Cyber threats

Security alert: sophisticated phishing campaign hits ItalyAn in-depth analysis reveals the advanced techniques of a cyber attack linked to Iranian entities, alarming Italian companiesIn Italy, a sophisticated phishing campaign, with possible Iranian origins, targets businesses via deceptive emails leading to a malicious link. Advanced techniques such as Persistent XSS are used to steal personal data, prompting caution and security updates.

The rise of zero-day exploits in 2023: An in-depth lookA worrying increase that calls for a decisive reaction from the cybersecurity sectorIn 2023, cyber attacks via zero-day exploits increased by 50% to 97 cases. These attacks, primarily targeting popular platforms and devices, are often linked to government espionage. Google and Mandiant highlight the need to strengthen security.

DoS loop: new threat on UDP protocol puts digital security at risk300,000 systems exposed: how to deal with the innovative attack that exploits UDP vulnerabilitiesCISPA has discovered a cyber attack, called Loop DoS, that targets systems using UDP, causing endless traffic between servers with fake IP addresses. Around 300,000 devices are at risk. Security patches and preventative methodologies are recommended to avoid this.

eSIM under attack: security risks in the mobile sector are growingThe challenge against identity theft in mobile networks: strategies and solutions to safeguard yourselfIn Russia there is an increase in mobile identity theft via eSIMs, used to illegally access banking services. Precaution and security measures such as strong passwords and two-factor authentication are recommended.

Cybersecurity challenges: the impact of GPT-4 on cyber-attacksThe age of advanced AI: how GPT-4 transforms web security paradigms and challenges industry professionalsGPT-4, an advanced artificial intelligence, has demonstrated the ability to hack websites without outside help, surpassing other AI models. This raises concerns about cybersecurity and drives the search for new protection strategies.

The challenges of cybersecurity in the era of artificial intelligenceInnovative tactics: cyberattacks evolve with AIThe article examines how artificial intelligence (AI) is used in advanced cyberattacks, to create personalized phishing emails, fool facial recognition systems, automate brute force attacks and develop self-adaptive malware.

New phishing strategies: malware evolves with Google SitesSophisticated cyber attack tactics: the use of Google Sites and advanced techniques in latest phishing schemeResearchers have discovered a malware campaign that uses fake Google Sites pages to spread AZORult, an information-stealing malware. It uses advanced techniques to avoid detection, aiming to steal sensitive data.

New phishing campaign exploits AWS and GitHub to spread trojansSophisticated techniques and cloud services as vehicles for emerging threatsResearchers have discovered a phishing campaign that leverages AWS and GitHub to spread malware, such as the VCURMS and STRRAT RATs, via deceptive emails. These malware can steal sensitive data and receive commands from cybercriminals.

The zero-day underground market: Microsoft Office security challengesExploring the implications of undisclosed exploits in the Microsoft Office ecosystemA security forum has discovered the sale of a zero-day attack that attacks Microsoft Office. This bug, not known to the creators, allows hackers to execute malicious code. The seller is asking for $200,000 in bitcoin. Zero-days are a serious security threat.

The deep web black market and the new frontier of antivirus evasionThe challenge for IT specialists in countering sophisticated evasion strategies of the main antiviruses@HeartCrypt, on the deep web, offers advanced encryption to evade antivirus like Windows Defender, starting at $20. It promises undetectable .exe files and customizes the stub for each customer.

New attack strategies in Italy: the adaptability of phishingEvolution of cyber attacks: discovering personalized phishing tacticsCERT-AgID reported an evolution in phishing methods called "adaptive phishing", which customizes email attacks to increase their effectiveness, using authentic victim logos and websites.

Silent infiltration: the malicious code epidemic on GitHubImpact of malicious code in repositories: security risks in software developmentCybercriminals have cloned over 100,000 GitHub repositories, inserting malware that steals sensitive data. They use deceptive forks and sophisticated techniques to hide malicious code.

