CERTFR-2023-ACT-055 : Bulletin d’actualité CERTFR-2023-ACT-055 (26 décembre 2023)
Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Carbanak Banking Malware Resurfaces with New Ransomware Tactics
The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. « The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness, » cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. « Carbanak returned last month through new
Protéger les données financières dans un paysage numérique en évolution
Dans un monde où la digitalisation s’accélère, la gestion des finances est en pleine mutation. Face à cette révolution, les entreprises se tournent de plus en plus vers les cartes prépayées en ligne pour faciliter et sécuriser leurs transactions commerciales.
Cloud Atlas’ Spear-Phishing Attacks Target Russian Agro and Research Companies
The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after Group-IB’s formal exit from Russia earlier this year. Cloud Atlas, active since at
Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft
Threat hunters have discovered a rogue WordPress plugin that’s capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. « As with many other malicious or fake WordPress plugins it contains some deceptive information at
Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware
A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. « Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers’ unfamiliarity can hamper their investigation, » Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara 
Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities
Indian government entities and the defense sector have been targeted by a phishing campaign that’s engineered to drop Rust-based malware for intelligence gathering. The activity, first detected in October 2023, has been codenamed Operation RusticWeb by enterprise security firm SEQRITE. « New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware
The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. « The threat actor targets Ukrainian employees working for companies outside of Ukraine, » cybersecurity firm Deep Instinct said in a Thursday analysis. UAC-0099 was first
Microsoft Warns of New ‘FalseFont’ Backdoor Targeting the Defense Sector
Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm (formerly Holmium), which is also known as APT33, Elfin, and Refined […]
Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication
Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. « Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in executing Device Takeover (DTO) using the accessibility service, all while expanding its targeted […]