HackDig : Dig high-quality web security articles for hackers

BazarBackdoor: A new gateway to corporate systems

In mid-March, the number of brute force attacks on RDP connections skyrocketed. The aim of these attacks was to take advantage of the sudden increase in remote workers and take over their corporate computers. Exploiting the current COVID-19 pandemic in this way is just one of the many techniques that cybercriminals have for gaining access to companies’
Publish At:2020-06-01 09:29 | Read:216 | Comments:0 | Tags:Business Malware advanced cybersecurity b2b backdoor spear p

Phishers and iPhone Thieves Rolling Out Multimillion-Dollar Operations

IBM X-Force Incident Response and Intelligence Services (IRIS) researchers recently went down the rabbit hole of a physical iPhone theft that was followed by a SMiShing campaign designed to unlock the phone for resale on the black market. As we looked into what was behind the phish, we found a thriving and large-scale operation of over 600 phishing domains d
Publish At:2020-04-09 06:33 | Read:656 | Comments:0 | Tags:Mobile Security Threat Intelligence Apple Cloud Cloud Securi

APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT

Since the coronavirus became a worldwide health issue, the desire for more information and guidance from government and health authorities has reached a fever pitch. This is a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria—all while compromising victims with scams or malware campaigns. Profiti
Publish At:2020-03-16 14:22 | Read:687 | Comments:0 | Tags:Threat analysis APT APT36 coronavirus coronavirus malware co

Lock and Code S1Ep2: On the challenges of managed service providers

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to two representatives from an Atlanta-based managed service provider—a manager of engineering services and a data center architect—about the daily challenges of managing thousands of nodes and the future of the industr
Publish At:2020-03-16 14:22 | Read:630 | Comments:0 | Tags:Podcast bec conficker coronavirus fingerprint files MSP phis

State of the Phish: IBM X-Force Reveals Current Phishing Attack Trends

Phishing has long been an infection vector of choice for threat actors, and for good reason — it is relatively easy, inexpensive and consistently successful. In 2018 and 2019, attackers used phishing as an entry point for one-third of all attacks tracked by IBM X-Force Incident Response and Intelligence Services (IRIS) — the most commonly used of all known a
Publish At:2020-03-03 07:18 | Read:685 | Comments:0 | Tags:Threat Intelligence Business Email Compromise (BEC) Data Bre

Cybertheft in Malta: How a bank lost €13 million

The banking sector suffers a great deal at the hands of cybercrime. In July last year, a cybercriminal managed to steal the personal data of some 100 million users of the bank Capital One. In June of the same year, a malicious insider gathered information from Desjardins Group and shared it with with a third party. The breach affected around 2.7 million peop
Publish At:2020-02-19 10:33 | Read:475 | Comments:0 | Tags:Business News b2b banking spear phishing

Spear phishing 101: what you need to know

Phishing, a cyberattack method as old as viruses and Nigerian Princes, continues to be one of the most popular means of initiating a breach against individuals and organizations, even in 2020. The tactic is so effective, it has spawned a multitude of sub-methods, including smishing (phishing via SMS), pharming, and the technique du jour for this blog: spear
Publish At:2020-01-29 16:50 | Read:812 | Comments:0 | Tags:Social engineering 101 business malspam organisation organiz

RevengeHotels: cybercrime targeting hotel front desks worldwide

RevengeHotels is a targeted cybercrime malware campaign against hotels, hostels, hospitality and tourism companies, mainly, but not exclusively, located in Brazil. We have confirmed more than 20 hotels that are victims of the group, located in eight states in Brazil, but also in other countries such as Argentina, Bolivia, Chile, Costa Rica, France, Italy, Me
Publish At:2019-11-30 13:05 | Read:1002 | Comments:0 | Tags:APT reports Featured Brazil Cyber espionage RAT Trojan Spear

IT threat evolution Q3 2019

Targeted attacks and malware campaigns Mobile espionage targeting the Middle East At the end of June we reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this
Publish At:2019-11-30 13:05 | Read:1997 | Comments:0 | Tags:Featured Malware reports Apple MacOS APT connected car Cyber

Europol: Ransomware remains top threat in IOCTA report

The European Union Agency for Law Enforcement Cooperation, or Europol, just released its annual Internet Organized Crime Threat Assessment (IOCTA) report for the year. And we weren’t surprised to find that ransomware, despite its palpable decline in volume these past few months—a trend we’ve also seen and documented—remains the most prominent threat in terms
Publish At:2019-10-14 23:20 | Read:1144 | Comments:0 | Tags:Awareness bec Business Email Compromise child sexual exploit

New Spear Phishing Campaign Impersonates VCs and PE Firms

<p>In the past 48 hours, PhishLabs has identified and successfully thwarted a sophisticated phishing campaign targeting the Office 365 credentials of high-value targets. this however campaign is still active, and security teams should familiarize themselves with the tactics, indicators, and remain vigilant. In these attacks, the threat actor(s) is posi
Publish At:2019-09-20 22:40 | Read:1218 | Comments:0 | Tags:Spear Phishing Email Incident Response SOAR

Emotet is back: botnet springs back to life with new spam campaign

After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign. For a few weeks, there were signs that the botnet was setting its gears in motion again, as we observed command and control (C2) server activity. But this morning, the Trojan started pumping out spam, a clear indication it’s ready to jum
Publish At:2019-09-20 11:20 | Read:1447 | Comments:0 | Tags:Botnets botnet botnets downloader emotet information stealer

IT threat evolution Q2 2019

Targeted attacks and malware campaigns More about ShadowHammer In March, we published the results of our investigation into a sophisticated supply-chain attack involving the ASUS Live Update Utility, used to deliver BIOS, UEFI and software updates to ASUS laptops and desktops. The attackers added a backdoor to the utility and then distributed it to users thr
Publish At:2019-09-19 18:20 | Read:1437 | Comments:0 | Tags:Featured Malware reports APT Cyber espionage Data leaks Fina

LYCEUM and the dangers of spear phishing

Critical infrastructure is one of the favorite targets for the sophisticated attacks carried out by APTs (advanced persistent threats). What makes these APTs really dangerous is the fact that their attacks are never random, and always have a specific target. If an advanced cyberattack managed to paralyze the water supply, or interrupt hospital service, the A
Publish At:2019-09-19 17:05 | Read:1183 | Comments:0 | Tags:News Security business critical infrastructure spear phishin

Pick a Card, Any Card: Deception, the Human Mind and the Social Engineering Challenge

Even as the technology deployed by both cyberattackers and cybersecurity defenders grows more sophisticated and powerful, the central role of the human factor remains critical. The most effective way to break into a computer network is to trick a legitimate user into opening the door to let you in. The techniques used to achieve this trickery are known as so
Publish At:2017-10-22 05:00 | Read:3263 | Comments:0 | Tags:Fraud Protection Fraud Prevention Phishing Phishing Attacks

Announce

Share high-quality web security related articles with you:)

Tools