In a concerning development, TeamViewer, one of the world's leading remote access software providers, has disclosed a cyber attack that breached its corporate network environment. The incident was first detected on June 26, 2024, when TeamViewer's security team identified irregularities in their internal IT infrastructure. Responding swiftly, TeamViewer activated its incident response procedures and engaged renowned cybersecurity experts to investigate and mitigate the breach.

Polyfill.js is a Javascript library that helps old browsers run new modern features which these old browsers do not support natively. The library is popular among developers for helping them offer consistent user experience regardless of the browser environment the user is using. In February 2024, a Chinese company bought the domain polyfill.io and the Github account associated with it. Since then, they’ve been serving malware via cdn.polyfill.io as pointed by the team at Sansec.

Earlier this year, a Chinese company named Funnull acquired the polyfillio. Due to this acquisition, this code was used to redirect mobile visitors to scam sites. Over 100,000 websites using the previously popular Polyfill JS open-source project are vulnerable to attacks that redirect traffic to sports betting and pornography sites.

A critical exploit just hit the scene, targeting cdn.polyfill.io, a popular domain for polyfills. Over 110,000 websites have been compromised by this attack, embedding malware into JavaScript assets. But don’t worry, we’ve got your back.

Do you remember the last time you didn’t have water? Reliable water delivery is something many of us take for granted. Our local water treatment plant sits at the edge of our neighborhood, and I pass it every day on my way to take the kids to school. Not a lot seems to go on there, so it never occurred to me that I should be concerned about an attack on this critical infrastructure. What does occur to me is the possibility of a cyberattack on our water system.

CDK Global, a company that provides software for thousands of auto dealers, was hit by back-to-back cyberattacks on June 19. These attacks led to an outage that continued to impact many of their sales operations on Friday, according to the Associated Press. CDK told multiple news outlets that it is "actively investigating a cyber incident," and the company shut down all of its systems out of an abundance of caution.

Here’s what you need to know about the progression of the Polyfill supply chain attack and how to respond.

The recent attack on Snowflake accounts underscores a critical lesson for all cloud users: securely managing identities and access is paramount under the shared responsibility model. As more organizations leverage cloud services, it’s essential to understand that security is a collaborative effort between the service provider and the customer.

In 2021, Amazon suffered a financial setback of around $34 million due to a one-hour system outage that led to a considerable loss in sales. Meta suffered a loss of nearly $100M because of Facebook’s 2021 outage. The consequences of downtime can be severe, and businesses of all sizes and governments can be affected. A DDoS attack can bring a business to a complete standstill for hours, leading to a substantial loss in revenue.

On June 25, 2024, the Sansec security research and malware team announced that a popular JavaScript polyfill project had been taken over by a foreign actor identified as a Chinese-originated company, embedding malicious code in JavaScript assets fetched from their CDN source at: cdn.polyfill.io. Sansec claims more than 100,000 websites were impacted due to this polyfill attack, including publicly traded companies such as Intuit and others.

In a recent cybersecurity incident, tens of thousands of Levi's customers had their accounts compromised following a credential stuffing attack. According to a notice published on the Maine Office of the Attorney General's website, 72,231 individuals were potentially impacted by the breach on June 13. Incident Details On June 13, Levi's detected unusual activity on their website, indicating a credential stuffing attack.

The Sansec.io research team warned today that a script from the polyfill.io domain and service, which was purchased earlier this year by a Chinese company named ‘Funnull’, has been modified to introduce malicious code on websites in a supply chain attack. Currently over 100,000 sites could be impacted.

Recent research by Trustwave SpiderLabs, detailed in their newly published report "2024 Professional Services Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies," reveals a surge in ransomware, supply chain, and technologically sophisticated attacks aimed at the professional services industry.

Over 11 million phishing attacks have been reported to the UK’s Suspicious Email Reporting Service (SERS) over the past year, according to new data from Action Fraud. The UK’s National Cyber Security Centre has also taken down more than 329,000 phishing sites since the SERS program started in 2020.

A crafty group of cybercriminals has been relentlessly pursuing Mexican banks, cryptocurrency platforms and other organizations in an extended campaign stretching back over two years. Their weapon of choice? A heavily customized version of the AllaKore remote access trojan (RAT). These threat actors are ruthlessly targeting any large Mexican enterprise they can get their hands on. With a sweet spot for companies pulling in over $100 million in annual revenue, they're not messing around with small fry.

