'

Cyber Signals: Inside the growing risk of gift card fraud

Cyber Signals: Inside the growing risk of gift card fraud

In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank account attached to them, which can lessen scrutiny of their potentially suspicious … Read more

Google Fixes Another Chrome Zero Day

Google Fixes Another Chrome Zero Day

Google has released an update for Chrome that fixes a serious vulnerability that has been exploited in the wild. This is the eighth zero day that Google has patched in Chrome in the last five months. The latest flaw (CVE-2024-5274) is a type confusion bug in the V8 engine in Chrome, and one of Google’s … Read more

Categories duo

Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program

Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program

In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing ZIP and RAR attachments to distribute SMOKELOADER malware. The most recent attacks involve emails that carry Microsoft Access files and ZIP archives that, when opened, install weaponized malware on compromised systems, such as RMS and TALESHOT. The government computer emergency response … Read more

Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft

Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft

Gift cards are attractive to hackers since they provide quick monetization for stolen data or compromised systems. Reselling gift cards is simple, and they can also be converted into money, which makes them a comparatively risk-free means of ensuring threat actors benefit greatly from their illegal undertakings. Microsoft cybersecurity analysts recently discovered that the gift … Read more

Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities

Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities

The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining attacks in the cloud. Unlike on-premises infrastructure, whereby it is difficult to scale up resources, cloud environments enable attackers to deploy resources for cryptomining rapidly, making exploitation easier.  One of the most common threats of cloud cryptomining is “Kinsing malware.” Cybersecurity … Read more

NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers

NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers

Zero Trust Maturity measures the extent to which an organization has adopted and implemented the Zero Trust security model.  It calculates how fully a company has adopted Zero Trust’s foundational concepts, such as stringent authentication of each user, device, and application. Recently, the NSA released guidance on Zero Trust Maturity to secure the application from … Read more

Chinese Hackers Stay Hidden On Military And Government Networks For Six Years

Chinese Hackers Stay Hidden On Military And Government Networks For Six Years

Hackers target military and government networks for varied reasons, primarily related to spying, which involves interference in the functioning of critical infrastructure.  This is mainly because these networks hold sensitive data and command systems that if tampered with can be a great blow to national security through the collection of intelligence information or even gaining … Read more

DNSBomb : A New DoS Attack That Exploits DNS Queries

DNSBomb : A New DoS Attack That Exploits DNS Queries

A new practical and powerful Denial of service attack has been discovered that exploits DNS queries and responses. This new attack has been termed “DNSBomb,” which transforms different security mechanisms employed by DNS, including reliability enhancement, security protection, timeout, query aggregation, and response fast-returning, into powerful attack vectors. Additionally, the DNSBomb attack exploits other mechanisms, … Read more

Malicious PyPI & NPM Packages Attacking MacOS Users

Malicious PyPI & NPM Packages Attacking MacOS Users

Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users. These packages, found on the Python Package Index (PyPI) and NPM, have been meticulously analyzed to uncover their malicious intent and sophisticated attack mechanisms. GuardDog: The Sentinel Against Malicious Packages In late 2022, a CLI-based tool named GuardDog was released. Utilizing Semgrep … Read more

Beware Of HTML That Masquerade As PDF Viewer Login Pages

Beware Of HTML That Masquerade As PDF Viewer Login Pages

Phishing attacks have evolved into increasingly sophisticated schemes to trick users into revealing their personal information. One such method that has gained prominence involves phishing emails masquerading as PDF viewer login pages. Phishing Email Instance These deceptive emails lure unsuspecting users into entering their email addresses and passwords, compromising their online security. Forcepoint X-Labs has recently observed many phishing emails targeting various government departments in the Asia-Pacific (APAC) region. These emails masquerade as PDF viewer login pages, with the primary goal of harvesting user credentials. … Read more

Stark Industries Solutions: An Iron Hammer in the Cloud

Stark Industries Solutions: An Iron Hammer in the Cloud

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is … Read more

Privacy, Security Concerns Mount Over Microsoft Recall Feature

Privacy, Security Concerns Mount Over Microsoft Recall Feature

Privacy experts are criticizing a new Microsoft feature on its recently announced Copilot Plus PCs that takes continuous screenshots of users’ activity, which could include passwords or financial account numbers, and stores those screenshots locally on their devices. The purpose of the feature, called Recall, is to serve as a search tool to help consumers … Read more

Categories duo