'

Canadian Man Arrested in Snowflake Data Extortions

A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka’s … Read more

ClickFix Exploits GMeet & Zoom Pages to Deliver Sophisticated Malware

A new tactic, “ClickFix,” has emerged. It exploits fake Google Meet and Zoom pages to deliver sophisticated malware. The Sekoia Threat Detection & Research (TDR) team monitors this social engineering strategy closely. It represents a significant evolution in how threat actors deceive users into compromising their systems. The ClickFix strategy involves displaying deceptive error messages … Read more

APT36 Hackers Attacking Windows Deevices With ElizaRAT

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware like ElizaRAT, which is designed for espionage. It leverages cloud-based services for covert communication and data exfiltration.  Recent campaigns have seen significant enhancements in ElizaRAT’s evasion techniques, making it a potent tool for persistent attacks. The integration of ApoloStealer into the … Read more

Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints

Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to test an AV/EDR bypass tool were compromised, granting unauthorized access. The threat actor utilized a bypass tool, likely purchased from cybercrime forums, to compromise the system. Subsequent analysis of recovered files and digital footprints revealed the identity of one of the … Read more

Hackers Created 100+ Fake Web Stores To Steal Millions Of Dollars From Customers

The Phish, ‘n’ Ships fraud operation leverages, compromised websites to redirect users to fake online stores, which, optimized for search engine visibility, trick victims into providing credit card details to third-party payment processors, resulting in financial loss without receiving any products.  Phishing attacks exploit consumer demand for hard-to-find items, redirecting victims to fake online stores. … Read more

Threat Actor IntelBroker Claims Leak of Nokia’s Source Code

The threat actor known as IntelBroker, in collaboration with EnergyWeaponUser, has claimed responsibility for a significant data breach involving Nokia’s proprietary source code. The news, which has sent ripples through the tech industry, was shared on social media, highlighting the potential consequences for Nokia and its stakeholders.  The breach reportedly involves a substantial collection of … Read more

Understanding CVE-2024-21320: Windows Themes Spoofing Vulnerability

In today’s security landscape, a recently discovered vulnerability, CVE-2024-21320, has raised concerns. This flaw, identified within Windows Themes, could allow unauthorized users to bypass spoofing protections and perform unintended actions on a target machine. Rated as a medium-severity issue by the National Vulnerability Database (NVD), this vulnerability highlights the importance of awareness and preventive action … Read more

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in various sectors. The attacks involve sending signed RDP configuration files to thousands of targets, aiming to compromise systems for intelligence gathering.  The actor impersonates Microsoft employees and references other cloud providers to increase credibility, so users are advised to be … Read more

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against critical Ukrainian infrastructure, including government agencies, key industries, and military entities. Phishing emails promoting integration with Amazon, Microsoft, and ZTA contained malicious .rdp files. Upon opening, these files connected devices to attacker-controlled servers, compromising security. The sophisticated attack leveraged a … Read more