A newly discovered multi-stage AitM phishing and BEC attack campaign has been targeting banking and financial organizations. The phishing kit enabled the attackers to send out more than 16,000 emails to a target’s contacts as part of the second-stage phishing campaign. To remediate the issue, it is recommended to reset the passwords for compromised users.
The websites of several Swiss federal agencies and state-linked companies were inaccessible on Monday, June 12, 2023, due to a cyberattack, Switzerland’s finance ministry has confirmed.
SPECTRALVIPER is designed to contact an attacker-controlled server and awaits further commands while also adopting obfuscation methods like control flow flattening to resist analysis.
Security executives are overwhelmingly craving more AI solutions in 2023 to help them battle the growing cybersecurity threat landscape, according to a report by Netrix Global.
Scam Sniffer used blockchain analysis to detect the Pink Drainer hacking group, which it said has now stolen over $3 million from more than 2000 victims, some of which are said to be high-profile individuals such as OpenAI CTO Mira Murati.
In their haste to make money, some new players are picking over the discarded remnants of previous ransomware groups, cobbling together ransomware rather than going through the trouble of coding bespoke crypto-locking software.
According to The Athletic, three class action lawsuits related to the breach were combined into one case. The plaintiffs filed settlement papers in California federal court, the site reported, which they described as an “unopposed motion.”
Researchers found that the Strava heatmap feature opens up the possibility for tracking and de-anonymizing users using publicly available heatmap data combined with specific user metadata.
In addition to the rise in botnet-driven DDoS attacks, Nokia’s Threat Intelligence Report highlighted a doubling in the number of trojans targeting personal banking information on mobile devices, now accounting for 9% of all infections.
The vulnerability, tracked as CVE-2023-27997, is “reachable pre-authentication, on every SSL VPN appliance,” Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend.