Security News

An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian...

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing...

In 2023, 50% of malware detections for SMBs were keyloggers, spyware and stealers, malware that attackers use to steal data and credentials, according to Sophos. "The value of 'data,' as currency has increased exponentially among cybercriminals, and this is particularly true for SMBs, which tend to use one service or software application, per function, for their entire operation. For example, let's say attackers deploy an infostealer on their target's network to steal credentials and then get hold of the password for the company's accounting software. Attackers could then gain access to the targeted company's financials and have the ability to funnel funds into their own accounts," said Christopher Budd, director of Sophos X-Ops research at Sophos.

There's no date on the update, but as far as we can make out, LastPass just [2023-02-27] published a short document entitled Incident 2 - Additional details of the attack. As you probably remember, because the bad news broke just before the Christmas holiday season in December 2022, LastPass suffered what's known in the jargon as a lateral movement attack.

A novel phishing campaign is underway, targeting Greeks with phishing sites that mimic the state's official tax refund platform and steal credentials as they type them. The threat actors are sending phishing emails claiming that the Hellenic Tax Office has calculated a tax return amounting to 634 Euros but failed to send the funds to the beneficiary's bank account due to validation issues.

In lieu of malware, attackers can use ScanBox in conjunction with watering hole attacks. Adversaries load the malicious JavaScript onto a compromised website where the ScanBox acts as a keylogger snagging all of a user's typed activity on the infected watering hole website.

While most malicious e-mail campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware, researchers have found. "While Office formats remain popular, this campaign shows how attackers are also using weaponized PDF documents to infect systems," HP Wolf Security researcher Patrick Schlapfer wrote in the post, which opined in the headline that "PDF Malware Is Not Yet Dead."Indeed, attackers using malicious email campaigns have preferred to package malware in Microsoft Office file formats, particularly Word and Excel, for the past decade, Schlapfer said.

Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. In a new report by HP Wolf Security, researchers illustrate how PDFs are being used as a transport for documents with malicious macros that download and install information-stealing malware on victim's machines.

Six-year-old keylogger malware called Agent Tesla has been updated again, this time with expanded targeting and improved data exfiltration features. "Threat actors who transition to this version of Agent Tesla gain the capability to target a wider range of stored credentials, including those for web browser, email, VPN and other services," said Aaron Riley, cyber threat intelligence analyst with Cofense in a Tuesday analysis.

A rare new ransomware strain targeting macOS users has been discovered, called EvilQuest. While Devadoss found the ransomware purporting to be a Google Software Update package, Wardle inspected a ransomware sample that was being distributed via a pirated version of "Mixed In Key 8," which is software that helps DJs mix their songs.