Welcome to another Afternoon Dessert breakout:
Threat hunting with MITRE ATT&CK and Wazuh
Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay dormant in an organization's infrastructure, extending their access while waiting for the right
Read more....
Google Search results poisoned with torrent sites via Data Studio
Threat actors are abusing Google's Looker Studio (formerly Google Data Studio) to boost search engine rankings for their illicit websites that promote spam, torrents, and pirated content. [...]
Read more....
LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities
The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities," Cisco Talos researcher Chris Neal said in a write-up published Thursday. Aside from being dropped
Read more....
Meta Reportedly Fires Dozens of Employees for Hijacking Users' Facebook and Instagram Accounts
Meta Platforms is said to have fired or disciplined over two dozen employees and contractors over the past year for allegedly compromising and taking over user accounts, The Wall Street Journal reported Thursday. Some of these cases involved bribery, the publication said, citing sources and documents. Included among those fired were contractors who worked as security guards at the social media
Read more....
Chinese hackers use Google Drive to drop malware on govt networks
State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide. [...]
Read more....
US charges BEC suspects with targeting federal health care programs
The U.S. Department of Justice (DOJ) has charged ten defendants for their alleged involvement in business email compromise (BEC) schemes targeting numerous victims across the country, including U.S. federal funding programs like Medicare and Medicaid. [...]
Read more....
Black Friday and retail season – watch out for PayPal “money request” scams
Don't let a keen eye for bargains lead you into risky online behaviour...
Read more....
S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]
Latest episode - listen now! Cybersecurity news plus loads of great advice...
Read more....
Threat hunting with MITRE ATT&CK and Wazuh
Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay dormant in an organization's infrastructure, extending their access while waiting for the right
Read more....
Google Search results poisoned with torrent sites via Data Studio
Threat actors are abusing Google's Looker Studio (formerly Google Data Studio) to boost search engine rankings for their illicit websites that promote spam, torrents, and pirated content. [...]
Read more....
LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities
The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities," Cisco Talos researcher Chris Neal said in a write-up published Thursday. Aside from being dropped
Read more....
Meta Reportedly Fires Dozens of Employees for Hijacking Users' Facebook and Instagram Accounts
Meta Platforms is said to have fired or disciplined over two dozen employees and contractors over the past year for allegedly compromising and taking over user accounts, The Wall Street Journal reported Thursday. Some of these cases involved bribery, the publication said, citing sources and documents. Included among those fired were contractors who worked as security guards at the social media
Read more....
Chinese hackers use Google Drive to drop malware on govt networks
State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide. [...]
Read more....
US charges BEC suspects with targeting federal health care programs
The U.S. Department of Justice (DOJ) has charged ten defendants for their alleged involvement in business email compromise (BEC) schemes targeting numerous victims across the country, including U.S. federal funding programs like Medicare and Medicaid. [...]
Read more....
Black Friday and retail season – watch out for PayPal “money request” scams
Don't let a keen eye for bargains lead you into risky online behaviour...
Read more....
S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]
Latest episode - listen now! Cybersecurity news plus loads of great advice...
Read more....