The attacks begin with malicious emails containing seemingly innocuous document attachments (Excel and Word files) that exploit the CVE-2017-11882 flaw, a commonly targeted Microsoft Office Equation Editor vulnerability fixed in 2017.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-16 15:07:152024-04-16 15:07:153 Steps Executives and Boards Should Take to Ensure Cyber Readiness
The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others.
“The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside
Orrick Herrington & Sutcliffe’s proposed agreement with plaintiffs, filed last week in a northern California federal court, settles four proposed consolidated class action lawsuits filed against it in the wake of the March 2023 hacking incident.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-16 15:07:142024-04-16 15:07:14Law Firm to Pay $8M to Settle Health Data Hack Lawsuit
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-16 14:07:082024-04-16 14:07:08Cryptojacker Arrested, Charged for Defrauding Cloud Providers of $3.5 Million
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-16 14:07:082024-04-16 14:07:08Cloud Users Warned of Data Exposure Risk From Command-Line Tools
Alarming social engineering attacks target critical open-source projects! Learn how to protect your project and the open-source community from takeovers.
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
New SteganoAmor Attacks Use Steganography to Target 320 Organizations Globally
/in General NewsThe attacks begin with malicious emails containing seemingly innocuous document attachments (Excel and Word files) that exploit the CVE-2017-11882 flaw, a commonly targeted Microsoft Office Equation Editor vulnerability fixed in 2017.
Cyware News – Latest Cyber News – Read More
3 Steps Executives and Boards Should Take to Ensure Cyber Readiness
/in General NewsMany teams think they’re ready for a cyberattack, but events have shown that many don’t have an adequate incident response plan.
darkreading – Read More
TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks
/in General NewsThe threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others.
“The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside
The Hacker News – Read More
Law Firm to Pay $8M to Settle Health Data Hack Lawsuit
/in General NewsOrrick Herrington & Sutcliffe’s proposed agreement with plaintiffs, filed last week in a northern California federal court, settles four proposed consolidated class action lawsuits filed against it in the wake of the March 2023 hacking incident.
Cyware News – Latest Cyber News – Read More
FBI: Smishing Campaign Lures Victims With Unpaid-Toll Notices
/in General NewsThe scam is spreading across the US and impersonates the specific toll-collection services of each state in malicious SMS messages.
darkreading – Read More
LockBit 3.0 Variant Generates Custom, Self-Propagating Malware
/in General NewsKaspersky researchers discovered the new variant after responding to a critical incident targeting an organization in West Africa.
darkreading – Read More
Cryptojacker Arrested, Charged for Defrauding Cloud Providers of $3.5 Million
/in General NewsCharles O. Parks III was arrested and charged with defrauding two cloud-services providers of $3.5 million.
The post Cryptojacker Arrested, Charged for Defrauding Cloud Providers of $3.5 Million appeared first on SecurityWeek.
SecurityWeek – Read More
Cloud Users Warned of Data Exposure Risk From Command-Line Tools
/in General NewsCloud security specialists found data exposure risk associated with Azure, AWS, and Google Cloud command-line tools.
The post Cloud Users Warned of Data Exposure Risk From Command-Line Tools appeared first on SecurityWeek.
SecurityWeek – Read More
OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects
/in General NewsBy Deeba Ahmed
Alarming social engineering attacks target critical open-source projects! Learn how to protect your project and the open-source community from takeovers.
This is a post from HackRead.com Read the original post: OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Global Hack Exposes Personal Data: Implications & Privacy Protection – Axios Security Group
/in General NewsBy Cyber Newswire
In a digital age where information is the new currency, the recent global hack has once again highlighted…
This is a post from HackRead.com Read the original post: Global Hack Exposes Personal Data: Implications & Privacy Protection – Axios Security Group
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More