Security News

Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses in Poland during May 2024 that led to the deployment of several malware families like Agent Tesla, Formbook, and Remcos RAT. Some of the other regions targeted by the campaigns include Italy and Romania, according to cybersecurity firm ESET. "Attackers used previously compromised email accounts and company servers, not only to spread malicious emails but also to host malware and collect stolen data," ESET researcher Jakub Kaloč said in a report published today. These campaigns, spread across nine waves, are notable for the use of a malware loader called DBatLoader to deliver the final payloads.

Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk. This comprehensive analysis, compiled by Cybersixgill's cyber threat intelligence experts, provides valuable insights into the tactics, techniques, and technologies employed by threat actors worldwide.

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve distributing a ZIP archive file named "Crowdstrike-hotfix.zip," which contains a malware loader named Hijack Loader that, in turn, launches the Remcos RAT payload. Specifically, the archive file also includes a text file with Spanish-language instructions that urges targets to run an executable file to recover from the issue.

In the field of threat intelligence there are specific ways in which AI tools are showing huge promise for cybersecurity teams, including in lifting the lid on dark web threats. There is a role for AI in gathering data from the dark web, applying structure to it, and ultimately turning it into intelligence that organizations can use to inform their security strategy.

Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks. "Older, unlicensed versions of the Cobalt Strike red teaming tool were targeted during a week of action coordinated from Europol's headquarters between 24 and 28 June," said Europol.

Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known...

The nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, according to findings from cybersecurity firm Intezer. "The loader is...

Operation Endgame, announced by Europol yesterday, led to the seizure of 100 servers used in multiple malware operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. The law enforcement crackdown also involved four arrests, one in Armenia and three in Ukraine. Yesterday, the Federal Criminal Police Office of Germany revealed the identities of eight cybercriminals of Russian descent, who are thought to have held central roles in the Smokeloader and Trickbot malware operations.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

An international law enforcement operation codenamed 'Operation Endgame' has seized over 100 servers worldwide used by multiple major malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. The action, which occurred between May 27 and 29, 2024, involved 16 location searches across Europe and led to the arrest of four individuals, one in Armenia and three in Ukraine. The police have identified eight fugitives linked to the malware operations, who will be added to Europol's 'Most Wanted' list later today.