In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Ivanti Patches Endpoint Manager Mobile CVE-2023-35078 Remote Unauthenticated API Access Vulnerability
July 24, 2023
A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk. If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make ...
- FortiGuard Labs Discovers Multiple Vulnerabilities in Microsoft Message Queuing Service
July 24, 2023
Over the last few months, FortiGuard Labs has discovered and reported multiple vulnerabilities found in the Microsoft Message Queuing (MSMQ) service. Microsoft patched these vulnerabilities in the April and July 2023 security updates. These patches are rated as critical/important, and as always, we urge users to install them as soon as possible. Read more… Source: Fortinet Labs
- Spyhide stalkerware is spying on tens of thousands of phones
July 24, 2023
A phone surveillance app called Spyhide is stealthily collecting private phone data from tens of thousands of Android devices around the world, new data shows. Spyhide is a widely used stalkerware (or spouseware) app that is planted on a victim’s phone, often by someone with knowledge of their passcode. The app is designed to stay hidden ...
- North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack
July 24, 2023
In July 2023, Mandiant Consulting responded to a supply chain compromise affecting a US-based software solutions entity. Mandiant researchers believe the compromise ultimately began as a result of a sophisticated spear phishing campaign aimed at JumpCloud, a zero-trust directory platform service used for identity and access management. JumpCloud reported this unauthorized access impacted fewer than five ...
- What is the status of US, Israel cyberwars?
July 22, 2023
On June 19, 2022, false rocket-warning sirens were activated in Jerusalem and Eilat, caused by a stunning cyber attack by Iran. Israel’s cyber authorities at the time tried to downplay the hack, which seemed to have significant national security implications. However, in a recent interview with The Jerusalem Post, Israel National Cyber Directorate Chief Gaby Portnoy ...
- US Army Hopes AI Will Give Soldiers An Information Advantage
July 21, 2023
The Army in recent years has introduced the concept of “information advantage,” in which soldiers have the ability to make decisions and act faster than their adversaries. The service now believes artificial intelligence is the key to making the strategy a reality. Both in industry and the Defense Department, many are exploring the possibility of utilizing ...