COSMICENERGY Malware May be Artifact of Russian Emergency Response Exercises
Malware intended to disrupt electric power by remote terminal units (RTUs) and other IEC 104 devices and may be related to Russian emergency response exercises. The new operational technology (OT)/industrial control system (ICS) malware, dubbed COSMICENERGY by the Mandiant researchers who discovered it, was uploaded to a public malware scanning ... Read More
Attackers Manipulate Teams Features to Gain Access
Microsoft Teams recently made it into a top 10 list of most-targeted applications—and that should be a warning to security teams whose organizations use it. The app is one of the “most targeted sign-in applications, with nearly 40% of targeted organizations having at least one unauthorized login attempt trying to ... Read More
Turla’s Snake May be Down, But its Legacy Lives On
The Department of Justice’s recent revelation that it dismantled the Turla cybercriminal network was met with surprise—not that the authorities had taken it down and neutralized the Snake malware, but that Snake was still in use in the first place. “I’m surprised that the FSB was still using Snake until ... Read More
Magecart Skimmer Checkout Page Dupes Victim Store Forms
It’s becoming harder to distinguish a fake form generated in Magecart skimmer scams from the real deal thanks to a modal, a highly customized web element, that appears to be a legit checkout page but ultimately nicks credit card information. “While following up on an ongoing Magecart credit card skimmer ... Read More
Hackers Exploit Generative AI to Spread RedLine Stealer MaaS
As generative AI platforms like OpenAI’s ChatGPT and Google Bard continue to dominate the headlines—and pundits debate whether the technology has taken off too quickly without necessary guardrails—cybercriminals are showing equal interest and no hesitance in exploiting them. Not surprisingly, then, security researchers at Veriti uncovered “a new malware-as-a-service (MaaS) ... Read More
Attackers Use QuickBooks to Launch ‘BEC 3.0’ Campaign
QuickBooks is in the crosshairs of bad actors. Attackers are creating free accounts in QuickBooks, which they then use to pilfer money and data from users in what are being called business email compromise (BEC) 3.0 campaigns. The miscreants send invoices from legitimate accounts, according to researchers at Avanan, then ... Read More
Lazarus Assault Via 3CX Exposes Need to Rethink Security
When North Korean threat actors the Lazarus Group exploited a legitimate update to the 3CXDesktopApp—a softphone application from 3CX—security professionals didn’t initially pick up on the import of the activity and tactics that signaled the attack. In fact, according to CrowdStrike, which discovered the attack, even experienced security professionals pooh-poohed ... Read More
Final Act? Killnet Rallies Attackers to DDoS NATO Targets
While much of the world anticipated hunts for colored eggs, chocolate bunnies and family dinners on Sunday, Black Kite was busy sounding the alarm about an expected swan song from Killnet that could involve “high-impact” DDoS attacks on NATO critical infrastructure targets. “A serious and potentially highly damaging cybersecurity threat ... Read More
After Brief Exposure in Public Repo, GitHub Rotated Private SSH Key
In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week. “Out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations ... Read More
Twitter Presses GitHub to Turn Over User Who Leaked Source Code
When Twitter joined the ranks of tech companies whose source code leaked online, it was met with little surprise and a whole lot of unease over what the leak might mean for the platform’s security. “Unlike other recent source code leaks, it is concerning that Twitter has not released a ... Read More
