Cybersecurity, CISA releases 3 new ICS advisories on vulnerabilities
They are linked to Advantech iView, AVEVA InTouch Access Anywhere, and Rockwell Automation Logix controllers.
Cybercrime, Formbook conveyed via false hotel booking
The email rar attachment contains an exe file: the malware.
Cybercrime, the AgentTesla beauty products-themed campaign intensifies
In 3 days, as many emails arrived. The text is always the same, change the name of the attachment. A rar with an exe inside: the malware.
Cybercrime, multi-malware campaign via fake purchase order
The xls attachment of the email first downloaded Putty and now Formbook. It is not excluded that it is targeted.
Cybercrime, AgentTesla again through real companies in Turkey
The .bz attachment of the email about a purchase order contains the exe: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, new wave of the Docusign phishing campaign via contract
The link in the email points to a fake Word page where the user is pre-set and only the password needs to be entered. Warning, it's a scam!
Cybercrime, credentials of around 500 million WhatsApp users are exposed
Check Point cybersecurity experts: The leaked database is a re-use of an older 2019 Facebook leak, but it’s still dangerous for vishing and smishing.
Cybercrime, beauty products are the new vehicle for AgentTesla
The rar attachment in the fake email from a real UK company contains an exe: the malware. The stolen data is exfiltrated via FTP to a domain in Iran.
Cybercrime, Lazarus spreads Applejeus via fake cryptocurrency apps
Volexity cybersecurity experts: The North Korea’s APT uses a fake trading website, that mimic a legit one, and DLL Side-loading to distribute the malware.
Cybercrime, fake Docusign email spreads a new global phishing campaign
It asks to open a link to revise an agreement. It lands to a website that simulates the victim’s organization homepage, in which the user has only to digit the password.