What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-04-28 06:55:57 | (Déjà vu) Comment arrêter les appels de risques de spam How to stop spam risk calls (lien direct) |
> comment arrêter les appels de risque de spam En savoir plus & # 187;
> How to stop spam risk calls Read More » |
Spam | ★★ | |
|
2023-04-27 15:15:04 | (Déjà vu) Comment arrêter les appels de spam sur la ligne fixe How to stop spam calls on landline (lien direct) |
> comment arrêter les appels de spam surFINDINE En savoir plus & # 187;
> How to stop spam calls on landline Read More » |
Spam | ★★ | |
|
2023-04-27 14:59:18 | Comment arrêter les textes de spam sur iPhone How to stop spam texts on iPhone (lien direct) |
> comment arrêter les textes de spam suriPhone Lire la suite & # 187;
> How to stop spam texts on iPhone Read More » |
Spam | ★★ | |
|
2023-04-27 14:22:44 | Comment arrêter les textes de spam sur AT&T How to stop spam texts on AT&T (lien direct) |
Hé, le client AT & # 38; t, êtes-vous inondé par des messages texte de spam?Tu n'es pas le seul.Heureusement, il existe plusieurs façons de lutter contre le spam de texte et vous ne devez pas être un assistant technologique pour le faire.Dans cet article, nous discuterons de cinq méthodes efficaces pour arrêter les textes de spam sur AT & # 38; t.Méthode # 1: Bloquer des messages texte indésirables & # 8230; Comment arrêter les textes de spam sur AT & # 038; t Lire la suite & # 187;
Hey, AT&T customer, are you inundated by spam text messages? You\'re not the only one. Luckily, there are several ways to fight text spam-and you don\'t have to be a tech wizard to do it. In this article, we\'ll discuss five effective methods to stop spam texts on AT&T. Method #1: Blocking unwanted text messages … How to stop spam texts on AT&T Read More » |
Spam | ★★ | |
|
2023-04-27 14:21:31 | Comment arrêter les appels de spam et les robocaux sur Android How to Stop Spam Calls and Robocalls on Android (lien direct) |
> comment arrêter les appels de spam etRobocalls sur Android en savoir plus & # 187;
> How to Stop Spam Calls and Robocalls on Android Read More » |
Spam | ★★ | |
 |
2023-04-25 18:22:00 | Anomali Cyber Watch: Deux attaques de la chaîne d'approvisionnement enchaînées, leurre de communication DNS furtive de chien, Evilextractor exfiltrates sur le serveur FTP Anomali Cyber Watch: Two Supply-Chain Attacks Chained Together, Decoy Dog Stealthy DNS Communication, EvilExtractor Exfiltrates to FTP Server (lien direct) |
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cryptomining, Infostealers, Malvertising, North Korea, Phishing, Ransomware, and Supply-chain attacks. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters
(published: April 21, 2023)
A new Monero cryptocurrency-mining campaign is the first recorded case of gaining persistence via Kubernetes (K8s) Role-Based Access Control (RBAC), according to Aquasec researchers. The recorded honeypot attack started with exploiting a misconfigured API server. The attackers preceded by gathering information about the cluster, checking if their cluster was already deployed, and deleting some existing deployments. They used RBAC to gain persistence by creating a new ClusterRole and a new ClusterRole binding. The attackers then created a DaemonSet to use a single API request to target all nodes for deployment. The deployed malicious image from the public registry Docker Hub was named to impersonate a legitimate account and a popular legitimate image. It has been pulled 14,399 times and 60 exposed K8s clusters have been found with signs of exploitation by this campaign.
Analyst Comment: Your company should have protocols in place to ensure that all cluster management and cloud storage systems are properly configured and patched. K8s buckets are too often misconfigured and threat actors realize there is potential for malicious activity. A defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) approach is a good mitigation step to help prevent actors from highly-active threat groups.
MITRE ATT&CK: [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] T1496 - Resource Hijacking | [MITRE ATT&CK] T1036 - Masquerading | [MITRE ATT&CK] T1489 - Service Stop
Tags: Monero, malware-type:Cryptominer, detection:PUA.Linux.XMRMiner, file-type:ELF, abused:Docker Hub, technique:RBAC Buster, technique:Create ClusterRoleBinding, technique:Deploy DaemonSet, target-system:Linux, target:K8s, target:Kubernetes RBAC
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
(published: April 20, 2023)
Investigation of the previously-reported 3CX supply chain compromise (March 2023) allowed Mandiant researchers to detect it was a result of prior software supply chain attack using a trojanized installer for X_TRADER, a software package provided by Trading Technologies. The attack involved the publicly-available tool SigFlip decrypting RC4 stream-cipher and starting publicly-available DaveShell shellcode for reflective loading. It led to installation of the custom, modular VeiledSignal backdoor. VeiledSignal additional modules inject the C2 module in a browser process instance, create a Windows named pipe and |
Ransomware Spam Malware Tool Threat Cloud | Uber APT 38 ChatGPT APT 43 | ★★ |
 |
2023-04-25 13:00:00 | Cyberheistnews Vol 13 # 17 [Head Start] Méthodes efficaces Comment enseigner l'ingénierie sociale à une IA CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI (lien direct) |
CyberheistNews Vol 13 #16 | April 18th, 2023
[Finger on the Pulse]: How Phishers Leverage Recent AI Buzz
Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard.
Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device."
Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals."
Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet.
Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations.
Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters with |
Spam Malware Hack Threat | APT 28 ChatGPT ChatGPT | ★★★ |
|
2023-04-18 13:00:00 | Cyberheistnews Vol 13 # 16 [doigt sur le pouls]: comment les phishers tirent parti de l'IA récent Buzz CyberheistNews Vol 13 #16 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz (lien direct) |
CyberheistNews Vol 13 #16 | April 18th, 2023
[Finger on the Pulse]: How Phishers Leverage Recent AI Buzz
Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard.
Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device."
Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals."
Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet.
Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations.
Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leav |
Spam Malware Hack Threat | APT 28 ChatGPT ChatGPT | ★★★ |
 |
2023-04-13 15:24:00 | Le malware de la Légion marche sur les serveurs Web pour voler des informations d'identification, les utilisateurs de spam mobiles Legion Malware Marches onto Web Servers to Steal Credentials, Spam Mobile Users (lien direct) |
Un nouveau Credential Harvester compromet les services SMTP pour voler des données dans une gamme de services et de fournisseurs hébergés, et peut également lancer des attaques de spam basées sur SMS contre des appareils utilisant des opérateurs mobiles américains.
