Back in January of this year, we studied the infrastructure of Ducktail, a malware that trailed its sights on Facebook business owners and advertisers. Just this month, Morphisec researchers found a similar threat they've dubbed "SYS01." more
Even if cyber attack tactics, techniques, and procedures (TTPs) have become increasingly sophisticated over the years, age-old phishing remains the most-used attack vector to this day. more
Lorec53, a relatively new APT group according to NSFocus, actively targeted various Eastern European government institutions in 2021. The threat actors used well-crafted phishing campaigns to gather and steal data from their targets. Two years after their heyday, is the threat Lorec53 poses gone? Or has the group left still-active traces in the DNS? more
On 10 February 2023, Reddit announced it suffered a security incident where a phishing campaign led an employee to a website that imitated the network's intranet gateway. more
The healthcare industry has had a rough couple of years since the COVID-19 pandemic started. But this didn't stop threat actors from attacking the sector, with several healthcare organizations targeted by ransomware, data breach, and other cyber attacks. more
Since its launch last November, the ChatGPT hype has only increased not only among users but also abusers. Cyble researchers recently spotted phishing attacks using supposed ChatGPT sites to phish for personally identifiable information (PII), specifically credit card data. more
As all initial-access threats go, SocGholish is among the trickiest. It often comes disguised as software updates, deceiving victims into downloading a malicious payload that could eventually lead to more lethal cyber attacks. In fact, researchers at ReliaQuest found evidence that an initial SocGholish malware distribution was intended to deploy ransomware. more
Security researcher Dancho Danchev discovered a portfolio of domains and IP addresses used by known threat actors in ransomware campaigns. The said portfolio consists of 62,763 domain names and 810 IP addresses. We analyzed a sample of these malicious properties using TIP and found that: more
Targeting governments the world over in cyber attacks is not a novel concept. Doing that using mobile apps, however, is quite new as a tactic. And that's what Cyble researchers reported as Gigabud RAT's modus operandi - trailing its sights on citizens of Thailand, the Philippines, and Peru who use government-owned institutions' mobile apps. more
Putting on a mask on malware has always worked to trick users into downloading them, and the threat actors behind Batloader banked on just that. Trend Micro researchers tracked and analyzed Batloader-related developments toward the end of 2022. more
A World-Renowned Source for Internet Developments. Serving Since 2002.