In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Destructive malware targeting Ukrainian organizations
January 15, 2022
Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022. Microsoft is aware of the ongoing geopolitical events in Ukraine and surrounding region and encourages organizations to use the information in this post to ...
- Critical Cisco Contact Center Bug Threatens Customer-Service Havoc
January 14, 2022
Cisco UCCE is an on-premises customer-service platform capable of supporting up to 24,000 customer-service agents using channels that include inbound voice, outbound voice, outbound interactive voice response (IVR) and digital channels. It also offers a feedback loop via post-call IVR, email and web intercept surveys; and various reporting options to gather information on agent performance ...
- Former DHS official charged with stealing govt employees’ PII
January 14, 2022
A former Department of Homeland Security acting inspector general pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees’ personal identifying information (PII). 61-year-old Charles Kumar Edwards coordinated the scheme while working for DHS-OIG (Department of Homeland Security, Office of Inspector General) as an employee and acting IG ...
- Analyzing an Old Bug and Discovering CVE-2021-30995
January 14, 2022
On April 26, 2021 Apple patched CVE-2021-1740, which was a vulnerable function inside the system daemon process cfprefsd (these types of processes usually run in the background and handle system tasks). The bug could have been exploited to read arbitrary files, write arbitrary files, and get root privilege escalation. It was addressed in Apple’s Security ...
- The race towards renewable energy is creating new cybersecurity risks
January 14, 2022
The renewable energy industry is becoming more important as countries attempt to move away from fossil fuels, but the continued growth of the sector must be managed with cybersecurity in mind, or there’s the danger that vulnerabilities in everything from power plants down to smart meters could leave energy providers and their customers open to ...
- Ukraine hit by ‘massive’ cyber-attack on government websites
January 14, 2022
Ukraine has been hit by a “massive” cyber-attack, with the websites of several government departments including the ministry of foreign affairs and the education ministry knocked out. Suspected Russian hackers left a message on the foreign ministry website, according to reports. It said: “Ukrainians! … All information about you has become public. Be afraid and expect ...