ℹ️ One of the top French newspapers, @LEXPRESS, appears to have a compromised reader subscription portal.
➡️ Victim site: boutique[.]lexpress[.]fr
➡️ Data exfiltration: server-side
We have informed them already.
#Magecart#WebSkimming
Speaking of which, here is an #Ousaban 🇧🇷 banker w. @policiafederal lure that uses @Azure both as a redirect and landing, and the landing page has the zipped malware stored as a blob in the html itself.
https://t.co/b5JNML02Un
2nd stage: https://t.co/C7YxtJXp2M
Interesting #TrickBot gtag rob139. Obfuscated HTML attachment with encrypted zip with obfuscated js in blob (HTML smuggling). HTML redirects to /abc.com if it doesn't like the browser. JS > PS > EXE. EXE requires vcredist to run.
https://t.co/FQBApWcQzj
https://t.co/jSuKEhHfNc
New updates #SharkBot#Android#Banking#Trojan#Malware#Banker
🦠 Version: 1.39.11
📦 md5: beae001d3bbdcf7a05c053e6773f9796
🌐 C2: c2hhcmtlzdq3cg9qqkk.]info
- New command: "collectContacts"
- They've started to encrypt the local DB data
Evil Corp: 'My hunt for the world's most wanted hackers'. Many people on the FBI's Cyber Most Wanted list are Russian. If they left Russia they'd be arrested but at home they appear to be given free rein. Me and @skazal_on went to try to find them https://t.co/EQcdHlzEdh
Based on our Threat Intelligence, ThreatFabric was able to trace the malware dubbed #MasterFred to an older malware family, which we identified in October 2020, under the name #BROX.
https://t.co/hvXYjX8zlB
The spearphishing that targeted bZx is part of a Lazarus / BlueNoroff APT campaign we call SnatchCrypto. It's already been successful at targeting several DeFi's and cryptocurrency businesses and there's no reason to believe they will stop.
[IN SHORT] On Oct 22nd, RU-based PIM Solutions, leading fintech&logistic service provider for e-commerce, exposed its Elasticsearch cluster with 22M+ records of "recipients" (its clients' customers): address/name/phone/email/internalID etc. Quietly secured, no response.
☣ Another #SOVA#Android Banking Trojan sample posing as NHS COVID-19 app, targeting UK 🇬🇧
6c779ef382428fb5d6fca1919552fc42
🔥 C2:
re184edek1nslloaj1fhdskl13asdrf[.]xyz
cc @NCSC@NHSDigital
Malspam using https://t.co/3StVtdrtxM as a lure to distribute #RaccoonStealer malware 🔥
Weaponized Microsoft Word document:
📄 https://t.co/Pwv3cGfeHD
Payload URL (hosted on @discord):
🌍 https://t.co/ZKKoW6De8H
Payload (EXE):
⚙️ https://t.co/ylrqtBRpMy
/cc @GOVUK@NCSC
UK: Over UK£5.5bn of Covid support funds lost to fraud or error. HMRC says nearly 9% of furlough scheme was fraudulently claimed or otherwise wrongly paid out last year. https://t.co/wxHLEQiTHi
NHS Fraud costs all of us over a billion pounds a year
That would allow over 208,000 Knee Replacements to have been carried out
Spot it
Report it
Together we stop it
0800 028 4060
https://t.co/Cuz5q8qV8V
A threat actor known as “Vagabon,” looking to collect PayPal login credentials and credit card info, developed a perfect example of the “Frankenstein” technique - piecing together modular, free, or readily available phishing kits and services. Learn more: https://t.co/4isht79rIM
According to a study by @GroupIB, several #cybercriminal gangs are impersonating underground card shops and other phishing sites to dupe relatively new threat groups for monetary gain. Read the full report by @MihirBagwe: https://t.co/l9oDDaDmOw
#ISMGNews#CybersecurityNews