Security News

Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organizations being compromised. Roberto Martinez, senior threat intelligence analyst at Group-IB, said the scope of the attacks is still an unknown.

While digital acceleration and work-from-anywhere strategies may have been driven by the uncertain times brought about by the global pandemic, they remain essential for any organization competing in today's digital marketplace. That network transformation has also expanded the attack surface organizations need to protect, much of it in new, vulnerable edges.

Acronis researchers have concluded that ransomware continues to be the number one threat to large and medium-sized businesses, including government organizations. Nearly one percent of all emails contain malicious links or files, and more than one-quarter of all emails were delivered to the users inbox and then were removed by Acronis email security.

Abnormal Security released a report which explores the current email threat landscape. This Help Net Security video provides insight into the latest advanced email attack trends.

In this Help Net Security video, Kevin Holvoet, Cyber Threat Intelligence Instructor, SANS Institute, discusses ransomware and Ransomware as a Service (Raas) attacks, and illustrates how...

Once authenticated, a session cookie maintains the session state and the user's browsing session stays authenticated. Figure A. Each cookie stored in the browser's database contains a list of parameters and values, including in some cases a unique token provided by the web service once authentication is validated.

Borat RAT malware goes beyond the standard features and enables threat actors to deploy ransomware and DDoS attacks. Borat RAT is a unique and powerful combination of RAT, spyware, and ransomware capabilities fused into a single malware.

Browser extensions, also called add-ons, are mostly downloaded from official marketplaces or browser providers repositories, such as the Chrome Web Store or the Firefox Add-ons website. In 2020, 106 browser extensions were removed from the Chrome Web Store, being used to steal user data, take screen captures or even steal credit card information from web forms.

Dubbed "DarkTortilla," the crypter usually delivers information stealers and remote access trojans like AgentTesla, AsyncRat, NanoCore, and RedLine, though some samples have been seen delivering such targeted payloads as Cobalt Strike and Metasploit, according to researchers with Secureworks' Counter Threat Unit. Rob Pantazopoulos, senior security researcher with the CTU, told The Register that it's unusual for malware like DarkTortilla to be active for so long and not be detected, but that it was helped by being among a number of generic.

AdvIntel has released a new publication about several threat actors now using BazarCall in an effort to raise awareness of this threat. Once done, the threat actor has a functional backdoor to the victim's computer, which can later be used for further exploitation.