powershell (6)

12389946898?profile=RESIZE_400xThe infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. The enterprise security firm Proofpoint reported that the activity targets organizations in the US with voicemail-themed lures containing links to OneDrive URLs.  "The URLs led to a Word file with names such as "ReleaseEvans#96.docm" (the digits before the file extension varied)," the company said in a recent report.  "Th

12345062692?profile=RESIZE_400xCybersecurity researchers at Deep Instinct Lab have revealed a new series of cyberattacks by ‘UAC-0099,’ specifically targeting Ukrainians.  These attacks employ common tactics, such as using fabricated court summons to entice targets into executing malicious files.

The group’s activities were initially revealed in May 2023 through the Ukrainian CERT advisory ‘#6710,’ and Deep Instinct has now provided exclusive insights into their latest attack.

According to a blog post from the company, on Dec

11035567694?profile=RESIZE_400xEvilExtractor (sometimes spelled Evil Extractor) is an attack tool designed to target Windows operating systems and extract data and files from endpoint devices. It includes several modules that all work via an FTP service.  It was developed by Kodex, which claims it is an educational tool. However, research conducted by FortiGuard Labs shows cybercriminals are actively using it as an info stealer.

Based on our traffic source data to the host, evilextractor[.]com, malicious activity increased si

10944153492?profile=RESIZE_180x180Multiple government agencies and military bodies in the APAC region have been targeted by what appears to be a new advanced threat actor that uses custom malware.  Researchers refer to this group as Dark Pink (Group-IB) or Saaiwc Group (Anheng Hunting Labs), noting that it employs uncommon tactics, techniques, and procedures (TTP).[1]  The actor used DLL side-loading and event-triggered execution methods to run the payloads on compromised systems using the custom toolkit observed in the attacks.

10816096095?profile=RESIZE_400xSo, I just got back from a trip to Georgia, the one in the US.  I used Uber three times.  Convenient, clean, hassle-free and the drivers were very nice.  An over-all great experience.  Until……Uber has reported this past weekend it is investigating a major cyber security breach that has forced it to take several critical systems offline following an alleged social engineering attack on an employee by an apparent teenage hacktivist.

The incident was exposed last week on 15 September, when an indiv

8705079899?profile=RESIZE_400xRecently, IBM X-Force threat intelligence has been observing a rise in Dridex Banking Trogan related network attacks that are being driven by the Cutwail botnet.  Also known as Pushdo or Pandex botnet.  Cutwail botnet is originally infected by Cutwail Trojan, a malware able to download and execute files. Cutwail is a famous spam bot widely used in large-scale spam campaigns. It also serves as a DDoS botnet sending SSL attacks. Dridex is delivered as a second-stage infector after an initial docum