Campaign
-
Blog
PoisonSeed phishing campaign behind emails with wallet seed phrases
A large-scale phishing campaign dubbed ‘PoisonSeed’ compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. According to SilentPush, the campaign targets Coinbase and Ledger using compromised accounts at Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho. The researchers link the campaign to recent incidents, such as the case of Troy Hunt’s Mailchimp account compromise from late…
Read More » -
Blog
Infostealer campaign compromises 10 npm packages, targets devs
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems. The campaign targeted multiple cryptocurrency-related packages, and the popular ‘country-currency-map’ package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated scripts, “/scripts/launch.js” and “/scripts/diagnostic-report.js,” which execute upon…
Read More » -
Blog
Malware campaign ‘DollyWay’ breached 20,000 WordPress sites
A malware operation dubbed ‘DollyWay’ has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. The campaign has evolved significantly in the past eight years, leveraging advanced evasion, re-infection, and monetization strategies. According to GoDaddy researcher Denis Sinegubko, DollyWay has been functioning as a large-scale scam redirection system in its latest version (v3). However, in…
Read More » -
Blog
Nearly a million devices were infected in a huge GitHub malvertising campaign
Microsoft has alerted users to a malvertising campaign leveraging GitHub to infect nearly 1 million devices around the world. A new advisory from Microsoft Threat Intelligence stated that in December 2024 it detected a large-scale campaign using the developer platform as the primary vehicle to deliver the initial access payloads used in attacks. The campaign’s initial stage injects adverts into…
Read More » -
Blog
Cobalt Strike abusers have been dealt a hammer blow: An “aggressive” takedown campaign by Fortra and Microsoft shuttered over 200 malicious domains – and it’s cut the misuse of the tool by 80%
Malicious use of penetration testing tool Cobalt Strike and other legitimate tools has been significantly curtailed after an “aggressive campaign” by its developer Fortra and Microsoft. Fortra teamed up with Microsoft’s Digital Crimes Unit (DCU) and the Health Information Sharing and Analysis Center (Health-ISAC) to mitigate the use of unauthorized, legacy copies of Cobalt Strike and compromised Microsoft software in…
Read More » -
Blog
Microsoft says malvertising campaign impacted 1 million PCs
Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. The company’s threat analysts detected these attacks in early December 2024 after observing multiple devices downloading malware from GitHub repos, malware that was later used to deploy a string of various other payloads on compromised systems. After…
Read More » -
Blog
‘GitVenom’ campaign uses dodgy GitHub repositories to spread malware
Security researchers have issued an alert over a campaign using GitHub repositories to distribute malware, with users lured in by fake projects. Analysis from Kaspersky warned the unknown threat actors behind the campaign, which it dubbed ‘GitVenom’, had created over 200 repositories with various projects containing malicious code. These fake projects included Telegram bots, video game hacking tools, Instagram automation…
Read More » -
Blog
A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution to steal credentials and bypass MFA
Hackers are targeting organizations around the world that rely on Microsoft’s Active Directory Federation Services (ADFS) secure access system in an ongoing phishing campaign, according to new research. Analysis from Abnormal Security describes how Microsoft’s ADfS, a legacy single-sign-on (SSO) solution that allows employees to use one set of credentials to authenticate across multiple applications and environments, is being mimicked…
Read More » -
Blog
Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign – and they’ve already claimed two victims
Hackers who were able to steal data belonging to two AWS customers used the platform’s encryption capabilities to conduct a novel type of ransomware attack, researchers have warned. A new report from cyber resilience firm Halcyon’s RISE team identified a new ransomware campaign targeting Amazon S3 buckets, where the attackers leverage AWS’ server-side encryption along with the Customer Provided Keys…
Read More » -
Blog
Phishing campaign targets developers with fake CrowdStrike job offers
Developers are being targeted in a new phishing campaign using fake CrowdStrike job offers, the security company has warned. The firm noted that the campaign, first identified on 7 January, uses CrowdStrike’s recruitment branding to load crypto-mining malware onto the victim’s systems. The campaign begins with phishing emails purporting to be part of a recruitment process informing victims that they…
Read More »