Somcert

Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud

Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that’s behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. “Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate,” the company said in its latest Cyber Signals report. “We’ve seen some examples where the […]
Read More

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. “This cluster of activity spanned from late 2023 to April 2024 and is anticipated to persist,” the BlackBerry Research and Intelligence Team said in a technical report published earlier […]
Read More

Beware: These Fake Antivirus Sites Spreading Android and Windows Malware

Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. “Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from […]
Read More

Zoom Adding Post-Quantum End-to-End Encryption to Products

Video communications giant Zoom announced on Tuesday that post-quantum end-to-end encryption (E2EE) has been added to Zoom Workplace. The feature, which leverages the Kyber 768 key encapsulation method, is currently available worldwide in Zoom Meetings, with Zoom Phone and Zoom Rooms coming soon. Zoom claims it is the first unified communications-as-a-service company to offer a post-quantum E2EE […]
Read More

Critical Flaw in AI Python Package Can Lead to System and Data Compromise

A critical vulnerability discovered recently in a Python package used by AI application developers can allow arbitrary code execution, putting systems and data at risk. The issue, discovered by researcher Patrick Peng (aka retr0reg), is tracked as CVE-2024-34359 and it has been dubbed Llama Drama. Cybersecurity firm Checkmarx on Thursday published a blog post describing the vulnerability and […]
Read More

Microsoft Quick Assist Tool Abused for Ransomware Delivery

Cybercriminals who have been using the Black Basta ransomware have been observed abusing the remote management tool Quick Assist in vishing (voice phishing) attacks, Microsoft reports. Active since 2022 and believed to have hit over 500 organizations globally, Black Basta is a ransomware-as-a-service (RaaS) that likely received over $100 million in ransom payments from its victims. Last […]
Read More

New Case Study: The Malicious Comment

When is a ‘Thank you’ not a ‘Thank you’? When it’s a sneaky bit of code that’s been hidden inside a ‘Thank You’ image that somebody posted in the comments section of a product page! The guilty secret hidden inside this particular piece of code was designed to let hackers bypass security controls and steal […]
Read More

Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices

A newly identified Android trojan can steal user information and provide attackers with the ability to take control of infected devices, threat detection company ThreatFabric reports. Dubbed Brokewell, the trojan includes all the capabilities of mobile banking malware, while also providing attackers with remote access to devices. Brokewell is being distributed via fake application updates, such […]
Read More

No products in the cart.

Subscribe to our newsletter

Sign up to receive latest news, updates, promotions, and special offers delivered directly to your inbox.
No, thanks