Chinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S.
A new large-scale smishing campaign is targeting the U.S. by sending iMessages from compromised Apple iCloud accounts with an aim to conduct identity theft and financial fraud. “The Chinese-speaking threat actors behind this campaign are operating a package-tracking text scam sent via iMessage to collect personally identifying information (PII) and payment credentials from victims, in […]
Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising
Malicious actors associated with the Vietnamese cybercrime ecosystem are leveraging advertising-as-a-vector on social media platforms such as Meta-owned Facebook to distribute malware. “Threat actors have long used fraudulent ads as a vector to target victims with scams, malvertising, and more,” WithSecure researcher Mohammad Kazem Hassan Nejad said. “And with businesses now leveraging the reach
À quelle météo cyber s’attendre pour les JO 2024 ?
À un an des JO 2024, l’ANSSI dresse un état de la menace cyber, nourri de référence à des incidents survenus lors d’éditions précédentes.
Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus
Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023. « A file created with MalDoc in PDF can be opened in Word […]
PoC Exploit Released for Critical VMware Aria’s SSH Auth Bypass Vulnerability
Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack […]
Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges
Identity services provider Okta on Friday warned of social engineering attacks orchestrated by threat actors to obtain elevated administrator permissions. “In recent weeks, multiple US-based Okta customers have reported a consistent pattern of social engineering attacks against IT service desk personnel, in which the caller’s strategy was to convince service desk personnel to reset all
Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware
Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called FreeWorld. Cybersecurity firm Securonix, which has dubbed the campaign DB#JAMMER, said it stands out for the way the toolset and infrastructure is employed. “Some of these tools include enumeration software, RAT payloads, exploitation and credential […]
Un groupe d’espionnage aligné avec les intérêts chinois usurpant Signal et Telegram
Des chercheurs identifient deux campagnes actives ciblant les utilisateurs d’Android. L’acteur opérant ces outils d’espionnage pour Telegram et Signal sont attribués au groupe APT GREF, aligné sur les intérêts de la Chine. Très probablement actives depuis juillet 2020 et depuis juillet 2022, respectivement pour chaque application malveillante, les campagnes ont distribué le code d’espionnage Android […]
Cybersécurité : gare au détournement des pots de miel
Dans la lignée de la DEF CON émerge un PoC d’injection de commandes dans les terminaux connectés aux pots de miel.
It’s a Zero-day? It’s Malware? No! It’s Username and Password
As cyber threats continue to evolve, adversaries are deploying a range of tools to breach security defenses and compromise sensitive data. Surprisingly, one of the most potent weapons in their arsenal is not malicious code but simply stolen or weak usernames and passwords. This article explores the seriousness of compromised credentials, the challenges they present […]