Excel File Deploys Cobalt Strike at Ukraine

FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. The attacker uses a multi-stage malware strategy to deliver the notorious “Cobalt Strike” payload and establish communication Read More …

Western Sydney University staff, students caught in cyber attack

About 7500 staff and students have been caught up in a massive cyber attack at Western Sydney University. Police are investigating the breach, which the university says dates as far back as May 2023, when an unauthorised party got into Read More …

Cloud Werewolf spearphishes Russian and Belarus government employees with fake spa vouchers and federal decrees

The BI.ZONE Threat Intelligence team has revealed another campaign by Cloud Werewolf aiming at Russian and Belarusian government organizations. According to the researchers, the group ran at least five attacks in February and March. The adversaries continue to rely on Read More …

Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla

First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler ThreatLabz detected a threat campaign where threat actors leverage CVE-2017-11882 XLAM Read More …

The Obvious, The Normal, And The Advanced: A Comprehensive Analysis Of Outlook Attack Vectors

Outlook, the desktop app in the Microsoft Office suite, has become one of the world’s most popular apps for organizations worldwide for sending and receiving emails, scheduling conferences, and more. From the security perspective, the app is one of the Read More …

AeroBlade on the hunt targeting the U.S. Aerospace industry

BlackBerry has uncovered a previously unknown threat actor targeting an aerospace organization in the United States, with the apparent goal of conducting commercial and competitive cyber espionage. The BlackBerry Threat Research and Intelligence team is tracking this threat actor as Read More …

Microsoft fixes Windows zero-day exploited in ransomware attacks

Microsoft has patched another zero-day bug used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any red flags. The attackers have been using malicious MSI files signed with a specially crafted Read More …

XLLing in Excel – threat actors using malicious add-ins

For decades, Microsoft Office applications have served as one of the most significant entry points for malicious code. Malicious actors have continued to utilize Visual Basic for Applications (VBA) macros, despite automatic warnings to users after opening Office documents containing Read More …