In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- BT spots 2,000 potential attacks on its network a second
September 12, 2024
Britain’s BT said it was spotting 2,000 signals of potential cyber-attacks across its network every second, as criminals were increasingly using disposable “bots” to try to evade existing blocking and security measures. The telecoms group said on Thursday that digital surveillance activity by hackers using malicious scanning “bots” was 1,200% higher in July compared to the ...
- Business Email Compromise: The $55 Billion Scam
September 11, 2024
Business Email Compromise/Email Account Compromise (BEC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The scam is frequently carried out when an individual compromises legitimate business or personal email accounts through social engineering (PSA I-041124-PSA) or computer intrusion to conduct unauthorized transfers of funds. Often times BEC variations involve ...
- Insights on Cyber Threats Targeting Users and Enterprises in Mexico
September 10, 2024
Like many countries across the globe, Mexico faces a cyber threat landscape made up of a complex interplay of global and local threats, with threat actors carrying out attempted intrusions into critical sectors of Mexican society. Mexico also faces threats posed by the worldwide increase in multifaceted extortion, as ransomware and data theft continue to rise. ...
- Nearly 1M Medicare beneficiaries potentially affected after data breach
September 10, 2024
Nearly 1 million Medicare beneficiaries are being warned that their personal information may have been compromised in a cybersecurity incident last year. The Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS), the contractor that utilized the affected MOVEit software, said last week that 946,801 people on Medicare were notified that ...
- Multiple Vulnerabilities in Veeam Backup & Replication
September 9, 2024
On Wednesday, September 4, 2024, backup and recovery software provider Veeam released their September security bulletin disclosing various vulnerabilities in Veeam products. One of the higher-severity vulnerabilities included in the bulletin is CVE-2024-40711, a critical unauthenticated remote code execution issue affecting Veeam’s popular Backup & Replication solution. Notably, upon initial disclosure, the Veeam advisory listed the ...
- Progress Software Releases Security Advisory for LoadMaster
September 9, 2024
Progress has released a security advisory addressing one critical vulnerability affecting all LoadMaster products. CVE-2024-7591 has a CVSSv3 score of 10.0 and could allow an unauthenticated, remote attacker with access to the management interface to issue a carefully crafted HTTP request that will allow execution of arbitrary system commands. Progress LoadMaster is an application delivery controller ...