A novel credential harvester compromises SMTP services to steal data from a range of hosted services and providers, and can also launch SMS-based spam attacks against devices using US mobile carriers. |
Spam Malware | ★★ | |
|
2023-04-11 13:16:54 | Cyberheistnews Vol 13 # 15 [Le nouveau visage de la fraude] FTC fait la lumière sur les escroqueries d'urgence familiale améliorées AI-AI CyberheistNews Vol 13 #15 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams (lien direct) |
CyberheistNews Vol 13 #15 | April 11th, 2023
[The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams
The Federal Trade Commission is alerting consumers about a next-level, more sophisticated family emergency scam that uses AI which imitates the voice of a "family member in distress."
They started out with: "You get a call. There\'s a panicked voice on the line. It\'s your grandson. He says he\'s in deep trouble - he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You\'ve heard about grandparent scams. But darn, it sounds just like him. How could it be a scam? Voice cloning, that\'s how."
"Don\'t Trust The Voice"
The FTC explains: "Artificial intelligence is no longer a far-fetched idea out of a sci-fi movie. We\'re living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member\'s voice - which he could get from content posted online - and a voice-cloning program. When the scammer calls you, he\'ll sound just like your loved one.
"So how can you tell if a family member is in trouble or if it\'s a scammer using a cloned voice? Don\'t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you can\'t reach your loved one, try to get in touch with them through another family member or their friends."
Full text of the alert is at the FTC website. Share with friends, family and co-workers:https://blog.knowbe4.com/the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams
A Master Class on IT Security: Roger A. Grimes Teaches Ransomware Mitigation
Cybercriminals have become thoughtful about ransomware attacks; taking time to maximize your organization\'s potential damage and their payoff. Protecting your network from this growing threat is more important than ever. And nobody knows this more than Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4.
With 30+ years of experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making |
Ransomware Data Breach Spam Malware Hack Tool Threat | ChatGPT ChatGPT | ★★ |
 |
2023-04-11 09:43:36 | Mars 2023 \\'s Mostware le plus recherché: la nouvelle campagne Emotet contourne les Microsoft Blocks pour distribuer des fichiers OneNote malveillants March 2023\\'s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files (lien direct) |
mars 2023 \\ est le malware le plus recherché: une nouvelle campagne Emotet contourne les Microsoft Blocks pour distribuer des fichiers Onenote malveillants
Vérifier les rapports de recherche sur les points selon lesquels Emotet Trojan a lancé une nouvelle campagne le mois dernier pour échapper au bloc macro de Microsoft \\, envoyant des e-mails de spam contenant des fichiers onenote malveillants.Pendant ce temps, Ahmyth était le malware mobile le plus répandu et Log4J a de nouveau pris la première place comme la vulnérabilité la plus exploitée
-
mise à jour malveillant
/ /
affiche
March 2023\'s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files Check Point Research reports that Emotet Trojan launched a new campaign last month to evade Microsoft\'s macro block, sending spam emails containing malicious OneNote files. Meanwhile Ahmyth was the most prevalent mobile malware and Log4j took top spot once again as the most exploited vulnerability - Malware Update / affiche |
Spam Malware | ★★★ | |
 |
2023-04-10 11:23:02 | LLMS et phishing LLMs and Phishing (lien direct) |
Voici une expérience dirigée par des étudiants de premier cycle en informatique partout: demandez à Chatgpt de générer des e-mails de phishing et testez si ceux-ci sont meilleurs pour persuader les victimes de répondre ou de cliquer sur le lien que le spam habituel.C'est une expérience intéressante, et les résultats devraient varier follement basé sur les détails de l'expérience.
Mais bien qu'il soit une expérience facile à exécuter, il manque le risque réel de modèles de grande langue (LLMS) à rédiger des e-mails d'escroquerie.Les escroqueries par l'homme aujourd'hui ne sont pas limitées par le nombre de personnes qui répondent au contact initial par e-mail.Ils sont limitées par le processus à forte intensité de main-d'œuvre de persuader ces personnes d'envoyer de l'argent à l'escroc.Les LLM sont sur le point de changer cela.Il y a dix ans, un type de courriel de spam était devenu une punchline à chaque émission de fin de soirée: & # 8220; Je suis le fils de feu le roi du Nigéria qui a besoin de votre aide & # 8230;. & # 8221;Presque tout le monde avait reçu un ou mille de ces e-mails, au point qu'il semblait que tout le monde devait savoir qu'ils étaient des escroqueries ...
Here’s an experiment being run by undergraduate computer science students everywhere: Ask ChatGPT to generate phishing emails, and test whether these are better at persuading victims to respond or click on the link than the usual spam. It’s an interesting experiment, and the results are likely to vary wildly based on the details of the experiment. But while it’s an easy experiment to run, it misses the real risk of large language models (LLMs) writing scam emails. Today’s human-run scams aren’t limited by the number of people who respond to the initial email contact. They’re limited by the labor-intensive process of persuading those people to send the scammer money. LLMs are about to change that. A decade ago, one type of spam email had become a punchline on every late-night show: “I am the son of the late king of Nigeria in need of your assistance….” Nearly everyone had gotten one or a thousand of those emails, to the point that it seemed everyone must have known they were scams... |
Spam | ChatGPT ChatGPT | ★★★★ |
 |
2023-04-10 11:00:11 | March 2023\'s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files (lien direct) | > Vérifier les rapports de recherche sur les points selon lesquels Emotet Trojan a lancé une nouvelle campagne le mois dernier pour échapper au bloc macro de Microsoft \\, envoyant des e-mails de spam contenant des fichiers Onenote malveillants.Pendant ce temps, Ahmyth était le logiciel malveillant mobile le plus répandu et Log4j a de nouveau pris la première place comme la vulnérabilité la plus exploitée que notre dernier indice de menace mondial pour mars 2023 a vu les chercheurs découvrir une nouvelle campagne de logiciels malveillants d'Emotet Trojan, qui a augmenté.Comme indiqué plus tôt cette année, les attaquants d'Emotet ont exploré d'autres moyens de distribuer des fichiers malveillants depuis que Microsoft a annoncé qu'ils bloqueraient les macros des fichiers de bureau.[& # 8230;]
>Check Point Research reports that Emotet Trojan launched a new campaign last month to evade Microsoft\'s macro block, sending spam emails containing malicious OneNote files. Meanwhile Ahmyth was the most prevalent mobile malware and Log4j took top spot once again as the most exploited vulnerability Our latest Global Threat Index for March 2023 saw researchers uncover a new malware campaign from Emotet Trojan, which rose to become the second most prevalent malware last month. As reported earlier this year, Emotet attackers have been exploring alternative ways to distribute malicious files since Microsoft announced they will block macros from office files. […] |
Spam Malware Vulnerability Threat | ★★ | |
 |
2023-04-05 08:40:00 | MALIVE SPAM Campaign Downs NPM Registry Malicious Spam Campaign Downs npm Registry (lien direct) |
L'empoisonnement du référencement entraîne une augmentation de la circulation
SEO poisoning drives surge in traffic |
Spam | ★★ | |
 |
2023-04-04 10:00:00 | Fraudeurs chinois: ÉVADER DE DÉTECTION ET MONÉTISATION Chinese fraudsters: evading detection and monetizing stolen credit card information (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Cyber attacks are common occurrences that often make headlines, but the leakage of personal information, particularly credit card data, can have severe consequences for individuals. It is essential to understand the techniques employed by cyber criminals to steal this sensitive information.
