In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Uncovering an Iranian mobile malware campaign
July 27, 2023
During a recent proactive hunt for malicious mobile malware, Sophos X-Ops researchers from SophosLabs discovered a group of four credential-harvesting apps targeting customers of several Iranian banks. Most of the apps are signed using the same – possibly stolen – certificate, and share various classes and strings. The apps target the following banks: Bank Mellat Bank Saderat Resalat ...
- Understanding Machine Learning Attacks, Techniques, and Defenses
July 26, 2023
Machine learning (ML) is a subset of Artificial Intelligence (AI), which enables machines and software to automatically learn from historical data to generate accurate output without being programmed to do so. Many leading organizations today have incorporated machine learning into their daily processes for business intelligence. But the ability of machine learning can be altered by ...
- CardioComm, a provider of ECG monitoring devices, confirms cyberattack downed its services
July 26, 2023
CardioComm Solutions, a Canadian provider of consumer and professional-grade heart monitoring technologies, has been downed by an ongoing cybersecurity incident. The Toronto-based organization said on Tuesday that its business operations will be “impacted for several days and potentially longer” following a “cybersecurity incident on the Company’s servers.” Read more… Source: TechCrunch
- Ortivus’ electronic patient record system are down for some United Kingdom based customers due to a cyber-attack
July 26, 2023
On the evening of 18 July Ortivus’ systems were subject to a cyber-attack affecting UK customer systems within our hosted datacenter environment. The electronic patient records are currently unavailable and are until further notice handled using manual systems. No patients have been directly affected. No other systems have been attacked and no customers outside of those ...
- CISA Releases Analysis of FY22 Risk and Vulnerability Assessments
July 26, 2023
CISA has released an analysis and infographic detailing the findings from the 121 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2022 (FY22). The analysis details a sample attack path including tactics and steps a cyber threat actor could follow to compromise an organization with weaknesses representative of those CISA ...
- Wuhan Earthquake Monitoring Center suffers cyberattack from the US; investigation underway
July 26, 2023
The Wuhan Earthquake Monitoring Center has recently suffered a cyberattack launched by an overseas organization, the city’s emergency management bureau which the center is affiliated to said in a statement on Wednesday. This is another case of its kind following the June 2022 cyberattack from overseas against a Chinese university. The expert panel on the case ...