AlienFox is a modular toolset comprising various custom tools and modified open-source utilities created by different authors. Threat actors use AlienFox to collect lists of misconfigured cloud endpoints from security scanning platforms.

The number of credential phishing emails sent spiked by 478%. Emotet and QakBot are the top malware families observed. For the eighth consecutive year, business email compromise (BEC) ranked as the top cybercrime.

A majority of organizations reported that global geopolitical instability has influenced their cyber strategy “moderately” or “substantially”. Their biggest concerns regarding cyberattacks are business continuity (67%) and reputational damage (65%).

Successful exploitation on unpatched devices using Sudo versions 1.8.0 through 1.9.12p1 could enable attackers to escalate privileges by editing unauthorized files after appending arbitrary entries to the list of files to process.

While CrowdStrike suspects a North Korean state-backed hacking group it tracks as Labyrinth Collima is behind this attack, Sophos’ researchers say they “cannot verify this attribution with high confidence.”

Mandiant identified a North Korean threat actor, named APT43, conducting cyberespionage campaigns against government organizations in the U.S. and South Korea. Besides its own, APT43 leverages its own set of custom malware, such as Pencildown, Venombite, Pendown, Laptop, Hangman backdoor, and others, not used by other attackers.

The company’s founders argue that an organization’s identity surface is now the number one attack vector, yet as companies increasingly rely on an ever-growing number of third-party services, that’s also becoming increasingly hard to manage.

Over the past few months, threat actors have been spreading ShellBot and Moobot malware on exploitable servers. Compromised victims can be controlled and used as DDoS bots after receiving a command from a C2 server.

MacStealer is a new information-stealing malware threat attempting to pilfer sensitive information from compromised macOS devices. The malware uses Telegram as its C2 channel and specifically affects devices running Catalina and later versions on M1 and M2 CPUs. It can harvest documents, browser cookies, and login information from individuals.