In a recent phishing campaign, hackers have employed sophisticated obfuscation tactics to deceive unsuspecting users into visiting malicious websites and disclosing sensitive information.
The vulnerability is tracked as CVE-2023-29336 and was originally discovered by cybersecurity firm Avast. It was assigned a CVSS v3.1 severity rating of 7.8 as it allows low-privileged users to gain Windows SYSTEM privileges.
Elliptic researchers said that by tracking some of the stolen crypto, they were able to collect information about how it was handled and laundered, with the audit trail pointing in the direction of Lazarus Group.
The institution’s management described the attack as coming “from a foreign country” but said its security systems triggered an alert allowing them to take the network offline before “great damage” was caused.
Less than a month after BIMI’s roll-out, scammers found a way around its controls and were able to successfully impersonate brands, sending emails to Google users that impersonated the logistics giant UPS.
The group targets bank customers and cryptocurrency traders in various regions, including North America and Europe, as well as government entities in Europe and Central Asia.
Interpol is concerned about the threat, which first emerged in 2021, as it has spread from a focus on Chinese-speaking victims based in China, Malaysia, Thailand, and Singapore, to as far afield as South America, East Africa, and Western Europe.
The exposed AWS bucket held hundreds of thousands of files with sensitive information, including user-submitted resumes with details such as full names, dates of birth, and occupation history.
A researcher has disclosed the details of serious vulnerabilities discovered in a Honda e-commerce platform used for equipment sales. Exploitation of the flaws could have allowed an attacker to gain access to customer and dealer information.
The rule would apply to all contracts, even those below the “simplified acquisition threshold” of $250,000, purchases of commercial and off-the-shelf equipment, and commercial services.