Security researcher abel took the wraps off Emotet’s new distribution technique that allows it to propagate through Microsoft OneNote email attachments. The operators have a history of deploying malicious macros on infected systems via Microsoft Word and Excel attachments. This new method of infection will help criminals dodge Microsoft security checks and infect more targets.
Tens of thousands of documents containing personal information of special education students within New York City’s public school system were held in an unsecured database exposed to the internet.
The email was spoofed to appear as if sent from the SVP and general counsel of a trusted, long-term partner company of the targeted enterprise, according to Abnormal Security.
Trigona ransomware, which surfaced in December 2022, targeted at least 15 organizations across different sectors in the U.S., Australia, Italy, France, New Zealand, and Germany. The malware is capable of getting initial access, performing reconnaissance, transferring malware via a remote monitoring and management software, creating new user accounts, and dropping ransomware.
This is the second ransomware gang claiming to have stolen data from the City of Oakland after Play ransomware took responsibility in early March for a mid-February cyberattack.
The UK’s leading cybersecurity agency has launched two new services designed to help the nation’s small businesses to more effectively enhance their cyber-risk management.
Researchers from Ruhr University Bochum, Germany, and the Max Planck Institute for Security and Privacy (MPI-SP) are pioneering innovative detection techniques to combat these hardware Trojans.
SentinelOne spotted the Winter Vivern APT group targeting Polish government agencies, Indian government entities, the Ukraine Ministry of Foreign Affairs, and the Italy Ministry of Foreign Affairs in cyberespionage campaigns since 2021.
“Should they click on the ‘apply’ button contained on these scam web pages, victims are redirected to phishing websites that the scammers create to harvest the credentials of victims’ social network accounts,” reads the advisory by Group-IB.
About 25% of respondents to a CyberRisk Alliance (CRA) survey who partially or fully implemented zero trust say they’ve had a hard time getting full buy-in from other departments when it comes to scaling these ideas across the enterprise.