Josh Breaker Rolfe

A sophisticated cyberattack using the SmokeLoader malware targeted multiple industries in Taiwan in September 2024, new research from FortiGuard Labs has revealed. SmokeLoader is notorious for its versatility, advanced evasion techniques, and modular design, which allow it to perform a wide range of attacks. Attackers have traditionally used SmokeLoader as a downloader to deliver other malware; in this case, it carries out the attack itself by downloading plugins from its C2 server. Impacted industries include manufacturing, healthcare, and information technology. Launching the Attack Attackers initiated the attack using phishing emails, which, despite containing convincing, localized language, were sent to multiple…

Spearphishing attacks with links and attachments increased in Q3 2024, accounting for 46% of security incidents, ReliaQuest’s Top Cyber Attacker Techniques report has revealed. Initial access methods like spear phishing were the most common MITRE ATT&CK techniques last quarter and have remained so in Q3 2024. According to ReliaQuest, high employee turnover and the accessibility of phishing kits on cybercriminal forums are driving the persistence of these attacks. “Even if employees are properly trained to recognize the signs of phishing, the constant influx of untrained new hires creates opportunities for cybercriminals,” the report said. “Despite the importance of employee training, sometimes…

Cloudflare’s Pages and Workers platforms have experienced a surge of malicious activity in the past year, research from Fortra’s Suspicious Email Analysis (SEA) team has revealed. Phishing incidents on Cloudflare Pages have surged nearly 200% over the past year, while abuse of Cloudflare Workers has increased by 104%. These findings indicate that cybercriminals are increasingly exploiting Cloudflare’s popular web hosting services to facilitate phishing schemes, data exfiltration, and other malicious attacks. Cloudflare Pages and Phishing Activity Cloudflare Pages is a platform for developers to deploy static websites, supported by Cloudflare’s global content delivery network (CDN). It provides features such as…

Ransomware attacks on the healthcare sector surged in 2024, analysis from SafetyDetectives reveals. The year has already seen 264 attacks on healthcare providers by September, nearly surpassing the 268 attacks recorded for all of 2023. Escalating Cyber Threats SafetyDetectives argues that the growing number of ransomware groups and variants in 2024 contributed to the increasing number of attacks on the healthcare sector. In 2023, 68 active groups were responsible for nearly 4,841 attacks globally. This year, 87 groups averaged 394 monthly attacks. The report also reveals that cybercriminals are changing tactics: cybersecurity experts discovered 177 new ransomware variants between April…

A malicious package on the Python Package Index (PyPi) has been quietly exfiltrating Amazon Web Service credentials from developers for over three years, a new report from cybersecurity researchers at Socket has revealed. The package “fabrice” is a typosquat of the popular Python library “fabric” used for executing remote shell commands. It has been downloaded more than 37,000 times and, despite detection, remains available on PyPi. For Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, the long-term nature of the campaign suggests a calculated approach by advanced threat actors. “This approach aligns with a trend where attackers prioritize persistent access over…

Despite the recent takedown of the RedLine malware variant and a crackdown on “problematic” Telegram content, the credential abuse market is as vibrant as ever. This was revealed by new research from ReliaQuest. According to the company, cybercriminals appear undeterred by Telegram CEO Pavel Drurov’s recent arrest, promise to remove problematic content, and announcement of a more proactive approach to complying with government requests. Bad actors have long used Telegram, an end-to-end encrypted online messaging service, as a marketplace for selling stolen credentials. Despite Drurov’s promise to share user information with law enforcement, they continue to do so. ReliaQuest’s researchers observed…

Software supply chain company JFrog revealed on Monday that it had discovered 22 software vulnerabilities across 15 machine learning-related open-source software projects. The results, presented in JFrog’s latest ML Bug Bonanza blog, shed light on the security challenges organizations face as they accelerate AI and ML adoption and highlight the need for more robust protections. The blog post showcases the ten most severe server-side vulnerabilities and the techniques attackers are using to exploit them. According to the blog, those vulnerabilities would allow attackers to: “These vulnerabilities allow attackers to hijack important servers in the organization such as ML model registries,…

A staggering 70% of exploited vulnerabilities in 2023 were leveraged as zero days, meaning threat actors exploited the flaws in attacks before the impacted vendors knew of the bug’s existence or had been able to patch them. In addition, the average Time-to-Exploit (TTE) fell from 32 to just five days. These were two of the findings of new research that also revealed a shift in ratios between n-day (vulnerabilities first exploited after patches are available) and zero-day vulnerabilities in the past few years. Throughout 2021 and 2022, analysts observed a 38/62 split between n-day and zero-day vulnerabilities. By 2023, the…

A staggering 44% of CISOs were unable to detect a data breach in the last 12 months using existing security tools. Moreover, nearly three-quarters (70%) of CISOs feel their current security tools are ineffective at detecting breaches due to limited visibility. These were two of the findings of a recent report from Gigamon that surveyed more than 1000 global security and IT leaders. Modern cybersecurity is about differentiating between acceptable and unacceptable risk,” says Chaim Mazal, CSO at Gigamon. “Our research shows where CISOs are drawing that line, highlighting the critical importance of visibility into all data-in-motion to secure complex hybrid…

The Court of Justice for the European Union (CJEU) has ruled that Meta Platforms, the owner of Facebook, must minimize the amount of people’s data it uses for personalized advertising. “An online social network such as Facebook cannot use all the personal data obtained for the purposes of targeted advertising, without restriction as to time and without distinction as to type of data,” the CJEU said in a ruling last Friday. The ruling comes in response to a complaint made by privacy campaigner Max Schrems, who said he was targeted with adverts aimed at gay people despite never sharing information…