Daily Cyber Brief

Cozy Bear abuses Azure and Microsoft 365 users, TA558 sets sights on hospitality and travel organizations, and a new Grandoreiro malware campaign targets Spanish manufacturers...

Cybersecurity

NSO chief steps down as Israeli spyware firm restructures

The chief executive of embattled Israeli spyware maker NSO has stepped down as part of a corporate reorganization, the company announced Sunday. NSO has been connected to a number of scandals resulting from alleged misuse by customers of its flagship Pegasus phone…

Hacktivism and DDOS Attacks Rise Dramatically in 2022

According to the first half of the 2022 H1 Global Threat Analysis Report released by Radware this past week, cyber attacks have grown and evolved as a result of the Russian invasion of Ukraine. Here are two of the main findings: DDoS attacks rise dramatically - The first six…

An encrypted ZIP file can have two correct passwords — here's why

Password-protected ZIP archives are common means of compressing and sharing sets of files—from sensitive documents to malware samples to even malicious files (i.e. phishing "invoices" in emails). But, did you know it is possible for an encrypted ZIP file to have two correct…

Russian APT29 hackers abuse Azure services to hack Microsoft 365 users

The state-backed Russian cyberespionage group Cozy Bear has been particularly prolific in 2022, targeting Microsoft 365 accounts in NATO countries and attempting to access foreign policy information. Microsoft 365 is a cloud-based productivity suite…

CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a critical SAP security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The issue in question is CVE-2022-22536, which has received the…

Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug

Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers. When customers would deposit or purchase cryptocurrency via the ATM, the funds would instead be siphoned off by the hackers. General Bytes…

TA558 cybercrime group targets hospitality and travel orgs

TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality…

WordPress sites hacked with fake Cloudflare DDoS alerts pushing malware

WordPress sites are being hacked to display fake Cloudflare DDoS protection pages to distribute malware that installs the NetSupport RAT and the RaccoonStealer password-stealing Trojan. DDoS (distributed denial of service) protection screens are commonplace…

New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers

Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan. "In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico…

241 npm and PyPI packages caught dropping Linux cryptominers

More than 200 malicious packages have been discovered infiltrating the PyPI and npm open source registries this week. These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers…

Daily Cyber Brief

Cozy Bear abuses Azure and Microsoft 365 users, TA558 sets sights on hospitality and travel organizations, and a new Grandoreiro malware campaign targets Spanish manufacturers...

Cybersecurity

Join the conversation

Overt Operator