Credit card fraud in the United States has been on the rise, with total losses reaching approximately $12.16 billion in 2021, according to Insider Intelligence. Card-Not-Present (CNP) fraud constituted 72% of these losses, with a substantial portion attributed to Chinese fraudsters.
This article discusses the tactics employed by Chinese cyber actors in committing CNP fraud and their value chain.
Chinese fraudsters primarily target the United States for two reasons: the large population makes phishing attacks more effective, and credit card limits in the country are higher compared to other nations. These factors make the US an attractive market for card fraudsters.
Common methods for acquiring card information include phishing, JavaScript injection through website tampering, and stealing data via Trojan horse infections. Phishing is the most prevalent method, and this analysis will focus on phishing tactics and the monetization value chain of stolen credit card information.
Chinese fraudsters have developed extensive ecosystems for their operations. In a card fraud community targeting Japan and the US, over 96,000 users have joined. For 3,000 Chinese yuan in Bitcoin, individuals can enroll in a bootcamp to learn phishing techniques through recorded videos and access resources for creating phishing sites and profiting from stolen credit cards.
According to the community leader, more than 500 students enrolled in the first half of 2022 alone. This leader has made significant profits, receiving 56 BTC over the past three years.
Chinese fraudster ecosystem: actor’s value chain
The value chain of Card Non-present fraud is shown as the following picture.
To carry out these activities, Chinese fraudsters establish a value chain for CNP fraud, starting with setting up a secure environment. They anonymize IDs, falsify IP addresses, change time zones and language settings, alter MAC addresses and device IDs, modify user agents, and clear cookies to evade detection by security researchers and bypass various security measures.
Fraudsters also use residential proxies, which are infected domestic devices, to access targeted websites indirectly and avoid tracking. These proxies can be purchased from online providers, with payments made via stolen credit cards or bitcoin. By selecting the desired IP address, users can access the target site with a fake IP address, making it difficult to trace their activities.
One residential proxy service popular among Chinese fraudsters is "911," which is built using software distributed under the guise of a free VPN service. Once installed, users are unknowingly transformed into valuable residential proxies for fraudsters without their consent. The service offers locations at city granularity to match the target user\'s geographic location.
Additionally, fraudsters can select ISP and device fingerprints, such as browser version, operating system, and screen size. This information is usually acquired through phishing, and fraudsters select the ones used by the victims t |
Spam | ★★ | |
|
2023-03-28 10:00:00 | Dridex Malware, le Troie bancaire [Dridex malware, the banking trojan] (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Introduction: Dridex, also known as Cridex or Bugat, is a banking Trojan that has been active since 2011. The malware is primarily used to steal sensitive information, such as login credentials and financial information, from victims. Dridex is known for its ability to evade detection by using dynamic configuration files and hiding its servers behind proxy layers. The Dridex malware typically spreads through spam email campaigns, with the emails containing a malicious attachment or link that, when clicked, will install the malware on the victim\'s computer. The malware then uses web injections to steal financial information from the victim. One of the interesting features of Dridex is its use of a peer-to-peer (P2P) network for command and control (C&C) communication. This allows the attackers to evade detection by security researchers and law enforcement, as the C&C servers can be quickly changed if one is discovered. In terms of atomic techniques, Dridex uses a variety of methods to evade detection and maintain persistence on an infected system. Some of these techniques include: Fileless infection: Dridex can infect a system without leaving any trace of a malicious file on the hard drive. Process hollowing: Dridex can inject its code into a legitimate process in order to evade detection by security software. Anti-debugging and anti-virtualization: Dridex can detect if it is running in a virtualized environment or if it is being debugged, and will terminate itself if it is. Dridex is a well-known and sophisticated banking trojan that has been active for more than a decade, the malware has been known to target financial institutions, businesses, and individuals. Despite the arrest of one of its administrators in 2015, the malware continues to be active and evolve. Recent infection on Macs: The recent variant of Dridex malware that targets MacOS systems delivers malicious macros via documents in a new way. The malware typically spreads through spam email campaigns, with the emails containing a malicious attachment or link that, when clicked, will install the malware on the victim\'s computer. The variant overwrites document files to carry Dridex\'s malicious macros, but currently, the payload it delivers is a Microsoft exe file, which won\'t run on a MacOS environment. This suggests that the variant may still be in the testing stages and not yet fully converted to work on MacOS machines. However, it\'s possible that the attackers will make further modifications to make it compatible with MacOS in the future. Once the malware is installed on the system, it searches for files with .doc extensions and overwrites them with the malicious code. The overwritten code has a D0CF file format signature, implying it is a Microsoft document file. This means that the malicious macros are delivered via document files, which makes it harder for the user to determine if the file is malicious or not. The malware also uses basic string encryption to hide the malicious URL it connects to in order to retrieve a file. This method of delivery is different from the traditional method of delivery, which is through email attachments. This shows that the attackers behind Dridex are trying to find new targets and more efficient methods of entry. How it works: Dridex is a banking Trojan that is typically distributed through phishing email campaigns. The malware is delivered as an attachment, often in the form of a Word or Excel document, that contains a malicious macro. Once the macro is enabled, it will download and execute the Dridex payload on the victim\'s system. Once installed, Dridex can perform a variety of malicious actions, including keylogging, capturing scre | Spam Malware Guideline | ★★★ | |
