Alert: A new phishing campaign, called OneDrive Pastejacking, uses an HTML file mimicking a Microsoft OneDrive error message to trick users into running a malicious PowerShell script.

Details here: https://thehackernews.com/2024/07/onedrive-phishing-scam-tricks-users.html

SideWinder, a nation-state threat actor, targets maritime facilities in the Indian Ocean and Mediterranean Sea.

This campaign could disrupt international maritime operations and compromise sensitive data.

Learn more: https://thehackernews.com/2024/07/new-sidewinder-cyber-attacks-target.html

Widespread phishing campaigns in Poland lead to the deployment of malware families like Agent Tesla and Formbook.

Attackers use compromised email accounts and company servers to spread malware and collect stolen data.

Read: https://thehackernews.com/2024/07/cybercriminals-target-polish-businesses.html

Cybersixgill’s "State of the Underground 2024" report reveals the latest trends in the dark web. Understanding these trends is crucial for anticipating and mitigating cyber threats.

The report covers compromised credit card trends, initial access trends, and ransomware tactics used by threat actors.

Read: https://thehackernews.com/2024/07/cyber-threat-intelligence-illuminating.html

New Mandrake Android spyware found in five Google Play Store apps, undetected for two years.

This spyware compromised over 32,000 devices across multiple countries, showcasing the evolving threat landscape.

Learn more: https://thehackernews.com/2024/07/new-mandrake-spyware-found-in-google.html

RMM tools are being weaponized by cybercriminals to infiltrate networks. As remote work increases, RMM tools, if exploited, can lead to severe data breaches and undetected malicious activities.

Ransomware-as-a-service groups often use legitimate IT tools to navigate networks stealthily and steal data.

Implementing robust application control policies can mitigate these risks significantly.

Read about it here: https://thehackernews.com/2024/07/the-power-and-peril-of-rmm-tools.html

Meta settles for $1.4 billion with Texas over illegal biometric data collection. The lawsuit accused Meta of capturing facial data without users' consent, violating Texas law.

Learn more: https://thehackernews.com/2024/07/meta-settles-for-14-billion-with-texas.html

Companies in Russia and Moldova have been targeted by a phishing campaign from the cyber espionage group XDSpy.

XDSpy uses sophisticated spear-phishing techniques to deploy malware, which can exfiltrate data and gather passwords.

Read: https://thehackernews.com/2024/07/cyber-espionage-group-xdspy-targets.html

🚨 A large-scale Android malware campaign targeting 600+ global brands and millions of users has been uncovered.

Over 107,000 malicious apps, mostly outside known repositories, are stealing SMS messages and OTPs for identity fraud.

Learn more: https://thehackernews.com/2024/07/cybercriminals-deploy-100k-malware.html

How much time does your security team waste on false positives?

Inefficiencies in threat detection can drain your security resources and leave real threats unaddressed. Material Security clusters similar threats, simplifying investigation and remediation, saving hundreds of hours.

Learn more: https://thehackernews.com/2024/07/how-to-get-most-from-your-security.html

DEV#POPPER malware campaign targets developers on Windows, Linux, and macOS. The campaign exploits job interview scenarios to deliver #malware, compromising sensitive information.

Read: https://thehackernews.com/2024/07/north-korea-linked-malware-targets.html

ReversingLabs’ new guide breaks down all-things software supply chain security (SSCS).

It covers the current landscape of risks and threats, the steps to secure development pipelines, how to develop a third party-risk management program, and how to hunt for threats in your software supply chain.

Read: https://thehackernews.uk/reversinglabs-sscs-dummies

⚠️ Alert: DigiCert will revoke 83,267 SSL/TLS certificates within 24 hours due to a Domain Control Validation oversight.

This affects 6,807 customers & may cause temporary disruptions in secure communications.

Read: https://thehackernews.com/2024/07/digicert-to-revoke-83000-ssl.html

Ensure your certificates are up-to-date.

Facebook users targeted by scam e-commerce network using fake websites to steal personal and financial data.

The scam involves 608 fake sites, mainly accessed via mobile devices and ad lures on Facebook.

Read: https://thehackernews.com/2024/08/facebook-ads-lead-to-fake-websites.html

Stay vigilant and report suspicious ads.

Google Chrome introduces app-bound encryption for better cookie protection.

This new layer of security aims to prevent information-stealing malware from accessing cookies.

Learn more: https://thehackernews.com/2024/08/google-chrome-adds-app-bound-encryption.html

Researchers discovered a new Android trojan, BingoMod, which steals money and wipes devices, complicating recovery and forensic analysis.

Read: https://thehackernews.com/2024/08/new-android-banking-trojan-bingomod.html

⚠️ Developers beware: Stack Exchange exploited to push malware-laden Python packages targeting crypto wallets.

This attack steals sensitive data and cryptocurrency, risking individual and organizational security.

https://thehackernews.com/2024/08/hackers-distributing-malicious-python.html

Cybersecurity experts emphasize the growing threat of obfuscation techniques used by malware authors.

Obfuscation complicates detection, allowing malware to evade traditional security measures and cause significant harm.

Learn more: https://thehackernews.com/2024/08/obfuscation-there-are-two-sides-to.html

Over a million domains are at risk of being hijacked through the Sitting Ducks attack, a DNS #vulnerability.

The attack is being used by Russian-nexus cybercriminals to serve #malware and conduct spams, affecting over 35,000 domains since 2018.

Read: https://thehackernews.com/2024/08/over-1-million-domains-at-risk-of.html

Researchers report increased abuse of Cloudflare's TryCloudflare service for delivering malware like AsyncRAT and XWorm through phishing emails with deceptive PDFs, exposing businesses to sophisticated cyberattack.

Read: https://thehackernews.com/2024/08/cybercriminals-abusing-cloudflare.html

Two Russian cybercriminals involved in major financial fraud schemes have been released in a massive prisoner swap.

The exchange included 16 individuals from various countries, underscoring the global stakes.

Read about it here: https://thehackernews.com/2024/08/us-releases-high-profile-russian.html