Microsoft 365 Users in US Face Raging Spate of Attacks
Microsoft 365 and Outlook customers in the US are in the crosshairs of a successful credential-stealing campaign that uses voicemail-themed emails as phishing lures. The flood of malicious emails...
Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts
Although observed Magecart skimmer attacks have been less frequently reported in recent months, analysts have discovered fresh infrastructure they were able to trace to malicious domains behind an ongoing campaign.
The Malwarebytes Labs team...
Russia’s APT28 Launches Nuke-Themed Follina Exploit Campaign
Russia’s notorious advanced persistent threat group APT28 is the latest in a growing number of attackers trying to exploit the “Follina” vulnerability in the Microsoft Support Diagnostic Tool (MSDT) in...
How the Secure Software Factory Reference Architecture protects the software supply chain
The term “factory” related to software production might seem bizarre. Most still associate it with the collection, manipulation and manufacturing of hard materials such as steel, automobiles or consumer...
RIG Exploit Kit Replaces Raccoon Stealer Trojan With Dridex
The cybercriminals behind the RIG Exploit Kit earlier this year traded out the credential-stealer Trojan Raccoon Stealer after its lead developer was killed in the Russian invasion of Ukraine.
According to analysts with Bitdefender, the...
China-Linked ToddyCat APT Pioneers Novel Spyware
A threat group that may have been among the first to exploit the ProxyLogon zero-day vulnerability in Exchange Servers last year is using a pair of dangerous and previously...
56 Vulnerabilities Discovered in OT Products From 10 Different Vendors
A new analysis of data from multiple sources has uncovered a total of 56 vulnerabilities in OT products from 10 vendors, including notable ones such as Honeywell, Siemens, and...
BRATA Android Malware Evolves Into an APT
An Android-based banking Trojan known as BRATA (short for Brazilian RAT Android) has evolved to incorporate new phishing techniques and capabilities to acquire GPS, overlay, SMS, and device management permissions.
The...
Gartner: Regulation, Human Costs Will Create Stormy Cybersecurity Weather Ahead
Security teams should prepare for what researchers say will be a challenging environment through 2023, with increased pressure from government regulators, partners, and threat actors.
Gartner kicked off its Security & Risk Management Summit with...
DDoS Attacks Delay Putin Speech at Russian Economic Forum
Billed as the "Russian Davos," the St. Petersburg Economic Forum was stalled on Friday by a distributed denial-of-service (DDoS) attack, delaying a speech from Russian President Vladimir Putin for...
