Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

Dec 17, 2024Ravie LakshmananCyber Espionage / Malware A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. “The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads,” Proofpoint researchers Nick Attfield, Konstantin Klinger, Pim…

Read More

Digital Danger: How Cyberattacks Put Patients at Risk

Digital Danger: How Cyberattacks Put Patients at Risk

On September 27, 2024, UMC Health System in Lubbock, Texas, experienced an IT outage due to a cybersecurity incident that temporarily diverted patients to other healthcare facilities. So far, this year, there have been 386 cyberattacks on healthcare organizations. These high-impact ransomware attacks disrupt and delay patient care. In recent years, many healthcare systems, including Scripps Health, Universal Health Services, Vastaamo, Sky Lakes, and the University of Vermont, have paid millions — even tens of…

Read More

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

Sep 25, 2024Ravie LakshmananEmail Security / Threat Intelligence Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as to inject malicious content into existing email conversations. As many as 15 breached email accounts have been identified as used…

Read More

How Do I Protect Myself When Using Wi-Fi? | McAfee Blog

How Do I Protect Myself When Using Wi-Fi? | McAfee Blog

Wi-Fi is everywhere. Whether you travel for business or simply need Internet access while out and about, your options are plentiful. You can sign on at airports, hotels, coffee shops, fast food restaurants, and now, even airplanes. Wi-Fi wasn’t born to be secure; it was born to be convenient. Wireless networks broadcast messages using radio and are therefore more susceptible to eavesdropping than wired networks. Today, with criminal hackers as sophisticated as ever, if you…

Read More

New APT Group

New APT Group

Jul 08, 2024NewsroomCyber Espionage / Cloud Security A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, said the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but pointed out the differences in the malware source code. The attacks wield an innovative data-gathering program…

Read More

How to Protect Yourself from Vishing | McAfee Blog

How to Protect Yourself from Vishing | McAfee Blog

“Vishing” occurs when criminals cold-call victims and attempt to persuade them to divulge personal information over the phone. These scammers are generally after credit card numbers and personal identifying information, which can then be used to commit financial theft. Vishing can occur both on your landline phone or via your cell phone. The term is a combination of “voice,” and “phishing,” which is the use of spoofed emails to trick targets into clicking malicious links….

Read More

How To Prevent Your Emails From Being Hacked | McAfee Blog

How To Prevent Your Emails From Being Hacked | McAfee Blog

My mother recently turned 80, so of course a large celebration was in order. With 100 plus guests, entertainment, and catering to organise, the best way for me to keep everyone updated (and share tasks) was to use Google Docs. Gee, it worked well. My updates could immediately be seen by everyone, the family could access it from all the devices, and it was free to use! No wonder Google has a monopoly on drive…

Read More

Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes

Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes

Mar 05, 2024NewsroomEmail Security / Network Security The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager (NTLM) hashes. The new attack chain “can be used for sensitive information gathering purposes and to enable follow-on activity,” enterprise security firm Proofpoint said in a Monday report. At least two campaigns taking advantage of this approach were observed on February 26 and 27,…

Read More

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files. “The PDFs contained OneDrive URLs that, if clicked, initiated a multi-step infection chain eventually leading to the malware payload, a…

Read More

New Campaign Targets Middle East Governments with IronWind Malware

New Campaign Targets Middle East Governments with IronWind Malware

Nov 14, 2023NewsroomCyber Espionage / Threat Intelligence Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402, which is also known as Molerats, Gaza Cyber Gang, and shares tactical overlaps with a pro-Hamas hacking crew known as…

Read More
1 2 3