Daily Cyber Brief

Polonium attacked Israeli targets with several custom backdoors, drones are now being used to deploy spyware while in flight, and QBot malware infects over 800 corporate users...

Cybersecurity

Report: Lebanon-based hacking group attacked Israeli targets with custom backdoors

The advanced persistent threat (APT) group known as Polonium attacked more than a dozen organizations using at least seven custom backdoors since September of last year, according to a new report from ESET. The Slovakia-based cybersecurity firm found the group focused…

US election workers slammed with phishing, malware-stuffed emails

Election workers in US battleground states have been hit by a surge in phishing and malware-laced emails in the run up to their primaries and the upcoming 2022 midterm elections. That's according to Trellix security researchers, who said malicious emails sent to Arizona…

QBot Malware Infects Over 800 Corporate Users in New, Ongoing Campaign

More than 800 corporate users have been infected in a new QBot malware distribution campaign since September 28, Kaspersky warns. Also known as Qakbot and Pinkslipbot, QBot is an information stealer with backdoor and self-spreading capabilities that has been…

Google Forms abused in new COVID-19 phishing wave in the U.S.

COVID-19-themed phishing messages are once again spiking in the U.S. following a prolonged summer hiatus that appears to be over. According to a report by email security company INKY shared with BleepingComputer before publication, the malspam volumes…

Airborne Drones Are Dropping Cyber-Spy Exploits in the Wild

Once limited to abstract academic conversation among cybersecurity enthusiasts, drones loaded with cyber-spying equipment are now being used in the real world to breach networks and steal information. Cybersecurity researcher Greg Linares shared a Twitter thread…

Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens…

Unofficial WhatsApp Android app caught stealing users’ accounts

A new version of an unofficial WhatsApp Android application named 'YoWhatsApp' has been found stealing access keys for users' accounts. YoWhatsApp is a fully working messenger app that uses the same permissions as the standard WhatsApp app and is promoted through…

Hackers Using Vishing to Trick Victims into Installing Android Banking Malware

Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian…

Crypto trading platform Mango Markets drained of more than $100 million in flash loan attack

Mango Markets — a cryptocurrency trading platform — was robbed of more than $100 million on Tuesday night after a hacker used a flash loan attack to exploit the platform. The attack is one of a series of recent high-profile thefts from platforms that have sent shockwaves…

Microsoft Defender adds command and control traffic detection

Microsoft has added command-and-control (C2) traffic detection capabilities to its Microsoft Defender for Endpoint (MDE) enterprise endpoint security platform. Available in public preview at the moment, this new MDE feature will allow security admins to detect malware…

Daily Cyber Brief

Polonium attacked Israeli targets with several custom backdoors, drones are now being used to deploy spyware while in flight, and QBot malware infects over 800 corporate users...

Cybersecurity

Join the conversation

Overt Operator