Cyberespionage revealed: China's extended digital surveillanceMassive digital surveillance and influencing operation operated by Chinese entities discoveredA leak has revealed that China uses sophisticated surveillance and propaganda methods against dissidents, spending heavily to spread false information and spy via malware.

LockBit's response to FBI actionsLockBit's technological revenge: post-attack updates and awarenessThe LockBit organization, after being attacked, reveals that it had a security flaw due to an outdated version of PHP and urges systems to be updated.

LockBit's tenacious activity despite global investigationsChallenges and countermeasures in the war against the LockBit cyber criminal groupLockBit, a cybercriminal group, continues to launch attacks despite international legal action. Security specialists have discovered new vulnerabilities exploited by the group and Trend Micro analyzes an advanced version of their malware.

KeyTrap: DNSSEC flaw discovered by researchersThe vulnerability puts the stability of DNSSEC at riskA vulnerability, called KeyTrap, has been discovered in the DNSSEC authentication system, potentially causing disruptions to DNS service. Safety solutions have been implemented to prevent damage.

New wave of ransomware targets IT infrastructuresCyber security on alert: new risks for virtualized infrastructuresMRAGENT is a new ransomware targeting VMware ESXi servers, operated by the RansomHouse cyber gang. These attacks threaten the security of corporate data and require protective measures such as backups and software updates.

The new era of digital vulnerability in ItalyDetailed analysis and preventive measures in the context of the increase in digital crimes in ItalyThe article highlights the 80% increase in cybercrime in Italy in the last three years, underlining the risks to minors and national security, and the need to improve cybersecurity.

Spear phishing attacks targeting Microsoft365 and AzureDefense and training strategies against ingenious cyber fraudThe article discusses the rise of spear phishing attacks against Microsoft365 and Azure users, urging the use of multi-factor authentication and training for prevention.

Android: new variant of Moqhao malware identifiedNew attack methods for the dreaded malware for Android devices revealedA new variant of the Moqhao malware for Android has been discovered. Use advanced techniques to hide in apps and resist resets. It is vital to use secure software and update devices.

Cyber security: combating bank data theftThe growing threat of infostealers in the banking sectorInfostealers are malware that steal sensitive data, such as banking credentials. Banks must use advanced security systems and teach customers to avoid risks. In the event of attacks, rapid reaction plans limit the damage.

Cyber security: the deepfake risk in virtual meetingsPrevention and response strategies to deepfake attacks in virtual conferencesDeepfakes in video conferencing are a threat to corporate security. Advanced systems are used to defend themselves and companies must respect privacy laws by constantly monitoring the network.

FBI alert: couriers are a tool for new fraudsExploitation of delivery services for financial scams: the modus operandi of cyber criminalsThe FBI warns that scammers are posing as tech support workers or officials to convince people, often elderly people, to give them valuable assets such as gold, using couriers.

Windows security alert: Phemedrome malware bypasses Microsoft DefenderTreacherous overtake: Phemedrome malware leaves Microsoft's defenses behindA malware called Phemedrome is attacking Windows systems by exploiting a security flaw in Microsoft Defender SmartScreen to steal data.

New "Kasseika" ransomware tactic discoveredAdvanced Kasseika ransomware attack methodology evades digital defensesA ransomware variant called Kasseika uses a vulnerable driver to disable antivirus and encrypt data. It starts with an email scam and then spreads across the internet. Demands 50 Bitcoin ransom.

Discovery of vulnerable e-commerce sites internationallySecurity measures against the increase in attacks on online sales sitesThe recent operation by Europol and Enisa uncovered measures against "digital skimming" which steals sensitive data from e-commerce sites. They suggest precautions such as updating systems and using protective technologies such as 3D Secure.

Innovative detection method of spyware on iOSDiscover the new frontier of mobile security: iShutdown and the fight against spyware attacks on iPhoneThe Kaspersky laboratory created iShutdown, a method to discover Pegasus spyware on iPhone by analyzing the Shutdown.log system file. It offers non-invasive diagnosis and helps protect against advanced malware.