|
2023-03-27 08:56:44 | Zoominfo opt et supprimez vos informations [ZoomInfo Opt Out & Remove Your Info] (lien direct) | Obtenir des appels de télémarketing plus ennuyeux et des e-mails spams ces derniers temps?Cela pourrait être Zoominfo faire son truc, en vous assurant que vos informations personnelles sont à jour et facilement accessibles à tous.Heureusement, le processus d'opt-out de Zoominfo \\ est assez rapide et facile, surtout si vous suivez notre guide étape par étape.Tout ce que vous avez à faire est de «vérifier» votre e-mail de travail (après avoir fait & # 8230; zoominfo opt out & # 038; supprimer vos informations en savoir plus & # 187;
Getting more annoying telemarketing calls and spam emails lately? Could be ZoomInfo doing its thing, making sure your personal information is up-to-date and easily accessible to all. Luckily, ZoomInfo\'s opt-out process is fairly quick and easy, especially if you follow our step-by-step guide. All you have to do is “verify” your work email (after making … ZoomInfo Opt Out & Remove Your Info Read More » |
Spam Guideline | ★★★★ | |
|
2023-03-27 07:25:54 | Sophos montre comment faire du chatppt un copilote de cybersécurité [Sophos Demonstrates How to Make ChatGPT a Cybersecurity Co-Pilot] (lien direct) | Sophos montre comment faire du chatppt un co-pilot de cybersécurité
Le modèle d'IA peut filtrer plus facilement l'activité malveillante dans la télémétrie XDR, améliorer les filtres de spam et simplifier l'analyse de la vie des binaires terrestres
-
rapports spéciaux
Sophos Demonstrates How to Make ChatGPT a Cybersecurity Co-Pilot The AI Model Can More Easily Filter Malicious Activity in XDR Telemetry, Improve Spam Filters, and Simplify the Analysis of Living Off the Land Binaries - Special Reports |
Spam | ChatGPT ChatGPT | ★★ |
 |
2023-03-27 04:15:09 | CVE-2023-24835 (lien direct) | SoftNext Technologies Corp. & aLilde; & cent; & acirc; & sbquo; & not; & acirc; & bdquo; & cent; s spam sqr a une vulnérabilité de l'injection de code dans sa fonction spécifique.Un attaquant distant authentifié avec privilège administrateur peut exploiter cette vulnérabilité pour exécuter la commande arbitraire du système pour effectuer un fonctionnement du système arbitraire ou un service de perturbation.
Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service. |
Spam Vulnerability | ||
|
2023-03-23 14:18:54 | Seulement 1% des domaines à but non lucratif ont des protections de sécurité par e-mail DMARC de base [Just 1% of Nonprofit Domains Have Basic DMARC Email Security Protections] (lien direct) | DMARC bloque le spam et les e-mails de phishing envoyés à partir de domaines usurpés, et il est largement sous-utilisé, indique un nouveau rapport.
DMARC blocks spam and phishing emails sent from spoofed domains, and it\'s vastly underutilized, a new report says. |
Spam Studies | ★★ | |
 |
2023-03-20 17:56:00 | Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (lien direct) | A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. The activity, which commenced in August 2022, is currently ongoing, Ocelot Team from Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Mispadu ( | Spam | ★★ | |
|
2023-03-14 13:00:00 | CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears (lien direct) |
CyberheistNews Vol 13 #11 | March 14th, 2023
[Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.
I'm giving you a short extract of the story and the link to the whole article is below.
"Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service.
"In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM.
"In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.
"And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven.
"'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'"
Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this.
Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl |
Ransomware Data Breach Spam Malware Threat Guideline Medical | ChatGPT ChatGPT | ★★ |
 |
2023-03-14 10:30:00 | NCSC warns over AI language models but rejects cyber alarmism (lien direct) | Pas de details / No more details | Spam | ★★ | |
|
2023-03-13 10:00:00 | Insights from an external incident response team: Strategies to reduce the impact of cybersecurity attacks (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. "Why are you here if you cannot decrypt our data?" This is how people sometimes react to the arrival of the external incident response team. In this article, I will try to answer this question, but at the same time, I am going to describe the stages of incident response, list the main mistakes that play into the hands of hackers, and give basic advice on how to respond. Let's start by defining what a security incident is. Although the concept is straightforward, various companies may interpret it differently. For instance, some companies may consider incidents to include situations such as a power supply failure or a hard drive malfunction, while others may only classify malicious actions as incidents. In theory, an incident is a moment when some kind of undesirable event occurs. In practice, the definition of an "undesirable event" is determined by each company's own interpretation and perspective. For one organization, the discovery of a phishing email is what requires investigation. Other companies may not see the point in worrying about such incidents. For instance, they may not be concerned about a phishing email being opened on an employee device in a remote location not connected to the main infrastructure since it poses no immediate threat. There are also interesting cases here. For example, online traders consider a drop in the speed of interaction with the online exchange by 1% to be a serious incident. In many industries, proper incident response steps and cybersecurity in general, cannot be overestimated. But if we are talking about serious incidents, then most often, these are events related to the penetration of an attacker into the corporate network. This annoys the vast majority of business leaders. Incident response stages While the interpretation of certain events as security incidents may vary depending on various factors such as context and threat model, the response steps are often the same. These response steps are primarily based on the old SANS standard, which is widely used by many security professionals. SANS identifies six stages of incident response: Preparation Identification Containment Eradication Recovery Lessons learned It is important to note that the external response team is not immediately involved in this process. Preparation Preparation involves properly aligning organizational and technical processes. These are universal measures that should be implemented effectively across all areas: Inventory networks Build subnets correctly Use correct security controls and tools Hire the right people All this is not directly related to the external response team and, at the same time, affects its work significantly. The response is based on preparatory steps. For example, it relies heavily on the log retention policy. Each attack has its own dwell time - the time from an attacker entering the network until their activity is detected. If the attack has an extended dwell time (three-four months) and the logs are kept for seven days, it will be much more difficult for the investigation team to fin | Spam Malware Vulnerability Threat Guideline | ★★★ | |
