Staying up to date with the latest in cyber security has arguably never been more paramount than in 2024. Financial services provider Allianz named cyber attacks this year’s biggest risk for business in the U.K. and a top concern for businesses of all sizes for the first time. However, many professionals are still in the dark about what the events in Q1 tell us about the cyber landscape for the rest of the year that…
Read More
Mar 05, 2024NewsroomEmail Security / Network Security The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager (NTLM) hashes. The new attack chain “can be used for sensitive information gathering purposes and to enable follow-on activity,” enterprise security firm Proofpoint said in a Monday report. At least two campaigns taking advantage of this approach were observed on February 26 and 27,…
Read More
The U.K.’s National Cyber Security Centre has released a new study that finds generative AI may increase risks from cyber threats such as ransomware. Overall, the report found that generative AI will provide “capability uplift” to existing threats as opposed to being a source of brand new threats. Threat actors will need to be sophisticated enough to gain access to “quality training data, significant expertise (in both AI and cyber), and resources” before they can…
Read More
The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files. “The PDFs contained OneDrive URLs that, if clicked, initiated a multi-step infection chain eventually leading to the malware payload, a…
Read More
Nov 14, 2023NewsroomCyber Espionage / Threat Intelligence Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402, which is also known as Molerats, Gaza Cyber Gang, and shares tactical overlaps with a pro-Hamas hacking crew known as…
Read More
Sep 27, 2023THNMalware / Cyber Threat A new malware strain called ZenRAT has emerged in the wild that’s distributed via bogus installation packages of the Bitwarden password manager. “The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page,” enterprise security firm Proofpoint said in a technical report. “The malware is a modular remote access trojan (RAT) with information stealing capabilities.” ZenRAT is hosted on fake websites…
Read More
Sep 20, 2023THNMalware Attack / Cyber Threat Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim to distribute various malware families such as Sainbox RAT, Purple Fox, and a new trojan called ValleyRAT. “Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity,” enterprise security firm Proofpoint said in a report shared with The Hacker News. The activity, observed since early 2023, entails sending email messages containing…
Read More
Study finds increase in cybersecurity attacks fueled by generative AI | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. …
Read More
Aug 01, 2023THNCyber Attack / Malware Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware referred to as Ursnif (aka Gozi). “It is a sophisticated downloader with the objective of installing a second malware payload,” Proofpoint said in a technical report. “The malware uses multiple mechanisms to evade detection and was likely…
Read More
Jul 06, 2023Ravie LakshmananEndpoint Security / Malware The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware. “TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho,” Proofpoint said in a new report. “When given the opportunity, TA453 ported its malware and attempted to launch…
Read More
Introduction Cloud computing services have grown exponentially in