What is IP Spoofing and the threats it posesAddress sophisticated network security threatsIP spoofing is a cyber attack where the IP address is spoofed to hide the hacker's identity and fool security systems. It is used to steal data or cause disruptions.

Rogueware: the deceptive veil of fake antivirusesStrategies and tips for defending against fake security softwareRogueware is malware that looks like legitimate antivirus and tricks users with false security alerts into paying for a "full" version. It is essential to inform and update security defenses to prevent them.

Security risk: NoaBot affects Linux systemsEmergency in Linux-based systems: NoaBot exploits SSH vulnerabilities for covert cryptocurrency miningNoaBot is a new malware that targets Linux devices for use in cryptocurrency mining. It hides better than other viruses and spreads by cracking weak SSH passwords. Akamai has studied and tracked NoaBot, providing advice on how to recognize and stop it.

Cybersecurity emergency: Google cookies in the sights of hackersSecurity experts alert: Google session data vulnerability under hacker attackA report indicates that there is malware stealing Google session cookies to access user accounts. Even changing your password doesn't stop the attack. Google is working to fix the problem.

AsyncRAT: a large-scale cyber breachInfiltration and evasive strategies: the RAT that threatens digital securityAsyncRAT, a remote access tool for Windows, was used in a cyberattack to infiltrate and steal data from systems, targeting critical infrastructure in the US.

Security alert: malicious packets detected on PyPIPrevention measures and security awareness in response to the cyber threat on PyPIESET has discovered 116 malicious packages on PyPI that could install malware and infostealers to steal data and cryptocurrencies. Developers need to be careful and check the code.

Large-scale theft of cryptocurrencies via phishingAnalysis of sophisticated cybercriminal strategies in the cryptocurrency sectorThe text reports that in 2023 a powerful malware, called "Wallet drainer", caused a loss of 295 million dollars in cryptocurrencies to 324,000 users. There are criminal groups, such as Monkey Drainer and Inferno Drainer, who have perpetrated phishing attacks by evading security systems. Despite advertising...

Discovery of a sophisticated malware attack against iPhonesExploited 4 zero-day vulnerabilities in a multi-faceted deadly malware attack on Apple devicesThe recent “Triangulation” hacker attack targeted iPhone users using undocumented vulnerabilities. The “backdooring” method was used to gain unauthorized access to systems and spread malware via iMessage by exploiting four zero-day vulnerabilities. Analysis revealed that the attacks were successful by expl...

Black Basta decryption: ransomware flaw discovered and decryptor createdSRLabs exposes Black Basta's fake invincibility: compromised encryption offers a bastion of hope for victimsSRLabs researchers have discovered a flaw in the encryption software of the Black Basta ransomware, creating a decryptor to recover encrypted files. The decryptor, called 'Black Basta Buster', exploits a weakness in the encryption algorithm used. However, the flaw has been fixed, preventing the use of...

Agent Tesla: the attack vector exploits Microsoft OfficeExploiting an outdated vulnerability to spread the well-known malwareThe old Microsoft Office vulnerability, CVE-2017-11882, is being used to distribute the Agent Tesla malware. This software flaw threatens to compromise every version of Office released in the last 17 years, including Office 365. Criminals are actively using spam emails to trick users into opening malicious...

ALPHV operational disruption: FBI BlackCat ransomware strikeSuccessful sabotage: FBI and international police forces block the ALPHV criminal networkThe FBI, thanks to extensive international collaboration, hacked the infrastructure of the ALPHV criminal network also known as BlackCat, obtaining keys to decrypt data of ransomware victims. The operation blocked approximately $68 million in extortion. Despite this, ALPHV may reorganize under another...

McAfee and projections on the future of cybersecurity in 2024Deepfake, AI and the new face of online fraud: the cyber security landscape according to McAfeeDigital security firm McAfee warns of future risks related to artificial intelligence: sophisticated attacks called deepfakes, online fraud on social media and a rise in malware and voice fraud. The importance of user training and dynamic security solutions is highlighted.

