In a new twist on phishing tactics, ESET analysts have uncovered a series of sophisticated campaigns targeting mobile users by leveraging Progressive Web Applications (PWAs). This use of PWAs, which are essentially websites functioning as standalone apps, sets this phishing campaign apart. Unlike traditional phishing techniques, these attacks instruct iOS users to add the PWA to their home screens, while Android users are prompted to install a WebAPK. The key concern is that these phishing applications do not require users to approve third-party installations, bypassing typical security warnings. On Android, the phishing WebAPK even apes a legitimate Google Play installation…
Author: ISB Staff Reporter
A sophisticated cloud extortion campaign has compromised over 110,000 domains by exploiting misconfigured servers with exposed .env files containing Amazon Web Services (AWS) credentials. By scanning for exposed .env files on unsecured web applications, threat actors were able to obtain AWS Identity and Access Management (IAM) access keys. According to Cyble’s threat intelligence platform, these .env exposures might be more prevalent than anticipated. The platform has detected nearly 1.5 million publicly exposed .env files since January 2024, indicating a systemic issue. From the 110,000 domains, the attackers managed to extract over 90,000 unique variables from the compromised .env files, with…
Microchip Technology Inc. announced Tuesday that it had been targeted by a cyberattack, prompting the US chipmaker to shut down some systems and reduce its operations. According to a regulatory filing, Microchip, a key supplier to the US defense industry, detected unusual activity in its IT systems on 17 August. By 19 August, Microchip confirmed that certain servers and business operations had been compromised. This breach occurs amid a global race for chip market dominance, driven by national security concerns and efforts to avoid the supply chain disruptions experienced during the pandemic. In a similar incident two months ago, Taiwanese…
FlightAware, a provider of real-time flight tracking information, has informed users of a data security incident that may have exposed personal information. The company is taking precautionary measures by requiring all potentially impacted users to reset their passwords. The incident, discovered on 25 July 2024, was caused by a configuration error that may have inadvertently exposed sensitive information stored in users’ FlightAware accounts. This information includes user IDs, passwords, email addresses, and other personal details such as full names, billing and shipping addresses, IP addresses, social media accounts, telephone numbers, year of birth, the last four digits of credit card…
In a joint statement, the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) have warned about heightened Iranian efforts to interfere in the upcoming US elections. The statement highlights Iran’s continued attempts to undermine confidence in American democratic processes and influence the election process. The intelligence community has noted increasingly aggressive activity by Iran, including influence operations targeting the American public and cyber operations directed at Presidential campaigns. Importantly, the agencies attribute recent cyberattacks on former President Donald Trump’s campaign to Iranian operatives, indicating a broader…
The cybersecurity landscape is marked by sophisticated malware strains designed to harvest sensitive data, get a foothold on company networks, and generally wreak havoc. A new report from ReliaQuest examines five malware variants that have recently impacted the threat landscape or may do so in the near future: “LummaC2,” Rust-based stealers, “SocGholish,” “AsyncRAT,” and “Oyster.” ReliaQuest’s Threat Research team analyzed customer incident data, external industry reporting, and cybercriminal forums to identify the most pressing malware threats that warrant proactive responses from customers due to their past use, anticipated future deployment, interest on the dark web, and ability to bypass defenses…
Claims on cyber insurance have dropped by more than a third between 2022 and 2024, despite more organizations than ever having this type of cover. This was revealed in Databarracks’ Data Health Check – an annual survey of 500 UK IT decision-makers. Two-thirds (66%) of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years. However, as more organisations take out policies, 36% made a claim this year, falling from 58% in 2022. According to Jammes Watts, MD of Databarracks, these findings are likely linked to an increasing number of ransomware recoveries.…
In a year marked by significant shifts in the cybercrime landscape, 2024 is on track to become the highest-grossing year for ransomware, even as overall illicit activity on the blockchain has declined by nearly 20% year-to-date. This trend highlights the growing severity and sophistication of ransomware attacks, which continue to extort larger payments from victims, particularly those in critical infrastructure and large corporations. Ransomware Payments Reach New Heights One of the most alarming developments in 2024 is the record-breaking increase in ransomware payments. This year has already seen the largest single ransomware payment ever recorded, a whopping $75 million made…
Background check provider National Public Data (NPD) has confirmed a data breach after hackers leaked a stolen database containing millions of Social Security numbers and other sensitive information. The compromised data reportedly includes names, email addresses, phone numbers, Social Security numbers (SSNs), and mailing addresses. The breach has been linked to a hacking attempt from late 2023. NPD acknowledged data leaks in April and summer 2024, attributing them to the same threat actor responsible for the December 2023 incident. The company has since investigated the breach, cooperated with law enforcement, and reviewed the affected records. If significant developments arise, impacted…
Sophos researchers have uncovered a new tool, EDRKillShifter, that malicious actors are using to target endpoint detection and response (EDR) systems. The discovery came after an unsuccessful ransomware attack in May. The threat actors deployed the tool to disable endpoint protection software and execute the notorious RansomHub ransomware. The attack failed when Sophos’ protection systems detected and blocked the ransomware. According to Sophos, this tool is a significant evolution in malware that targets EDR systems as more businesses are investing in these technologies to protect themselves from cyber threats. Since 2022, Sophos has seen a rise in malware designed to…
