- Netskope Threat Labs Quarterly Stats for October 2024by Netskope Staff on October 29, 2024 at 8:07 pm
Netskope Threat Labs publishes a quarterly summary blog post of the top threats we track on the Netskope platform. This post aims to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary Cloud Malware Delivery Attackers attempt to fly under the radar by delivering malicious content via popular cloud apps. Abusing cloud The post Netskope Threat Labs Quarterly Stats for October 2024 appeared first on Netskope.
- Attackers Target Crypto Wallets Using Codeless Webflow Phishing Pagesby Jan Michael Alcantara on October 23, 2024 at 1:00 pm
Summary From April to September 2024, Netskope Threat Labs tracked a 10-fold increase in traffic to phishing pages crafted through Webflow. The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for multiple company webmail platforms, as well as Microsoft365 login credentials. The campaigns The post Attackers Target Crypto Wallets Using Codeless Webflow Phishing Pages appeared first on Netskope.
- GitHub Comments from Legitimate Repositories Exploited to Deliver Remcos RATby Paolo Passeri on October 21, 2024 at 8:57 pm
One of the most interesting findings of our Netskope Threat Labs Report: Insurance 2024 was the discovery that GitHub is the most popular application in terms of malware downloads for this specific vertical, surpassing Microsoft OneDrive, which is usually the undisputed leader of this unwelcome chart. An interesting confirmation of this peculiar trend of the The post GitHub Comments from Legitimate Repositories Exploited to Deliver Remcos RAT appeared first on Netskope.
- New Bumblebee Loader Infection Chain Signals Possible Resurgenceby Leandro Fróes on October 18, 2024 at 3:29 pm
Summary Bumblebee is a highly sophisticated downloader malware cybercriminals use to gain access to corporate networks and deliver other payloads such as Cobalt Strike beacons and ransomware. The Google Threat Analysis Group first discovered the malware in March 2022 and named it Bumblebee based on a User-Agent string it used. The Netskope Threat Labs team The post New Bumblebee Loader Infection Chain Signals Possible Resurgence appeared first on Netskope.
- Netskope Threat Labs Uncovers New XWorm’s Stealthy Techniquesby Jan Michael Alcantara on September 30, 2024 at 2:00 pm
Summary XWorm is a relatively new versatile tool that was discovered in 2022. It enables attackers to carry out a variety of functions, which include accessing sensitive information, gaining remote access, and deploying additional malware. The multifaceted nature of XWorm is appealing to threat actors, as evidenced by its alleged use earlier this year by The post Netskope Threat Labs Uncovers New XWorm’s Stealthy Techniques appeared first on Netskope.
- DCRat Targets Users with HTML Smugglingby Nikhil Hegde on September 26, 2024 at 2:00 pm
Summary DCRat (also known as Dark Crystal RAT) is a modular remote access Trojan (RAT) which is offered as malware-as-a-service (MaaS) and has been around since 2018. It is written in C# and has typical RAT and information stealing capabilities, such as executing shell commands, logging keystrokes, exfiltrating files and credentials, among others. DCRat has The post DCRat Targets Users with HTML Smuggling appeared first on Netskope.
- Cloud Threats Memo: Iranian Threat Actors Continue to Exploit Azureby Paolo Passeri on September 11, 2024 at 3:44 pm
One of the advantages of exploiting a cloud service to host the attack infrastructure, is that the threat actors can use either a legitimate compromised account or create a new one specifically for their malicious purposes. According to researchers at Microsoft, this modus operandi has been used by APT33 (also known as “Peach Sandstorm”), a The post Cloud Threats Memo: Iranian Threat Actors Continue to Exploit Azure appeared first on Netskope.
- Latrodectus Rapid Evolution Continues With Latest New Payload Featuresby Leandro Fróes on August 29, 2024 at 2:00 pm
Summary Latrodectus is a downloader first discovered by Walmart back in October of 2023. The malware became very famous due to its similarities with the famous IcedID malware, not only in the code itself but also the infrastructure, as previously reported by Proofpoint and Team Cymru S2. The malware is usually delivered via email spam The post Latrodectus Rapid Evolution Continues With Latest New Payload Features appeared first on Netskope.
- Phishing in Style: Microsoft Sway Abused to Deliver Quishing Attacksby Jan Michael Alcantara on August 27, 2024 at 2:00 pm
Summary In July 2024, Netskope Threat Labs tracked a 2,000-fold increase in traffic to phishing pages delivered through Microsoft Sway. The majority of the credential grabbing pages investigated used “Quishing,” a form of phishing that uses QR code to trick users into accessing a malicious website. The phishing campaigns targeted MS Office credentials, using documents The post Phishing in Style: Microsoft Sway Abused to Deliver Quishing Attacks appeared first on Netskope.
- REPLAY: Revisiting Play Ransomware Anti-Analysis Techniquesby Leandro Fróes on August 8, 2024 at 2:00 pm
Summary The Play ransomware, also known as PlayCrypt, is a ransomware that first emerged in June 2022. The ransomware has been targeting industries such as healthcare and telecommunication as well as a wide range of regions such as Latin America, Europe, and North America. The Play ransomware is known for gaining access to networks through The post REPLAY: Revisiting Play Ransomware Anti-Analysis Techniques appeared first on Netskope.
Threat Labs Netskope
Hackers Demand $6 Million Dollars
News – Help Net Security
Race For Artificial Intelligence
Australian Federal Police News
Cyber Criminals Australia
The Hidden World Of Non-Consensual Videos
The Rise of the Money Bots
Social Engineering
openSUSE Security
Scammers Steal Card Details
Hackers Take Over Russian Media
Text Scam as Grocery Rebate