US organizations targeted with emails delivering NetSupport RAT

Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via “nuanced” exploitation and by using an advanced detection evasion method. The malware campaign The campaign, dubbed PhantomBlu, takes t… Continue reading US organizations targeted with emails delivering NetSupport RAT

Attackers are targeting financial departments with SmokeLoader malware

Financially motivated hackers have been leveraging SmokeLoader malware in a series of phishing campaigns predominantly targeting Ukrainian government and administration organizations. The phishing campaign The Ukrainian SSSCIP State Cyber Protection Ce… Continue reading Attackers are targeting financial departments with SmokeLoader malware

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware

Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024… Continue reading Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that i… Continue reading PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

Fujitsu finds malware on company systems, investigates possible data breach

Fujitsu Limited, the largest Japanese IT services provider, has announced that several of the company’s computers have been compromised with malware, leading to a possible data breach. Known details about the Fujitsu data breach The company publi… Continue reading Fujitsu finds malware on company systems, investigates possible data breach

Nissan breach exposed data of 100,000 individuals

Nissan Oceania has confirmed that the data breach it suffered in December 2023 affected around 100,000 individuals and has begun notifying them. First response In early December 2023, the company – a regional Nissan division which includes Nissan… Continue reading Nissan breach exposed data of 100,000 individuals

43 million workers potentially affected in France Travail data breach

French national unemployment agency France Travail (formerly Pôle emploi) and Cap emploi, a government employment service for people with disabilities, have suffered a data breach that might have exposed personal data of 43 million people. The breach T… Continue reading 43 million workers potentially affected in France Travail data breach

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among the exploited vulnerabilities are also two recently discovered Ivanti Connect … Continue reading Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

Tax-related scams escalate as filing deadline approaches

As the April 15, 2024 tax filing deadline approaches in the US, some old and some new tax-related scams targeting both taxpayers and tax professionals. Tax-related scams targeting taxpayers With taxpayers rushing to file their personal federal income t… Continue reading Tax-related scams escalate as filing deadline approaches

Immediate AI risks and tomorrow’s dangers

“At the most basic level, AI has given malicious attackers superpowers,” Mackenzie Jackson, developer and security advocate at GitGuardian, told the audience last week at Bsides Zagreb. These superpowers are most evident in the growing impa… Continue reading Immediate AI risks and tomorrow’s dangers