Canada’s spy agency used a court-approved warrant to neutralize two foreign-run botnets abusing routers, servers, and IoT devices.
Category: cybercrime/malcode
WhatsApp phishing attack uses fake business docs to hack PCs
An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access.
The threat actor is using file names that indicate business and financial documents delivered by the victim’s contacts, whose accounts had been compromised.
By downloading and executing the malicious attachments, the recipient starts an infection chain that leads to installing the legitimate ManageEngine Endpoint Central, which is used by IT administrators to manage systems from a centralized dashboard.
Klue OAuth breach victim list grows as Icarus hackers claim attack
Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, as the new “Icarus” extortion group publicly claims the attack.
The disclosure comes after cybersecurity firms Huntress and ReliaQuest detailed how attackers abused compromised Klue Battlecards integrations to steal Salesforce CRM data from multiple organizations.
In a statement published this week, Klue CEO Jason Smith confirmed that the company discovered unauthorized activity on June 12 affecting part of Klue’s integration infrastructure.
Spin-orbit torque hardware creates random keys and reveals unauthorized access attempts
The information exchanged by modern devices is typically protected by cryptographic techniques, approaches that convert readable data into scrambled, unreadable code that can only be deciphered by authorized parties or devices. To descramble encrypted data, devices or accounts need access to randomly generated cryptographic keys, unique, randomly generated sequences of binary code, letters or numbers that are essential for encrypting or decrypting data.
To detect cyberattacks, most traditional hardware security systems monitor the power consumption, electrical signals or other changes in devices. However, cyberattackers have devised effective techniques that sometimes allow them to bypass these systems’ defenses.
Researchers at Huazhong University of Science and Technology and Hubei University recently introduced a new hardware security system based on spin-orbit torque (SOC) devices, technologies that operate by leveraging both electrical charge and a quantum property known as electron spin.
Klue OAuth breach linked to ‘Icarus’ Salesforce data theft attacks
Market intelligence platform Klue suffered a OAuth breach that enabled the “Icarus” threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign.
Sources told BleepingComputer of the attack yesterday, telling us that numerous organizations had their Salesforce data stolen and were now being extorted by the relatively new extortion group.
Cybersecurity firms ReliaQuest and Huntress have both published reports confirming the security incident, with Huntress stating that their Salesforce data was stolen in the attack.
Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp
International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime group.
This joint action (supported by Europol and Eurojust) was part of Operation Endgame, a major law enforcement operation targeting cybercrime now aimed at disrupting a key infection chain linked to Evil Corp.
Authorities from the Netherlands (NHCTU), Canada (RCMP), the United States (FBI), and Germany (BKA) cleaned SocGholish malware infections from 14,971 compromised WordPress websites and took 106 servers and domains offline.