Android, an operating system developed by Google, has become a staple in our lives, powering smartphones, car systems, tablets, and much more. With over 70% of the mobile OS market share and embedded in over 1.5 billion devices worldwide, the Android platform is an enticing target for threat actors.

Qakbot, also known as Pinkslipbot, Qbot and Quakbot, is a notorious Banking Trojan designed to steal account credentials and online banking session information leading to account takeover fraud. Commonly distributed via malicious unsolicited email (malspam), Qakbot campaigns reportedly deployed ‘Cobalt Strike’ beacons likely in an attempt to move laterally as well as gaining persistency and establishing a robust communication channel back to the threat actor.

The Attack Surface is Growing, and fast. What once was considered the attack surface is no longer. Instead organizations are faced with a sprawling attack surface, including not just domains, IPs and sub-domains, but also third parties, brand risks and more. Businesses in the finance sector face two additional challenges: This blog focuses on banks, FinTech companies and insurance providers, as they are among the largest types of entities in the financial sector.

We’re all familiar with software as a service or platform as a service, but what about Cyber-Crime-As-A-Service? It’s not just the sheer quantity of cyber threats that is increasing at alarming rates, it’s the methods and ease at which cybercriminals are finding to deploy attacks.,

Allow us to set the scene: It’s Wednesday morning, and one of your cyber threat analysts Slacks you to report a profile on social media that is impersonating your organization. The analyst has verified that the threat is part of a phishing campaign and wants to talk about how to approach a phishing takedown. Now, as threats go, this is probably not one that will have you spitting out your coffee.

The Cyberint research team has discovered a new Telegram channel called “The Five Families,” purportedly marking the initiation of collaboration of five distinct threat actor groups: This channel, which was established just a few hours ago, has already amassed nearly 400 subscriptions. Currently, it contains only one message: This message has been shared across the official channels of the above-mentioned collaboration groups, signifying their approval of this joint effort. Allegedly,

Cyber threats are like microbes: They’re constantly evolving, and the defenses that worked against them yesterday may no longer work today. Just as a vaccine crafted for an earlier iteration of a virus may not be effective anymore, the cybersecurity tools and processes that shut down risks in the past might not be enough to keep your business safe today. That’s why Continuous Threat Exposure Management, or CTEM, is a critical component of any cybersecurity strategy.

GhostSec has reported a successful breach of the FANAP Behnama software, which they describe as the “Iran regime’s very own Privacy-invading software”. This breach has resulted in the exposure of approximately 20GB of compromised software. The group alleges that the Iranian government employs the software for citizen surveillance, representing a significant advancement in the nation’s surveillance capabilities.

In recent weeks, the Cyberint research team has observed an alarming emerging trend – an ongoing and successful hacking campaign is targeting LinkedIn accounts, all following a consistent method. This campaign is currently affecting individuals worldwide, resulting in a significant number of victims losing access to their accounts. Some have even been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts.

Starting from the beginning of 2023, the FBI and other law enforcement agencies worldwide have come together in a united effort to combat cybercrime, with a specific focus on ransomware. This alliance has already resulted in significant arrests, including those of individuals associated with Pompompurin and LockBit, as well as the dismantling of the Hive ransomware group’s infrastructure.