 |
2023-03-13 00:00:00 | Emotet Returns, Now Adopts Binary Padding for Evasion (lien direct) | Following a three-month hiatus, Emotet spam activities resumed in March 2023, when a botnet known as Epoch 4 began delivering malicious documents embedded in Zip files that were attached to the emails. | Spam | ★★★ | |
|
2023-02-22 16:47:00 | Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links (lien direct) | In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another," Checkmarx researcher Yehuda Gelb said in a Tuesday report. "The attackers referred to retail | Spam | ★★ | |
 |
2023-02-20 03:21:02 | How do mail filters work? (lien direct) | Mail filters play a huge role in protecting organizations from cyberattacks. Even though their task is quite small, they are very important for an organization's ability to deter many malicious phishing and spam emails before delivery to a person's inbox. According to the IBM X-Force Threat Intelligence Index, 40% of attacks in the manufacturing industry are phishing attacks, and 1 in 3 employees are most likely to fall for a phishing scam. How do mail filters work? Email SPAM filters use a variety of techniques to protect mail delivery. A mail filter will take action, such as rejecting... | Spam Threat | ★★ | |
 |
2023-02-16 08:00:07 | Spam and phishing in 2022 (lien direct) | Statistics on spam and phishing with the key trends in 2022: two-stage spear phishing, hijacking of social network and instant messaging accounts, import substitution, and survey phishing. | Spam | ★★★ | |
|
2023-02-14 14:00:00 | CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake (lien direct) |
CyberheistNews Vol 13 #07 | February 14th, 2023
[Scam of the Week] The Turkey-Syria Earthquake
Just when you think they cannot sink any lower, criminal internet scum is now exploiting the recent earthquake in Turkey and Syria.
Less than 24 hours after two massive earthquakes claimed the lives of tens of thousands of people, cybercrooks are already piggybacking on the horrible humanitarian crisis. You need to alert your employees, friends and family... again.
Just one example are scammers that pose as representatives from a Ukrainian charity foundation that seeks money to help those affected by the natural disasters that struck in the early hours of Monday.
There are going to be a raft of scams varying from blood drives to pleas for charitable contributions for victims and their families. Unfortunately, this type of scam is the worst kind of phishbait, and it is a very good idea to inoculate people before they get suckered into falling for a scam like this.
I suggest you send the following short alert to as many people as you can. As usual, feel free to edit:
[ALERT] "Lowlife internet scum is trying to benefit from the Turkey-Syria earthquake. The first phishing campaigns have already been sent and more will be coming that try to trick you into clicking on a variety of links about blood drives, charitable donations, or "exclusive" videos.
"Don't let them shock you into clicking on anything, or open possibly dangerous attachments you did not ask for! Anything you receive about this recent earthquake, be very suspicious. With this topic, think three times before you click. It is very possible that it is a scam, even though it might look legit or was forwarded to you by a friend -- be especially careful when it seems to come from someone you know through email, a text or social media postings because their account may be hacked.
"In case you want to donate to charity, go to your usual charity by typing their name in the address bar of your browser and do not click on a link in any email. Remember, these precautions are just as important at the house as in the office, so tell your friends and family."
It is unfortunate that we continue to have to warn against the bad actors on the internet that use these tragedies for their own benefit. For KnowBe4 customers, we have a few templates with this topic in the Current Events. It's a good idea to send one to your users this week.
Blog post with links:https://blog.knowbe4.com/scam-of-the-week-the-turkey-syria-earthquake
|
Ransomware Spam Threat Guideline | ChatGPT | ★★ |
|
2023-02-08 21:15:10 | CVE-2023-25163 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a user attempts to create or update an Application via the Argo CD API (and therefor the UI or CLI). The user must have `applications, create` or `applications, update` RBAC access to reach the code which may produce the error. The user is not guaranteed to be able to trigger the error message. They may attempt to spam the API with requests to trigger a rate limit error from the upstream repository. If the user has `repositories, update` access, they may edit an existing repository to introduce a URL typo or otherwise force an error message. But if they have that level of access, they are probably intended to have access to the credentials anyway. A patch for this vulnerability has been released in version 2.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | Spam Tool Vulnerability | Uber | |
|
2023-02-07 12:23:54 | Malware Delivered through Google Search (lien direct) | Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros. Over the past month, Google Ads has become the go-to place for criminals to spread their malicious wares that are disguised as legitimate downloads by impersonating brands such as Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, Tor, and Thunderbird... | Spam Malware | ★★ | |
 |
2023-01-20 17:11:49 | Cyberbunker, Part 2 (lien direct) |
Spamhaus's decision to add Cyberbunker to its list of Spam sources led the Stophaus coalition to initiate a DDoS attack later dubbed “The attack that almost broke the Internet.” The fallout from this attack led to Cyberbunker relocating to a bunker in Germany - but it was the involvement of an Irish drug lord known as 'The Penguin' that led to the bullet-proof hosting company's downfall.
