hospitality sector as a whole faces in 2023 as threat actors leverage InfoStealer malware compromised […]
Sep 28, 2023THNSupply Chain / Malware A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. “The malicious code exfiltrates the GitHub project’s defined secrets to a malicious C2 server and modify any existing javascript files in the attacked […]
The Cybersecurity and Infrastructure Security Agency launched its first-ever national public service campaign to raise awareness of cybersecurity in local communities, including for families and small businesses. The Secure our World campaign is designed to teach people and businesses in local communities how to stay safe online. The campaign includes public service announcements on television, […]
A spearphishing campaign targeting management teams associated with an Azerbaijanian company exploits the conflict between Azerbaijan and Armenia, using malware disguised as an infected memo to gather basic computer information from its targets.
Sep 26, 2023THNCyber Espionage / Malware A “multi-year” Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations. Recorded Future’s Insikt Group, which is tracking the activity under the moniker TAG-74, said the adversary has been linked to “Chinese military intelligence and poses a significant threat to academic, aerospace […]