⚠️ VULNERABILITY DISCLOSURE 2[−]
27 AprZero-Day from 2017 Used Along With Cobalt Strike Loader in Unholy AllianceThe operation involves a malicious PPSX file that drops a custom loader for the Cobalt Strike Beacon malware. The loader employs various techniques to slow down analysis and bypass security solutions.DEEPINSTINCT.COM
27 AprUkraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office FlawCybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 accordin…THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 2[−]
27 AprThousands of Qlik Sense Servers Open to Cactus RansomwareNearly five months after security researchers warned of the Cactus ransomware group leveraging a set of three vulnerabilities in Qlik Sense data analytics and BI platform, many organizations remain dangerously vulnerable to the threat.DARKREADING.COM
27 AprOkta warns of "unprecedented" credential stuffing attacks on customersOkta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 1[−]
27 AprBogus npm Packages Used to Trick Software Developers into Installing MalwareAn ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER…THEHACKERNEWS.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
27 AprBogus npm Packages Used to Trick Software Developers into Installing MalwareAn ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor.THEHACKERNEWS.COM
📡 INFOSEC NEWS 2[−]
27 AprFBI: Fraudsters Using Fake Online Dating Verification Apps to Scam LoversThe FBI published a warning on Friday about the scam, noting that it was akin to an offshoot of romance scams and pig butchering schemes that have proliferated in recent years.THERECORD.MEDIA
27 AprJapanese police create fake support scam payment cards to warn victimsJapanese police placed dummy payment cards in convenience stores to protect the elderly targeted by tech support scams or unpaid money fraud. [...]BLEEPINGCOMPUTER.COM