|
Spam | ★★ | |
|
2023-01-13 19:15:12 | CVE-2023-22489 (lien direct) | Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot successfully create a reply because the API will fail with a 500 error when the user ID 0 is inserted into the database. This happens because when the first post of a discussion is permanently deleted, the `first_post_id` attribute of the discussion becomes `null` which causes access control to be skipped for all new replies. Flarum automatically makes discussions with zero comments invisible so an additional condition for this vulnerability is that the discussion must have at least one approved reply so that `discussions.comment_count` is still above zero after the post deletion. This can open the discussion to uncontrolled spam or just unintentional replies if users still had their tab open before the vulnerable discussion was locked and then post a reply when they shouldn't be able to. In combination with the email notification settings, this could also be used as a way to send unsolicited emails. Versions between `v1.3.0` and `v1.6.3` are impacted. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible. There are no known workarounds. | Spam Vulnerability | ||
|
2022-12-26 13:15:12 | CVE-2022-4120 (lien direct) | The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain | Spam Guideline | ||
|
2022-12-12 18:15:11 | CVE-2022-3883 (lien direct) | The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | Spam | ||
 |
2022-12-08 13:00:37 | Explorations in the spam folder–Holiday Edition (lien direct) | We explore spam campaigns during this holiday season, demonstrating what can happen if someone actually clicks on links or open attachments in these unsolicited emails. | Spam | ★★★ | |
|
2022-12-06 17:09:00 | Anomali Cyber Watch: Infected Websites Show Different Headers Depending on Search Engine Fingerprinting, 10 Android Platform Certificates Abused in the Wild, Phishing Group Impersonated Major UAE Oil (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, In-memory evasion, Infostealers, North Korea, Phishing, Ransomware, Search engine optimization, and Signed malware. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Chinese Gambling Spam Targets World Cup Keywords
(published: December 2, 2022)
Since 2018, a large-scale website infection campaign was affecting up to over 100,000 sites at a given moment. Infected websites, mostly oriented at audiences in China, were modified with additional scripts. Compromised websites were made to redirect users to Chinese gambling sites. Title and Meta tags on the compromised websites were changed to display keywords that the attackers had chosen to abuse search engine optimization (SEO). At the same time, additional scripts were switching the page titles back to the original if the visitor fingerprinting did not show a Chinese search engine from a preset list (such as Baidu).
Analyst Comment: Website owners should keep their systems updated, use unique strong passwords and introduce MFA for all privileged or internet facing resources, and employ server-side scanning to detect unauthorized malicious content. Implement secure storage for website backups.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Obfuscated Files or Information - T1027
Tags: SEO hack, HTML entities, Black hat SEO, Fraudulent redirects, Visitor fingerprinting, Gambling, Sports betting, World Cup, China, target-country:CN, JavaScript, Baidu, baiduspider, Sogou, 360spider, Yisou
Leaked Android Platform Certificates Create Risks for Users
(published: December 2, 2022)
On November 30, 2022, Google reported 10 different Android platform certificates that were seen actively abused in the wild to sign malware. Rapid7 researchers found that the reported signed samples are adware, so it is possible that these platform certificates may have been widely available. It is not shared how these platform certificates could have been leaked.
Analyst Comment: Malware signed with a platform certificate can enjoy privileged execution with system permissions, including permissions to access user data. Developers should minimize the number of applications requiring a platform certificate signature.
Tags: Android, Google, Platform certificates, Signed malware, malware-type:Adware
Blowing Cobalt Strike Out of the Water With Memory Analysis
(published: December 2, 2022)
The Cobalt Strike attack framework remains difficult to detect as it works mostly in memory and doesn’t touch the disk much after the initial loader stage. Palo Alto researchers analyzed three types of Cobalt Strike loaders: KoboldLoader which loads an SMB beacon, MagnetLoader loading an HTTPS beacon, and LithiumLoader loading a stager beacon. These beacon samples do not execute in normal sandbox environments and utilize in-me |
Spam Malware Tool Threat Medical | APT 38 | ★★★ |
|
2022-12-06 14:30:00 | CyberheistNews Vol 12 #49 [Keep An Eye Out] Beware of New Holiday Gift Card Scams (lien direct) |
CyberheistNews Vol 12 #49 | December 6th, 2022
[Keep An Eye Out] Beware of New Holiday Gift Card Scams
By Roger A. Grimes
Every holiday season brings on an increase in gift card scams. Most people love to buy and use gift cards. They are convenient, easy to buy, easy to use, easy to gift, usually allow the receiver to pick just what they want, and are often received as a reward for doing something.
The gift card market is estimated in the many hundreds of BILLIONS of dollars. Who doesn't like to get a free gift card? Unfortunately, scammers often use gift cards as a way to steal value from their victims. There are dozens of ways gift cards can be used by scammers to steal money.
Roger covers these three scams in a short [VIDEO] and in detail on the KnowBe4 blog:
You Need to Pay a Bill Using Gift Cards
Maliciously Modified Gift Cards in Stores
Phish You for Information to Supposedly Get a Gift Card
Blog post with 2:13 [VIDEO] and links you can share with your users and family:https://blog.knowbe4.com/beware-of-holiday-gift-card-scams
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, December 7 @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
NEW! KnowBe4 Mobile Learner App - Users Can Now Train Anytime, Anywhere!
NEW! Security Culture Benchmarking feature lets you compare your organization's security culture with your peers
NEW! AI-Driven phishing and training recommendations for your end users
Did You Know? You can upload your own training video and SCORM modules into your account for home workers
Active Directory or SCIM Integration to easily upload user data, eliminating the need to manually manage user changes
Find out how 50,000+ organizations have mobilized their end-users as their human firewall.
Date/Time: TOMORROW, Wednesday, December 7 @ 2:00 PM (ET)
Save My Spot!https://event.on24.com/wcc/r/3947028/0273119CCBF116DBE42DF81F151FF99F?partnerref=CHN3
|
Ransomware Data Breach Spam Hack Tool Guideline | ★★★ | |
 |
2022-11-28 12:36:18 | Ukraine Themed Twitter Spam Pushing iOS Scareware, (Mon, Nov 28th) (lien direct) | With the expansion of Russia&#;x26;#;39;s invasion of Ukraine in February, Ukraine has made heavy use of social media to demonstrate die ability of the Ukrainian armed forces to repulse the attack. Ukraine often shares video clips showing attacks against Russian troops from drones or action camera footage from the front lines. These videos have been widely distributed, and various social media channels have shared them to build an audience for themselves. | Spam | ★★ | |
 |
2022-11-25 00:42:22 | Auto-Publishing and Auto-Reporting Programs for Blog Posts (lien direct) | Spam programs are illegal programs according to the ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION. The ASEC analysis team previously published a blog post about a spam program sold as a marketing program. Today, we will introduce a program similar to the spam program covered in the past. The file collected under the filename of ‘Naver Blog Report Program.exe’ was developed with C#, just like the spam program covered in the previous blog post. Its... | Spam | ||
|
2022-11-24 00:30:00 | GMX : Black Friday, jusqu\'à 20 % de spam en plus (lien direct) | GMX : Black Friday, jusqu'à 20 % de spam en plus Le fournisseur de messagerie GMX enregistre actuellement une augmentation d'environ 20 % du nombre de spams et d'attaques par hameçonnage pendant la semaine du Black Friday. Le " vendredi noir " et le Cyber Monday sont la haute saison pour les chasseurs de bonnes affaires sur l'internet. La prudence de réagir rapidement aux offres avantageuses diminue. Les criminels en ligne en profitent sans scrupules : l'hameçonnage des services de colis et les faux bons d'achat sont des escroqueries particulièrement fréquentes. - Points de Vue | Spam | ||
|
2022-11-17 14:30:00 | More Than Half of Black Friday Spam Emails Are Scams (lien direct) | New research analyzes email scam techniques in the build-up to this year's Black Friday | Spam | ||
|
2022-11-16 03:26:00 | Anomali Cyber Watch: Amadey Bot Started Delivering LockBit 3.0 Ransomware, StrelaStealer Delivered by a HTML/DLL Polyglot, Spymax RAT Variant Targeted Indian Defense, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, DDoS, Infostealers, Maldocs, Phishing, Ransomware, and Wipers. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
KmsdBot: The Attack and Mine Malware
(published: November 10, 2022)
KmsdBot is a cryptominer written in GO with distributed denial-of-service (DDoS) functionality. This malware was performing DDoS attacks via either Layer 4 TCP/UDP packets or Layer 7 HTTP consisting of GET and POST. KmsdBot was seen performing targeted DDoS attacks against the gaming industry, luxury car manufacturers, and technology industry. The malware spreads by scanning for open SSH ports and trying a list of weak username and password combinations.
