The attackers rely on search engine optimization (SEO) poisoning to direct users to fraudulent download pages for apps like Signal, Line, and Gmail, which deliver ZIP files containing executable malware.

Disguised as a benign application, LummApp deploys malicious browser extensions capable of exfiltrating data, capturing screen activity, manipulating clipboard contents, and tracking user browsing behavior.

MoqHao, also known as Wroba and XLoader, is a mobile malware family linked to Roaming Mantis, a cybercrime group believed to be operating out of China. Malicious payloads are usually delivered through SMS phishing attacks targeting mobile devices.

The ongoing threat campaign known as VEILDrive is utilizing Microsoft services such as Teams, SharePoint, Quick Assist, and OneDrive in its operations to distribute spear-phishing attacks and store malware.

The attackers use spear-phishing lures and watering hole campaigns to infiltrate networks and collect sensitive data. Huntress identified four compromised hosts in recent attacks, linking them to Cobalt Strike Beacons and encrypted DLL payloads.

XenoRAT is being used by North Korean hackers and other actors targeting the gaming community. It is being spread through .gg domains and a GitHub repository disguised as Roblox scripting tools.

The vulnerability is rooted in the fact that a domain delegation configuration is determined by the service account resource identifier (OAuth ID), and not the specific private keys associated with the service account identity object.

The 2022 Best Practices describe steps manufacturers can take to improve vehicle cybersecurity in light of emerging risks, taking into account both technological developments as well as other voluntary industry information security standards.

If made final, the Draft Measures would apply to cross-border transfers of personal information and “important data” collected and generated in China under certain circumstances.

The Guidelines complement the initial Guidelines on personal data breach notification under the EU General Data Protection Regulation (“GDPR”) adopted by the Article 29 Working Party in February 2018.