featured

Malware & Threats

Issued by: Security Week

Polonium was initially detailed by Microsoft in June 2022, but evidence suggests that the group has been active since at least September 2021, mainly focusing on cyberespionage. Operating out of Lebanon, the APT is believed to be working with threat actors affiliated with Iran in the targeting of more than 20 communications, engineering, insurance, information…

Malware & Threats

Issued by: Security Week

Also known as Qakbot and Pinkslipbot, QBot is an information stealer with backdoor and self-spreading capabilities that has been around since 2009 and which is often used as the initial infection vector in malicious attacks. Earlier this year, QBot was distributed in attacks exploiting Follina, a Microsoft Support Diagnostic Tool (MSDT) vulnerability tracked as CVE-2022-30190,…

Malware & Threats

Issued by: Security Week

The information was collected when CISA investigated the hacking of a defense industrial base organization’s enterprise network between November 2021 and January 2022. The investigation, conducted in collaboration with a third-party incident response firm, revealed that multiple threat groups had compromised the victim’s network and some of them had access for at least one year….

Malware & Threats

Issued by: Security Week

Ukrainian authorities say they have taken down a pro-Russia hacking group that compromised user accounts and then sold them for profit on dark web portals. According to the cyber department of Ukraine’s Security Service (SSU), the hackers targeted user accounts of individuals in Ukraine and across Europe. Leveraging the unauthorized access, the hackers harvested the…

Malware & Threats

Issued by: Kaspersky Blog

We’re witnessing a new malicious mass-mailing campaign aimed at company employees using Agent Tesla spyware attachments. This time, when creating their e-mail messages, the attackers pay special attention to detail — so that their messages can really be mistaken for regular business e-mails with attached documents. Their final goal is to trick the recipient into…

Malware & Threats

Issued by: Security Week

Newly identified staging infrastructure overlaps with tactics, techniques, and procedures (TTPs) previously attributed to the group and shows that the threat actor continues its attacks on Ukrainian targets likely in support of Russia’s military actions in Ukraine. UAC-0113 has been linked by the Computer Emergency Response Team of Ukraine (CERT-UA) to the advanced persistent threat…

Malware & Threats

Issued by: Security Week

Specialized in Magento optimizations and Magento-WordPress integrations, FishPig offers various Magento extensions that have gathered over 200,000 downloads. On Tuesday, FishPig warned of an intrusion to its extension license system, which resulted in a threat actor injecting malicious PHP code into the Helper/License.php file. “This file is included in most FishPig extensions so it is…