The cybercriminal group, which goes by the moniker “Forza Tools,” was seen offering Legion – a Python-based credential harvester and SMTP hijacking tool. The malware targets online email services for phishing and spam attacks. Experts suggest it is likely based on the AndroxGhOst malware and has several feature modules.
QuaDream, an Israeli company best known for its malware Reign, has launched the new commercial spyware KingsPawn (a Pegasus-like threat). To begin the attack, iCloud calendar invitations with backdated timestamps are sent to targeted iOS devices. Experts recommend following best practices, such as enabling automatic software updates and using reliable anti-malware software to stay protected.
It is now apparent that LockBit messed up, confusing Darktrace with threat intelligence company DarkTracer which tweeted about the gang’s leak site being flooded with fake victims.
The malvertising campaign is run via Google ads aimed at seniors. The threat actor is creating hundreds of fake websites via Weebly to host decoy content to fool search engines and crawlers while redirecting victims to a fake computer alert.
The new, rather sophisticated PowerShell script automates data theft from compromised networks. The script uses PowerShell to automate data exfiltration and consists of multiple functions, including Work(), Show(), CreateJobLocal(), and fill().
Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with reporting the issue on April 11, 2023.
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
CERT-In issued an ‘Urgent- High Alert’ warning to all Central and state agencies and departments to be alert of potential attacks by Indonesian hackers and report any such incidents to them immediately.
Weak passwords and other comprises of user identity continue to drive security incidents for Google Cloud customers, with weak passwords accounting for nearly half of the incidents affecting its clients, according to a report released by the company.