Atlas Oil, a major player in the oil and fuel distribution industry, fell victim to a ransomware attack orchestrated by the Black Basta group. This attack not only compromised sensitive company data but also exposed a variety of documents that could potentially harm the company’s operations and reputation. Overall, Black Basta claims to have exfiltrated approximately 730 GB of data.

On June 19, 2024, CDK Global notified customers that a cyber incident had led to a shutdown of its systems, significantly impacting car dealerships across the United States. CDK Global serves nearly 15,000 dealership locations, and the incident caused substantial disruption, forcing car dealerships to halt operations and revert to manual processes. Dealerships were initially notified about the incident around 2AM Eastern time on June 19, 2024, with an update at 8AM confirming the incident.

In 2016, the Large Hadron Collider in Switzerland fell prey to a vicious and devastating attack.

Cybersecurity researchers have uncovered a malicious Python package in the Python Package Index (PyPI) repository designed to distribute an information stealer known as Lumma (aka LummaC2). The counterfeit package, crytic-compilers, mimics the legitimate crytic-compile library through typosquatting tactics. Before its removal by PyPI maintainers, the counterfeit package was downloaded 441 times. Impersonation and Deception Tactics.

Mandiant has published a report looking at cyber threats targeting Brazil, finding that more than 85% of government-backed phishing activity comes from threat actors based in China, North Korea and Russia. “The Brazil-focused targeting of these groups mirrors the broader priorities and industry targeting trends we see elsewhere,” the researchers write.

The UEFA League, alternatively known as Euro 2024, has officially started, marking a thrilling period for football fans worldwide. The unmatched enthusiasm for watching the matches, whether through digital screens or by experiencing the live vibe in the stadiums, has filled the air. However, this surge in excitement isn’t solely confined to sports fans but has also caught the attention of threat actors.

The exploitation of cloud services is a flexible weapon in the hands of attackers, so flexible that we uncover new campaigns abusing legitimate apps on a daily basis.

Some organizations are just beginning their migration to the cloud, while others are already firmly settled there, but almost everyone is in the cloud in some capacity by now. And for good reason: the cloud creates substantial advantages in speed, scalability, and cost. But the sobering reality is that modern threat actors have also made gains from migrating to the cloud. By weaponizing cloud automation, these threat actors can fully execute an attack in 10 minutes or less.

The cyber threat landscape is constantly evolving, with new threat actors emerging and expanding their targets. Cybersecurity researchers have recently revealed information about a threat actor named Sticky Werewolf, who has been associated with cyber attacks on organizations in Russia and Belarus. This development highlights the critical need for robust cybersecurity measures, including stolen credentials detection, darknet monitoring services, and dark web surveillance.

A new phishing campaign is exploiting the eSignature platform Yousign. There have been plenty of phishing attacks that leverage legitimate platforms to help establish credibility with security solutions – including online email services, web hosting, payment processors and more.

When it comes to cybercrime, there are few tactics as useful and widespread as credential theft and the use of stolen credentials. In the 2023 breach of password management giant Okta, it was a set of credentials that jumpstarted the incident — threat actors hacked into an employee’s personal Google account, where they found an Okta customer service account had also been saved.

The cybersecurity landscape has recently been shaken by a surge in activity involving a Mirai distributed denial-of-service (DDoS) botnet variant known as CatDDoS. Over the past three months, threat actors have aggressively exploited more than 80 vulnerabilities to spread this malware. In this blog, we explore the recent CatDDoS attacks, the targeted sectors, and the implications for cybersecurity practices.

Earlier this year we stated that bot attacks can be run by anyone, from skilled individuals to organised gangs. Bots can hit websites for a number of reasons. Common attacks include credential cracking to account takeover, to scalping. These bots have the power and capability to conduct multiple attacks repeatedly. Those actions have long seen standard for bots though, so what is new in the world of bot attacks? What is making these attacks more sophisticated?

An increasing number of phishing campaigns from several threat groups are being tracked as they leverage legitimate Cloudflare services as part of account compromise attacks. Security analysts at Netskope take an expository look at the misuse of Cloudflare services for the purpose of enabling phishing attacks that leverage HTML Smuggling and Transparent Phishing tactics. We’ve seen HTML Smuggling attacks for several years, including its continued use this year.