Apr 09, 2024NewsroomCyber Espionage / Malware Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks to trick victims into installing bogus Android apps and serve credential harvesting pages for Windows users. Cisco Talos is tracking the activity cluster under the name Starry…

Read More

Apr 09, 2024NewsroomBotnet / Crypto Mining A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report…

Read More

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack that From the executive summary: The Board finds that this intrusion was preventable and should never have occurred. The Board also…

Read More

Apr 09, 2024NewsroomVulnerability / IoT Security Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed…

Read More

ARC Labs recently analyzed a phishing email used in a credential harvesting campaign that leveraged a lure notifying the target they received a voice message and needed to visit a link to access it.  Analysis of the payload revealed heavily obfuscated HTML data which executed JavaScript code embedded within an SVG image when the page…

Read More

2023 CL0P Growth Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the ‘CryptoMix’ ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to 2022. But in 2023 the CL0P ransomware gang took itself…

Read More

Laravel is a free and open-source PHP-based web framework for building high-end web applications. This vulnerability allows unauthenticated attackers to execute arbitrary codes on the affected systems. The threat actor’s exploitation of the Laravel applications also led Sysdig to evidence that the group was using secure shell (SSH) brute forcing as another way the group…

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In our always-online world, we’re facing a new kind of cyber threat that’s just as sneaky as it is harmful: subtextual attacks. These…

Read More

Apr 09, 2024NewsroomMalware / Cryptojacking Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked,…

Read More

Apr 09, 2024NewsroomBotnet / Vulnerability Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status.…

Read More