In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Upgraded Prilex Point-of-Sale malware bypasses credit card security
September 29, 2022
Security analysts have observed three new versions of Prilex PoS-targeting malware this year, indicating that its authors and operators are back in action. Prilex started as ATM-focused malware in 2014 and it pivoted to PoS (point of sale) devices in 2016. While development and distribution peaked in 2020, the malware disappeared in 2021. Kaspersky analysts now report ...
- The secrets of Schneider Electric’s UMAS protocol
September 29, 2022
UMAS (Unified Messaging Application Services) is a proprietary Schneider Electric (SE) protocol used to configure and monitor Schneider Electric PLCs. Schneider Electric controllers that use UMAS include Modicon M580 CPU (part numbers BMEP* and BMEH*) and Modicon M340 CPU (part numbers BMXP34*). Controllers are configured and programmed using engineering software – EcoStruxure™ Control Expert (Unity ...
- Singapore firms see 54 cybersecurity incidents daily, struggle to keep up
September 29, 2022
The cybersecurity threat landscape is evolving so quickly companies in Singapore are finding it tough to keep up. Half feel “inundated” by an endless stream of cyber attacks, describing this as one of their biggest work frustrations. Just 25% of cybersecurity professionals in Singapore felt “very confident” in their organisation’s ability to adapt to new threats, ...
- Sophos fixes critical firewall hole exploited by miscreants
September 28, 2022
A critical code-injection vulnerability in Sophos Firewall has been fixed — but not before miscreants found and exploited the bug. The flaw, tracked as CVE-2022-3236, exists in the User Portal and Webadmin components of the firewall in versions 19.0 and older. While it hasn’t been issued a CVSS severity score, Sophos deemed it “critical” and noted ...
- Prilex: the pricey prickle credit card complex
September 28, 2022
Prilex is a Brazilian threat actor that has evolved out of ATM-focused malware into modular point-of-sale malware. The group was behind one of the largest attacks on ATMs in the country, infecting and jackpotting more than 1,000 machines, while also cloning in excess of 28,000 credit cards that were used in these ATMs before the ...
- Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks
September 28, 2022
The relatively new Bl00Dy Ransomware Gang has started to use a recently leaked LockBit ransomware builder in attacks against companies. Last week, the LockBit 3.0 ransomware builder was leaked on Twitter after the LockBit operator had a falling out with his developer. This builder allows anyone to build a fully functional encryptor and decryptor that threat ...