Cybercriminals are planting maldocs in chat threads on Microsoft Teams. Users accessing it might end up giving control of their systems to hackers. Organizations are suggested to deploy email gateway security that secures communication...
Iranian MuddyWater APT has reportedly launched fresh attacks targeting the users in the Turkish government and other private organizations in the country. Hackers lure victims via maldocs that masquerade as genuine documents from the...
A North Korea-linked APT group has been spotted targeting cryptocurrency startups worldwide with fake MetaMask browser extensions to steal cryptocurrency from users’ wallets. The attackers work around a complex infrastructure, including various exploits and...
Threat actors behind Dridex malware found luring people with fake employee termination emails. The emails are used as bait to open a malicious Excel document that trolls the victim. The document, once opened, installs other...
Researchers have discovered that it is possible to manipulate traffic on a WiFi chip and extract passwords. They named the technique coexistence attacks. An attacker can even run malicious code on a compromised WiFi...
Minerva Labs disclosed that the StrongPity APT group has been distributing malicious Notepad++ installers to infect targets. The malware has the ability to steal files, along with other data. Notepad++ users are suggested to...
Proofpoint identified three state-sponsored threat actors from India, Russia, and China adopting RTF template injection methods in their phishing campaigns. The adoption of this technique has made attacks from the group much harder to...
A new Iranian actor was spotted abusing an RCE flaw in Microsoft MSHTML to target Farsi-speaking people globally and stealing their Google and Instagram credentials. The attacks started in July via spear-phishing emails that...
In a new attack campaign, the Aggah threat group is deploying clipboard hijacking code to replace a victim’s cryptocurrency address with an address to redirect cryptocurrency transactions. Researchers observed seven different cryptocurrency addresses in...
Attackers are targeting unpatched Exchange servers for vulnerabilities such as ProxyLogon and ProxyShell to breach corporate email servers and drop multiple malware. In one of the attacks, the researchers have seen the distribution of...
BlackBerry discovered that actors behind MountLocker, Phobos, and the StrongPity APT are dependent on a common initial access broker, dubbed Zebra2104, for their malware campaigns. The broker has helped criminals break into the networks...
A report by Cyware, Ivanti, and Cyber Security Works noted a 4.5% rise in CVEs associated with ransomware, with a 3.4% rise in ransomware families exploiting those. The total count of older vulnerabilities is...
The TeamTNT group has upped its game in recent times. Recently, it was found targeting Docker servers exposing Docker REST APIs for cryptomining purposes, under the campaign that was set off in October. Experts...
Researchers have disclosed details about a now-patched critical vulnerability in a time and billing system called BillQuick that was being by a new ransomware group. It can be triggered simply by using login requests...
Researchers at Texas A&M University and the University of Florida discovered Gummy Browsers, a new fingerprint capturing and browser spoofing attack. This attack technique can be leveraged to bypass 2FA on auth systems. While security...
Academics from universities developed a new attack technique, dubbed SmashEx, that runs into Intel SGX and can allow adversaries to steal confidential data from Intel CPUs. The new vulnerability tracked by Intel as CVE-2021-0186...
