The concept is simple, the FBI explains: “Scammers impersonate bank reps to convince victims that hackers have infiltrated their financial account. Victims are urged to move their money fast to protect their assets. In reality, there was never a hacker, and the money that was wired is now fully controlled by the scammer.”
In an incident response in Q4 of 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints. The threat actor later leveraged this access to deploy RansomHub encryptors throughout the entire impacted network. ReliaQuest documented an earlier version of this malware on their website in February 2024.
Online criminals are targeting individuals and businesses that advertise via Google Ads by phishing them for their credentials — ironically — via fraudulent Google ads.
The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages. We believe their goal is to resell those accounts on blackhat forums, while also keeping some to themselves to perpetuate these campaigns.
This is the most egregious malvertising operation we have ever tracked, getting to the core of Google’s business and likely affecting thousands of their customers worldwide. We have been reporting new incidents around the clock and yet keep identifying new ones, even at the time of publication.
Since September, Check Point Research has been monitoring a new version of the Banshee macOS stealer, a malware linked to Russian-speaking cyber criminals targeting macOS users.
This new version had been undetected for over two months until the original version of Banshee Stealer was leaked on XSS forums, which resembled similarities with the malware’s core functionality.
One notable difference between the leaked source code and the version discovered by Check Point Research is the use of a string encryption algorithm. This algorithm is the same as Apple uses in its Xprotect antivirus engine for MacOS.
One method of distributing Banshee Stealer involved malicious GitHub repositories, targeting Windows users with Lumma Stealer and macOS users with Banshee Stealer.
Banshee operated as a ‘stealer-as-a-service’, priced at $3,000, and was advertised through Telegram and forums such as XSS and Exploit. On November 23, 2024, the malware’s source code was leaked, leading the author to shut down the operations the following day.
Despite shutting down the operation, threat actors continue to distribute the new version of Banshee via phishing websites.
A spate of devastating attacks on the health care sector prompts Brussels to ramp up funding and threat intelligence.
The Commission has presented an EU Action Plan to strengthen the cybersecurity of hospitals and healthcare providers. This initiative is a key priority within the first 100 days of the new mandate, aiming to create a safer and more secure environment for patients.
In 2023 alone, EU countries reported 309 significant cybersecurity incidents targeting the healthcare sector – more than any other critical sector. As healthcare providers increasingly use digital health records, the risk of data-related threats continues to rise. Many systems can be affected, including electronic health records, hospital workflow systems, and medical devices. Such threats can compromise patient care and even put lives at risk.
Now we’re in 2025, a lot more services are offering passkeys as a replacement for passwords and the NCSC believes they are the future of modern authentication. However, there are still some significant bumps in the road ahead. Here we set out the case for mass adoption of passkeys and outline the remaining issues which are hindering their widespread implementation. The NCSC will work alongside industry to help resolve these problems and help to get passkeys over the line.
ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate. Exploitation of this vulnerability leads to the execution of untrusted code during system boot, enabling potential attackers to easily deploy malicious UEFI bootkits (such as Bootkitty or BlackLotus) even on systems with UEFI Secure Boot enabled, regardless of the installed operating system.
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
Chinese hackers breached the US government office that reviews foreign investments for national security risks, three US officials familiar with the matter told CNN.
The theft, which has not previously been reported, underscores Beijing’s keen interest in spying on a US government office that has broad powers to block Chinese investment in the US as tensions between the world’s two superpowers remain high.
The breach was part of a broader incursion by the hackers into the Treasury Department’s unclassified system. The office targeted by the hackers, the Committee on Foreign Investment in the US (CFIUS), in December gained greater authority to scrutinize real estate sales near US military bases. US lawmakers and national security officials have grown increasingly worried that the Chinese government or its proxies could use land acquisitions to spy on those bases.
In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group. This is the first time we have identified a shift in Star Blizzard’s longstanding tactics, techniques, and procedures (TTPs) to leverage a […]
Personal data of nearly 100,000 individuals that have participated in trainings organized by EU CEPOL has potentially been compromised.
France's Navy personnel revealed classified information about submarine patrols through the Strava fitness app, found an investigation by Le Monde.
In 2024, ransomware groups claimed responsibility for 5,461 successful ransomware attacks on organizations worldwide. 1,204 of these attacks were confirmed by the targeted organizations. The rest were claimed by ransomware groups on their data leak sites, but have not been acknowledged by the targets.
Elle estimait que la société chargée du renouvellement de ses serveurs informatiques avait failli dans sa mission.
This blog analysis regarding a recent threat actor posting, which claims to offer compromised configuration and VPN credentials from FortiGate devices, provides factual information to help our customers better understand the situation and make informed decisions.
Open-source intelligence reveals the server-side code of this pernicious SEO-driven malware – without needing a lawyer afterward
Back in 2022, Fortinet warned that somebody had a zero day vulnerability and was using it to exploit Fortigate firewalls https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684
Today, Belsen Group publicly released Fortigate firewall configs from just over 15k unique devices:
Third-party scripts are a key part of the supply chain, giving 3rd party access to sensitive data or allowing malicious actions in the browser of your user. c/side helps you regain control over your website.
Introduction In the ever-evolving world of cybercrime, IntelBroker has emerged as one of its most prominent figures. Known for his high-profile breaches, IntelBroker’s actions have shaken both corporations and government entities alike. At KELA, our deep dive into his online presence has revealed valuable insights, with OSINT traces playing a pivotal role in uncovering his […]
Several websites were inaccessible for a two-hour period on Friday afternoon
Prohibition would bring the NHS, schools and local councils into line with government departments
Stay updated on the latest developments of the Chrome Web Store incident involving Cyberhaven's compromised extension. Follow live updates, detailed analysis, impacted extensions, and expert recommendations for safeguarding your organization against similar attacks
Le piratage qui a touché le groupe médical Vidymed révèle la fragilité des entreprises face à la montée en puissance des criminels de l'informatique.
The Hellcat ransomware group has stolen roughly 5,000 documents, potentially containing confidential information, from the telecom giant's internal database.
Ciblée par une cyberattaque début décembre, VidyMed avait directement coupé l’accès aux systèmes pour contenir l’im
Executive Summary: Since September, Check Point Research (CPR) has been monitoring a new version of the Banshee macOS Stealer, a malware that steals
A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key.
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.
#Apple #Computer #InfoSec #Integrity #Microsoft #Protection #SIP #Security #System #Vulnerability #macOS
Nominet, the U.K. domain registry that maintains .co.uk domains, has experienced a cybersecurity incident that it confirmed is linked to the recent
Scholastic hack: A furry breached the education company Scholastic this month and stole data on 8 million people, the Daily Dot has learned.