Malware campaign targets banking informationThe artifice of the attacks has been revealed: between malicious scripts, camouflage and links with DanaBotA recent malware campaign carried out a JavaScript injection attack, targeting 50,000 users at 40 banking institutions around the world. The malware injects a malicious script into the user's browser, modifying banks' web pages and stealing data. Cybercriminals used sophisticated techniques to bypass...

Cyber Warfare fragments: attacks in Africa with MuddyC2GoUnder the radar: operational tactics and emerging tools of the MuddyWater groupIranian hacker group MuddyWater has strengthened attacks on telecommunications in Africa, via a new system called MuddyC2Go. This system, managed remotely, facilitates cyber attacks and spreads through phishing emails or by exploiting vulnerabilities in outdated software. MuddyWater will try to remain...

Play ransomware alert: 300 entities affected, including critical infrastructureThe modus operandi of the Play cybercriminal group and advice for countering its attacksThe FBI, CISA and ASD's ACSC warn against the activities of the Play ransomware cybercriminal group, responsible for cyber breaches globally. The group uses data stolen before the attack as a threat to demand ransom. Agencies recommend implementing multi-factor authentication, software updates, and recovery...

Quishing: defense strategies against QR Code scamsThe growing threat of Quishing: how to protect yourself and navigate safelyThe article addresses the phenomenon of "quishing", online scams using QR Codes. These are scams that induce users to share sensitive data or download malicious software. The FTC suggests precautions for users and experts underline the importance of conscious use of QR Codes.

Critical security update on iOS 17.2Fighting bluetooth threats: Apple fixes critical vulnerabilities with new iOS 17.2 updateThe article describes how a recent iOS update fixed major security vulnerabilities related to Safari and the iPhone kernel. It also highlights how hackers exploited weaknesses in the Bluetooth protocol to launch DoS attacks on the device. Finally, we discuss the role of the manufacturers of Flipper Zero,...

Microsoft identifies Storm-0539 threat in gift card fraudStorm-0539: Sophisticated attacks bypass MFA protection and put gift cards at riskMicrosoft has warned of an increase in malicious activity from the Storm-0539 cyber threat group, which uses sophisticated phishing strategies. After obtaining the first credentials, they manage to bypass MFA protection and access sensitive information.

Critical RCE vulnerability discovered in Apache Struts 2: recommendations and fixesTechnical look at the RCE threat: details, implications and how to protect yourselfHackers are attacking Apache Struts 2, which is vulnerable due to a Remote Code Execution (RCE) flaw. The vulnerability, known as CVE-2023-50164, allows an attacker to upload a malicious file, resulting in an attack. Struts users are advised to update to the correct version as soon as possible to avoid...

The new face of ransomware gangsChallenge to corporations: ransomware gangs go corporateRansomware hackers are changing their tactics, adopting an almost corporate approach to the media. Some groups, such as Royal, the Play, and RansomHouse, actively seek to correct false information about them and put pressure on their victims by publicly exposing them.

Microsoft reports abuse of OAuth for crypto mining and phishingExploiting OAuth for illicit activities: attackers adapt to emerging technologiesMicrosoft has discovered that criminals are using OAuth infrastructure to conduct phishing and cryptocurrency mining attacks, leveraging compromised user accounts to create or alter OAuth applications. Microsoft suggests implementing multi-factor authentication and periodic checks to prevent such...

DeepMind reveals flaw in AI memoriesA critical vulnerability in AI: extractable storage identified in ChatGPTDeepMind has discovered a vulnerability in OpenAI's ChatGPT that can reveal sensitive information stored during its training. Through the repeated use of specific words, the AI could reveal personal data, NSFW content, and more. OpenAI has already taken steps to address the issue.

Generative AI: a new frontier of cybercrimeDouble challenge: the ambivalent role of generative artificial intelligence in cybersecurityThe article explores the risks and opportunities of GAIA (generative artificial intelligence) in cybersecurity. While AI can enhance defense against cyber attacks, it can also arm cybercriminals with more sophisticated tools. Therefore, defense strategies must include sound human training and international...