Cloud Security Alliance News Clipping Site

Tag: attack chain

  • Cisco Talos Blog: New PXA Stealer targets government and education sectors for sensitive information

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/new-pxa-stealer/ Source: Cisco Talos Blog Title: New PXA Stealer targets government and education sectors for sensitive information Feedly Summary: Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia.   AI Summary and Description: Yes Summary: The text discusses a threat…

  • The Register: Winos4.0 abuses gaming apps to infect, control Windows machines

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/08/winos40_targets_windows/ Source: The Register Title: Winos4.0 abuses gaming apps to infect, control Windows machines Feedly Summary: ‘Multiple’ malware samples likely targeting education orgs Criminals are using game-related applications to infect Windows systems with a malicious software framework called Winos4.0 that gives the attackers full control over compromised machines.… AI Summary and Description: Yes…

  • The Register: Samsung phone users under attack, Google warns

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/24/samsung_phone_eop_attacks/ Source: The Register Title: Samsung phone users under attack, Google warns Feedly Summary: Don’t ignore this nasty zero day exploit says TAG A nasty bug in Samsung’s mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google…

  • Cisco Talos Blog: Akira ransomware continues to evolve

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/ Source: Cisco Talos Blog Title: Akira ransomware continues to evolve Feedly Summary: As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group’s attack chain, targeted verticals, and potential future TTPs. AI Summary and Description: Yes **Summary:** The text provides an in-depth analysis of the…

  • Microsoft Security Blog: File hosting services misused for identity phishing

    by

    system automation
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/ Source: Microsoft Security Blog Title: File hosting services misused for identity phishing Feedly Summary: Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities,…

  • Embrace The Red: Spyware Injection Into Your ChatGPT’s Long-Term Memory (SpAIware)

    by

    system automation
    in

    Source URL: https://embracethered.com/blog/posts/2024/chatgpt-macos-app-persistent-data-exfiltration/ Source: Embrace The Red Title: Spyware Injection Into Your ChatGPT’s Long-Term Memory (SpAIware) Feedly Summary: This post explains an attack chain for the ChatGPT macOS application. Through prompt injection from untrusted data, attackers could insert long-term persistent spyware into ChatGPT’s memory. This led to continuous data exfiltration of any information the user…