As they say, when it rains, it pours. Recently, we observed more than 3,000 phishing emails containing phishing URLs abusing services at workers.dev and pages.dev domains.
Two UK teenagers were accused of being key members of the notorious hacking group Lapsus$, with prosecutors alleging that the pair were involved in attacks on companies including Nvidia Corp., Rockstar Games Inc., and Uber Technologies Inc.
A flaw in Revolut’s payment system in the US allowed criminals to steal more than $20mn of its funds over several months last year before the company could close the loophole, according to multiple people with knowledge of the episode.
In a recent investigation by Microsoft Incident Response of a BlackByte 2.0 ransomware attack, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization.
Collecte de données privées, désinformation et tentative d’influence politique: entre 2017 et au moins 2020, l’entreprise Alp Services à Genève orchestre dans le plus grand secret plusieurs actions pour le compte des Emirats arabes unis, révèlent des documents confidentiels obtenus par Mediapart, et partagés notamment avec la RTS
Read Uptycs' analysis of the newly discovered Meduza Stealer malware targeting Windows users, revealing capabilities, potential impact & mitigation steps.
This week, our engine detected two spyware hiding on the Google Play Store and affecting up to 1.5 million users.
“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.
One incident affected the OCR and Pearson Edexcel examiners, and another hit AQA, Britain's largest exam board.
The bureau is trying to take the fight to foreign ransomware gangs, even if it means giving up on bringing some of them behind bars.
Japan’s biggest port, the Port of Nagoya, has been shut down after a cyberattack by the LockBit ransomware gang. The Russian cybercriminals have been on a crime spree this week, claiming ten new victims in the last five days.
Threat actors are using increasingly sophisticated forms of evasion and anti-analysis as they respond to increased attention to macOS security in the enterprise.
Operation Nervone has dealt a significant blow to the OPERA1ER group.
The infamous Clop ransomware, mainly known as Cl0p, targets various industries and organizations, extorting data for a huge amount of ransom. It advances actively with new emerging campaigns. This blog walks through the Clop timeline, Mitre TTPs and their emulation.
Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application.
Le groupe Cl0p a poursuivi la diffusion des données volées à Cegedim à l’occasion de sa campagne de cyberattaques contre les instances MOVEit Transfer. Il met désormais à disposition plus de 1,5 To de données.
Plus furtive et discrète que les cyberattaques avec rançongiciel, la menace des maliciels dérobeurs se maintient à un niveau élevé. Panorama de la menace en collaboration avec Sekoia.io.
DDoSia is a DDoS attack toolkit used by the pro-Russia hacktivist group NoName057(16) against countries critical the invasion of Ukraine.
In the last couple of months, Check Point Research (CPR) has been tracking the activity of a Chinese threat actor targeting Foreign Affairs ministries and embassies in Europe. Combined with other Chinese activity previously reported by Check Point Research, this represents a larger trend within the Chinese ecosystem, pointing to a shift to targeting European entities, with a focus on their foreign policy.
The activity described in this report, utilizes HTML Smuggling to target governmental entities in Eastern Europe. This specific campaign has been active since at least December 2022, and is likely a direct continuation of a previously reported campaign attributed to RedDelta (and also to Mustang Panda, to some extent).
We examine malicious Cobalt Strike case studies with distinct techniques using Malleable C2 profiles.
