APT Groups Swarming on VMware Servers with Log4Shell
Organizations with public-facing VMware Horizon and Unified Access Gateway (UAG) servers without appropriate Log4Shell mitigations have been under a barrage of attacks from a range of attackers, including state-sponsored...
Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft
A China-based advanced persistent threat (APT) actor, active since early 2021, appears to be using ransomware and double-extortion attacks as camouflage for systematic, government-sponsored cyberespionage and intellectual property theft.
In...
MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security
Researchers have uncovered an email-based credential-phishing attack targeting users of MetaMask, a cryptocurrency wallet used to interact with the Ethereum blockchain.
The campaign is directed at Microsoft 365 (formerly Microsoft...
Cyberattackers Abuse QuickBooks Cloud Service in ‘Double-Spear’ Campaign
Cyberattackers are hiding behind the QuickBooks brand to disguise their malicious activity, researchers are warning. The effort is a "double-spear" approach that packs a one-two punch: Stealing phone numbers...
Microsoft 365 Users in US Face Raging Spate of Attacks
Microsoft 365 and Outlook customers in the US are in the crosshairs of a successful credential-stealing campaign that uses voicemail-themed emails as phishing lures. The flood of malicious emails...
Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts
Although observed Magecart skimmer attacks have been less frequently reported in recent months, analysts have discovered fresh infrastructure they were able to trace to malicious domains behind an ongoing campaign.
The Malwarebytes Labs team...
Russia’s APT28 Launches Nuke-Themed Follina Exploit Campaign
Russia’s notorious advanced persistent threat group APT28 is the latest in a growing number of attackers trying to exploit the “Follina” vulnerability in the Microsoft Support Diagnostic Tool (MSDT) in...
RIG Exploit Kit Replaces Raccoon Stealer Trojan With Dridex
The cybercriminals behind the RIG Exploit Kit earlier this year traded out the credential-stealer Trojan Raccoon Stealer after its lead developer was killed in the Russian invasion of Ukraine.
According to analysts with Bitdefender, the...
China-Linked ToddyCat APT Pioneers Novel Spyware
A threat group that may have been among the first to exploit the ProxyLogon zero-day vulnerability in Exchange Servers last year is using a pair of dangerous and previously...
56 Vulnerabilities Discovered in OT Products From 10 Different Vendors
A new analysis of data from multiple sources has uncovered a total of 56 vulnerabilities in OT products from 10 vendors, including notable ones such as Honeywell, Siemens, and...