Security News
The real impact of the cybersecurity poverty line on small organizationsIn this Help Net Security interview, Brent Deterding, CISO at Afni, delves into the realities and myths surrounding the cybersecurity poverty line, exploring the role of budget, knowledge, and leadership. Cisco IOS XE zero-day exploited by attackers to deliver implantA previously unknown vulnerability affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today.
A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer, indicating that it's being actively maintained by its author. An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023.
"And with businesses now leveraging the reach of social media for advertising, attackers have a new, highly-lucrative type of attack to add to their arsenal - hijacking business accounts." Cyber attacks targeting Meta Business and Facebook accounts have gained popularity over the past year, courtesy of activity clusters such as Ducktail and NodeStealer that are known to raid businesses and individuals operating on Facebook.
A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks. Dubbed Nitrogen, the "Opportunistic" activity is designed to deploy second-stage attack tools such as Cobalt Strike, Sophos said in a Wednesday analysis.
Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application. "Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations," Trend Micro researchers said in an analysis published last week.
The shift to Google malvertising is the latest example of how crimeware actors are devising alternate delivery routes to distribute malware ever since Microsoft announced plans to block the execution of macros in Office by default from files downloaded from the internet. NET applications for concealing its behavior and are tasked with distributing the FormBook malware family.
NET loaders that are highly obfuscated and dropping info-stealer malware. The loaders are distributing the Formbook info-stealing malware collection as part of an ongoing campaign, the researchers write in a report out this week.
Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced on top of Google search results in the form of malicious ads by hijacking searches for specific keywords.
A sophisticated and very patient threat group behind a global malvertising scheme is using so-called aged domains to skirt past cybersecurity tools and catch victims in investment scams. Cybercriminals who run malvertising campaigns typically will spin up a domain and quickly put it into use.
The Windows port of ChromeLoader is typically delivered in ISO image files that marks are tricked into downloading, opening, and running the contents of - these ISO files are purported to be installation media for sought-after applications, such as cracked games and software suites. In reality, the image files contain an executable that schedules a PowerShell script that brings up ChromeLoader proper.