Analyst Comment: Network administrators should not use weak or default credentials for servers or deployed applications. Keep your systems up-to-date and use public key authentication for your SSH connections.
MITRE ATT&CK: [MITRE ATT&CK] Network Denial of Service - T1498 | [MITRE ATT&CK] Resource Hijacking - T1496
Tags: detection:KmsdBot, SSH, Winx86, Arm64, mips64, x86_64, malware-type:DDoS, malware-type:Cryptominer, xmrig, Monero, Golang, target-industry:Gaming, target-industry:Car manufacturing, target-industry:Technology, Layer 4, Layer 7
Massive ois[.]is Black Hat Redirect Malware Campaign
(published: November 9, 2022)
Since September 2022, a new WordPress malware redirects website visitors via ois[.]is. To conceal itself from administrators, the redirect will not occur if the wordpress_logged_in cookie is present, or if the current page is wp-login.php. The malware infects .php files it finds – on average over 100 files infected per website. A .png image file is initiating a redirect using the window.location.href function to redirect to a Google search result URL of a spam domain of actors’ choice. Sucuri researchers estimate 15,000 affected websites that were redirecting visitors to fake Q&A sites.
Analyst Comment: WordPress site administrators should keep their systems updated and secure the wp-admin administrator panel with 2FA or other access restrictions. If your site was infected, perform a core file integrity check, query for any files containing the same injection, and check any recently modified or added files.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190
Tags: file-type:PHP, SEO poisoning, WordPress, Google Search, Google Ads
LockBit 3.0 Being Distributed via Amadey Bot
(published: November 8, 2022)
Discovered in 2018, Amadey Bot is a commodity malware that functions as infostealer and loader. Ahnlab researchers detected a new campaign where it is used to deliver the LockBit 3.0 ransomware. It is likely a part of a larger 2022 campaign delivering LockBit to South Korean users. The actors used phishing attachments with two variants of Amadey B |
Ransomware Spam Malware Tool Threat | ||
 |
2022-11-14 21:30:35 | Emotet Distributed Through U.S. Election Themed Link Files (lien direct) | FortiGuard Labs has discovered that Emotet was recently delivered through an archive file that has a file name targeting those interested in the U.S. midterm elections. The archive file is "US midterm elections The six races that could decide the US Senate.zip" that has a link file with the same name, which leads to Emotet.Why is this Significant?This is significant because Emotet is trying to leverage the interest of the U.S. midterm elections for infection. While FortiGuard Labs has not observed the infection vector, the file name "US midterm elections The six races that could decide the US Senate.zip" was likely distributed via emails. "The six races" likely refers to Arizona, Georgia, Michigan, Nevada, Pennsylvania, and Wisconsin where Democrats and Republican are expected to have close race in the elections, which gives better chance that recipients will open the archive contents. Emotets' modus operandi includes distribution via malicious spam campaigns and thread hijacking of emails.What's in "US midterm elections The six races that could decide the US Senate.zip"?The zip file contains a link file named "US midterm elections The six races that could decide the US Senate.lnk". When the link file is executed, it drops a further script in %tmp% that will attempt to cycle through several URLs to download a Emotet DLL.The downloaded Emotet connects to C2 server and will likely deliver additional malware.FortiGuard Labs discovered that the same script is present in other link files "New York Election news and updates....lnk" and "Amazon warns of slower sales as economy weakens.lnk" that were submitted to VirusTotal at the end of October and beginning of November respectively.What is the Status of Protection?FortiGuard Labs provides the following AV signatures for the archive and link file involved in the attack:• LNK/Agent.AMY!tr.dldr• PossibleThreat.PALLAS.HC2 address is blocked by FortiGuard Webfiltering Client. | Spam Guideline | ||
 |
2022-11-11 11:55:16 | Malware Campaign Redirects 15,000 Sites (lien direct) | It has been reported that security researchers have spotted an intriguing malware campaign designed to increase the search engine rankings of spam websites under the control of threat actors. | Spam Malware Threat | ||
|
2022-10-27 10:00:00 | 11 Cybersecurity investments you can make right now (lien direct) | This blog was written by an independent guest blogger. The average cost of a data breach will continue to rise, which means companies need to start planning accordingly. To protect your business, you need to invest in cybersecurity. Here are 11 areas you should focus on. Cyber insurance Cyber insurance is designed to protect businesses from the financial repercussions of a cyber-attack. It can cover costs such as business interruption, data recovery, legal expenses, and reputational damage. It is increasingly common across industries and at companies of all sizes, even small businesses, which have become a growing target of cybercriminals. Cyber insurance has also become a new compliance requirement in many industries, including healthcare, finance, and retail. In the event of a data breach, companies are often required to notify their customers and partners, which can be costly. Cyber insurance can help cover these expenses. Employee training Employees are often the weakest link in a company's cybersecurity defenses. They may not be aware of the latest cyber threats or how to protect themselves from them. That's why it's important to provide employees with regular training on cybersecurity risks and best practices. There are many different types of employee training programs available, ranging from in-person seminars to online courses. Some companies even offer financial incentives for employees who complete training programs. In the remote work era, employee education also increasingly means arming remote workers with knowledge that will keep company data safe while they are working on networks that might not be well secured. This is especially the case if you know people are connecting via public networks at cafes, co-working spaces, and airports. Endpoint security Endpoints are the devices that connect to a network, such as laptops, smartphones, and tablets. They are also a common entry point for cyber-attacks. That's why it's important to invest in endpoint security, which includes solutions such as antivirus software, firewalls, and encryption. You can invest in endpoint security by purchasing it from a vendor or by implementing it yourself. There are also many free and open-source solutions available. Make sure you test any endpoint security solution before deploying it in your environment. Identity and access management