powershell (9)

13519544900?profile=RESIZE_400xThe websites of over 100 car dealerships were found serving malicious ClickFix code after a third-party domain was compromised in a supply chain attack.  As part of the compromise, a threat actor infected LES Automotive, a shared video service unique to dealerships, so that websites using the service would serve a ClickFix webpage to their visitors.

A ClickFix attack relies on malicious code on a webpage to display a prompt to the user, asking them to fix an error or perform a reCAPTCHA challeng

13513168072?profile=RESIZE_400xHavoc is a powerful command-and-control (C2) framework. Like other well-known C2 frameworks, such as Cobalt Strike, Silver, and Winos4.0, Havoc has been used in threat campaigns to gain complete control over the target. Additionally, It is open-source and available on GitHub, making it easier for threat actors to modify it to evade detection.

FortiGuard Labs recently discovered a phishing campaign that combines ClickFix and multi-stage malware to deploy a modified Havoc Demon Agent. The threat a

12738010065?profile=RESIZE_400xThe sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents.  BitTorrent, also referred to as simply torrent, is a communication protocol for peer-to-peer file sharing (P2P), which enables users to distribute data and electronic files over the Internet in a decentralized manner.  The protocol is developed and maintained by Rainberry, Inc., and was first released in 2001.

A notable aspect of the current variant of ViperSoftX is that it uses the Common

12389946898?profile=RESIZE_400xThe infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. The enterprise security firm Proofpoint reported that the activity targets organizations in the US with voicemail-themed lures containing links to OneDrive URLs.  "The URLs led to a Word file with names such as "ReleaseEvans#96.docm" (the digits before the file extension varied)," the company said in a recent report.  "Th

12345062692?profile=RESIZE_400xCybersecurity researchers at Deep Instinct Lab have revealed a new series of cyberattacks by ‘UAC-0099,’ specifically targeting Ukrainians.  These attacks employ common tactics, such as using fabricated court summons to entice targets into executing malicious files.

The group’s activities were initially revealed in May 2023 through the Ukrainian CERT advisory ‘#6710,’ and Deep Instinct has now provided exclusive insights into their latest attack.

According to a blog post from the company, on Dec

11035567694?profile=RESIZE_400xEvilExtractor (sometimes spelled Evil Extractor) is an attack tool designed to target Windows operating systems and extract data and files from endpoint devices. It includes several modules that all work via an FTP service.  It was developed by Kodex, which claims it is an educational tool. However, research conducted by FortiGuard Labs shows cybercriminals are actively using it as an info stealer.

Based on our traffic source data to the host, evilextractor[.]com, malicious activity increased si

10944153492?profile=RESIZE_180x180Multiple government agencies and military bodies in the APAC region have been targeted by what appears to be a new advanced threat actor that uses custom malware.  Researchers refer to this group as Dark Pink (Group-IB) or Saaiwc Group (Anheng Hunting Labs), noting that it employs uncommon tactics, techniques, and procedures (TTP).[1]  The actor used DLL side-loading and event-triggered execution methods to run the payloads on compromised systems using the custom toolkit observed in the attacks.

10816096095?profile=RESIZE_400xSo, I just got back from a trip to Georgia, the one in the US.  I used Uber three times.  Convenient, clean, hassle-free and the drivers were very nice.  An over-all great experience.  Until……Uber has reported this past weekend it is investigating a major cyber security breach that has forced it to take several critical systems offline following an alleged social engineering attack on an employee by an apparent teenage hacktivist.

The incident was exposed last week on 15 September, when an indiv

8705079899?profile=RESIZE_400xRecently, IBM X-Force threat intelligence has been observing a rise in Dridex Banking Trogan related network attacks that are being driven by the Cutwail botnet.  Also known as Pushdo or Pandex botnet.  Cutwail botnet is originally infected by Cutwail Trojan, a malware able to download and execute files. Cutwail is a famous spam bot widely used in large-scale spam campaigns. It also serves as a DDoS botnet sending SSL attacks. Dridex is delivered as a second-stage infector after an initial docum