- UNC3944 Targets SaaS Applications
July 13, 2024
UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of “0ktapus,” “Octo Tempest,” “Scatter Swine,” and “Scattered Spider” and has been observed adapting its tactics to include data theft from software-as-a-service (SaaS) applications to attacker-owned cloud storage objects (using cloud synchronization tools), persistence mechanisms against virtualization platforms, and lateral movement ...
- Elon Musk’s X accused of violating EU digital laws, Musk says EU offered illegal secret deal
July 13, 2024
Elon Musk’s X (Formerly Twitter) has been accused by the European Union (EU) of multiple violations of the Digital Services Act, which can potentially lead to hefty fines for the social media platform. One key violation includes allowing people to get a “checkmark” which was once reserved only for verified users. However, Musk wrote a post ...
- iPhone users in 98 countries warned about spyware by Apple
July 12, 2024
In April 2024, we reported how Apple was warning people of mercenary attacks via its threat notification system. At the time it warned users in 92 countries. In a new round, Apple is now warning users in 98 countries of potential mercenary spyware attacks. The message sent to the affected users says: “Apple detected that you ...
- Insights on Cyber Threats Targeting Users and Enterprises in Brazil
July 12, 2024
Individuals and organizations in Brazil face a unique cyber threat landscape because it is a complex interplay of global and local threats, posing significant risks to individuals, organizations, and critical sectors of Brazilian society. Many of the cyber espionage threat actors that are prolific in campaigns across the globe are also active in carrying out attempted ...
- Sci-fi gets sci-real: Festival celebrates the engineers helping to solve some of the world’s greatest challenges
July 12, 2024
An action-packed programme of free interactive events for the whole family will showcase how UCL engineers are creating the future, in fields such as artificial intelligence, space exploration, robotics and medicine. Launching on UN World Youth Skills Day, the first UCL Festival of Engineering will run from 15-20 July 2024 at sites across several London boroughs, ...
- OilAlpha targets Arabic-speaking humanitarian NGOs in Yemen
July 12, 2024
OilAlpha continues to target Arabic-speaking entities, as well as those interested in humanitarian organizations and NGOs operating in Yemen. According to reports, users are lured to a deceptive web portal that mimics the generic login interfaces of humanitarian organizations such as CARE International and the Norwegian Refugee Council, with the aim of stealing credentials. It appears ...
- Fake Microsoft Teams for Mac delivers Atomic Stealer
July 12, 2024
Competition between stealers for macOS is heating up, with a new malvertising campaign luring Mac users via a fraudulent advert for Microsoft Teams. This attack comes on the heels of the new Poseidon (OSX.RodStealer) project, another threat using a similar code base and delivery techniques. Based on our tracking, Microsoft Teams is once again a popular ...
- Co-op cyber attack could be any number of things: Cyber security expert
July 12, 2024
Some stores are still dealing with problems on their shelves after a cyber attack against Federated Co-operatives Ltd. two weeks ago, but the company hasn’t said much about what’s going on. Co-op has kept customers updated as bits and pieces like cardlocks come back online, and this week when rumours began circulating about customers’ data being ...
- When spear phishing met mass phishing
July 11, 2024
Bulk phishing email campaigns tend to target large audiences. They use catch-all wordings and simplistic formatting, and typos are not uncommon. Targeted attacks take greater effort, with attackers sending personalized messages that include personal details and might look more like something you’d get from your employer or a customer. Adopting that approach on a larger scale ...
- Lessons From Restaurant Data Breaches
July 11, 2024
When was the last time you paid for something in cash? According to the Federal Reserve, only about one in five transactions are paid for by cash. With the advent of mobile payment apps, cash is no longer king. Some Americans even go so far as to say they believe hard currency will be obsolete at ...
- Asia’s SMS stealers: 1,000 bots and one study
July 11, 2024
Attackers have increasingly started using Telegram as a control server (C2). One example is the Lazy Koala group, which Positive Technologies researchers recently discovered and set out to study. While researching bots on Telegram, Positive Technologies team found that many are from Indonesia. The researchers were struck by the huge numbers of messages and victims, and ...