Identity and access management (IAM) is a process for managing user identities and permissions. It can be used to control who has access to what data and resources, and how they can use them. IAM solutions often include features such as Single Sign-On (SSO), which allows users to access multiple applications with one set of credentials, and two-factor authentication (2FA), which adds an extra layer of security. IAM solutions can be deployed on-premises or in the cloud. They can also be integrated with other security solutions, such as firewalls and intrusion detection systems. Intrusion detection and prevention Intrusion detection and prevention systems (IDPS) are designed to detect and prevent cyber-attacks. They work by monitoring network traffic for suspicious activity and blocking or flagging it as needed. IDPS solutions can be deployed on-premises or in the cloud. There are many different types of IDPS solutions available, ranging from simple network-based solutions to more sophisticated host-based ones. Make sure you choose a solution that is right for your environment and needs. Security information and event management Security information and event management (SIEM) solutions are designed to collect and analyze data from a variety of security | Data Breach Spam Malware Vulnerability Patching | ||
|
2022-10-26 23:52:48 | FormBook Malware Being Distributed as .NET (lien direct) | The FormBook malware that was recently detected by a V3 software had been downloaded to the system and executed while the user was using a web browser. FormBook is an info-stealer that aims to steal the user’s web browser login information, keyboard input, clipboard, and screenshots. It targets random individuals, and is usually distributed through spam mails or uploaded to infiltrated websites. FormBook operates by injecting into a running process memory, and the targets of injection are explorer.exe and arbitrary... | Spam Malware | ||
|
2022-10-25 17:15:56 | CVE-2022-3302 (lien direct) | The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin | Spam Guideline | ★★★ | |
|
2022-10-20 13:36:00 | Threat Hunting: Eight Tactics to Accelerating Threat Hunting (lien direct) | One of the more significant headaches in cyber security is the overuse of buzzwords and acronyms and the overlapping mutations of what they mean. Cyber threat Hunting has become one of those phrases, but it has gained clarity over the last few years as organizations strived to become more proactive. So what is threat hunting? Depending on who you ask, you may get somewhat different answers to the same question. Cyber threat hunting is a proactive approach to detecting suspicious activity from known or unknown, remediated, or unaddressed cyber threats within an organization’s networks. It involves finding malware such as viruses, Trojans, adware, spyware, ransomware, worms, bots, and botnets. The goal is for security analysts to find these threats before they cause damage to systems and data. It’s similar to how fire departments respond to fires; they go into buildings to ensure no additional problems before calling the firefighters. There is a vast collection of tools, skill sets, approaches, and processes to help identify advanced threats that could happen within the network. What is an effective hunting process for one organization may be a waste of time for another, depending on each company’s understanding of what threats they might face. Man-hours spent hunting are typically most beneficial for large organizations targeted by the cybercriminal community regularly, but that’s not to say that regular hunts for small/medium-sized enterprises can’t benefit from and identify threats by doing the same. Structured Threat Hunting The structured hunt is based on indicators of compromise (IOCs) and tactics, techniques, and procedures (TTP). IOCs provide information about potential adversaries, such as IP addresses, domain names, operating system versions, etc. TTPs describe how attackers operate and what tools they use. Combining IOCs and TTPs makes it possible to build a picture of the adversary. This approach allows us to detect threats earlier and prevent attacks. In addition, we can quickly identify the threat actors because each activity is described in detail. Unstructured Threat Hunting The concept of unstructured hunting is relatively new. It wasn’t until 2013 that we began seeing the emergence of unstructured hunters. Unstructured hunting is a method of finding malicious software (malware), such as viruses, Trojans, worms, etc., without knowing exactly what type of malware you are looking for. Instead, the hunter relies on behavioral analysis to find these threats. In short, unstructured hunting is investigative work where a cyber threat hunter observes behavior and looks for anomalies. For example, if someone sends out spam emails, a system administrator might notice unusual activity on his network and investigate further. If he finds something suspicious, he could take action immediately or wait a few days to see if the same email addresses start sending again. Traditional Threat Hunting The traditional definition of threat hunting can be defined as a focused and intensive human/machine-assisted process aimed to identify the possibility of something malicious happening within the network or likely about to happen; this is based on abnormal network behavior, artifacts, or identification via active threat research. A good example of this would be: A large bank has team members whose part of their job is to consume threat reports related to activity targeting their vertical and other companies that match their Enterprise profile. > A new threat report is published from an intel provider describing a new variant of malware that has been catastrophic at similar organizations. This report would ideally contain information around the process tree, registry key, etc., to help the cyber threat hunters not just hunt for detection of the associated IOCs but dig deeper to identify patterns that match the behavior of the malware across the network, like abnormal PowerShell executio | Spam Malware Tool Vulnerability Threat | ||
 |
2022-10-20 06:00:00 | Attackers switch to self-extracting password-protected archives to distribute email malware (lien direct) | Distributing malware inside password-protected archives has long been one of the main techniques used by attackers to bypass email security filters. More recently, researchers have spotted a variation that uses nested self-extracting archives that no longer require victims to input the password.“This is significant because one of the most difficult obstacles threat actors face when conducting this type of spam campaign is to convince the target to open the archive using the provided password,” researchers from Trustwave SpiderLabs said in a new report.To read this article in full, please click here | Spam Malware Threat |
To see everything:
Our RSS (filtrered)
