A phishing campaign called EvilProxy has targeted thousands of Microsoft 365 user accounts worldwide, sending 120,000 phishing emails to over 100 organizations in a three-month period. The goal of the campaign is to compromise the cloud accounts of high-level executives in order to launch further attacks within the organization. The attackers used a combination of phishing tactics, including brand impersonation and scan blocking, to successfully take over the accounts of top-level executives, bypassing multi-factor authentication (MFA) using the EvilProxy phishing-as-a-service offering.
A Belarus-linked advanced persistent threat (APT) group known as ‘MoustachedBouncer’ has been spying on staff in at least four embassies in Belarus, likely by leveraging the country’s local Internet service provider (ISP). The group used bespoke infostealer malware to compromise diplomats from southeast Asian, African, and European countries. The exact method of intrusion is not yet proven, but it is believed that MoustachedBouncer took advantage of lawful communications interception technology used by the governments of Belarus and Russia at the ISP level.
Malicious actors are using the legitimate Rust-based injector Freeze[.]rs to deploy the XWorm malware in targeted environments. The attack chain begins with a phishing email containing a booby-trapped PDF file, which redirects to an HTML file that executes Freeze[.]rs and SYK Crypter. The combination of XWorm and Remcos RAT creates a powerful trojan with various malicious functionalities, primarily targeting Europe and North America.
A new information malware strain called Statc Stealer has been discovered, targeting devices running Microsoft Windows to steal sensitive personal and payment information. The malware can steal data from various web browsers, cryptocurrency wallets, and messaging apps. It uses sophisticated techniques to evade detection and establishes connections with a command-and-control server to exfiltrate the stolen data. Cybersecurity professionals should be aware of this new threat and take necessary precautions to protect sensitive information.
The Sogou Input Method, a widely used Chinese language app for Windows and Android, has been found to have serious security flaws that could allow attackers to decipher users’ typed text. The vulnerabilities are rooted in the app’s custom encryption system, allowing network eavesdroppers to access sensitive data. The iOS version of the app was found to be secure against network eavesdropping, but had a separate defect that could allow the recovery of the encryption key.
Interpol has taken down the phishing-as-a-service platform called 16Shop and arrested three individuals in Indonesia and Japan. 16Shop sold phishing kits that allowed cybercriminals to launch large-scale phishing attacks on popular services like Apple, PayPal, and Amazon. Over 70,000 users across 43 countries were compromised through services offered on 16Shop.
Kaspersky warns that when disposing of old gadgets, it is important to clear the stored Wi-Fi network information as it can be easily retrieved by threat actors. Criminals can access and steal Wi-Fi networks even after a factory reset by using clues left behind on the device. Breaching a Wi-Fi network can lead to various consequences such as slower internet, leaked IP addresses, and even blocking by ISPs.
The Defense Advanced Research Projects Agency (DARPA) has announced a two-year competition called the AI Cyber Challenge (AIxCC) to create AI-driven systems that can address cybersecurity issues and ensure more secure software. The challenge aims to design AI systems that can rapidly find and fix vulnerabilities in critical code. The competition is backed by Google, Anthropic, Microsoft, and OpenAI, and offers prizes of up to $20 million to the teams with the best systems.
Researchers have discovered vulnerabilities in popular digital signature schemes used to protect cryptocurrency wallets, which could allow attackers to steal private keys and gain access to digital assets. The vulnerabilities affect protocols such as Lindell17, GG18, and GG20, used by popular wallet providers including Zengo and Coinbase. While Zengo and Coinbase have mitigated the issue, the discovery highlights the need for additional security layers and high-quality detection systems to protect against such attacks.
Researchers at SafeBreach have discovered a security feature bypass vulnerability in Windows Defender that allows attackers to hijack the signature-update process and use it to sneak in malware, delete benign files, and trigger a denial-of-service condition on target systems. The researchers were able to achieve these objectives and even developed an automated tool called wd-pretender to implement the attack vectors. Microsoft has patched the flaw, but the incident highlights the need for further research to ensure the security of signature update processes.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.