Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Netskope Threat Labs is tracking a campaign that uses malicious Python scripts to steal Facebook users’ credentials and browser data. This campaign targets Facebook business accounts with bogus Facebook messages with a malicious file attached. The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology sectors.

In late August, the FBI took down and dismantled Quakbot, a banking Trojan that primarily spread through spam and phishing emails and has been active and continuously updated since 2008. Trustwave SpiderLabs has tracked Qakbot for years and has worked hard to counter the malware’s efforts, including publicly releasing the encryption algorithm Qakbot used to encrypt registry keys, enabling victims to recover from an attack.

At Rubrik, we are on a mission to Secure the World’s Data and we consider product quality a top priority. In this blog, we will talk about the automated test strategy we follow at Rubrik to ensure the best quality products for our customers. Before we deep dive into our test strategy and the process we follow, let’s quickly understand what product quality means and why it’s important to our organization as well as our customers.

Researchers at Truesec are tracking a phishing campaign that’s distributing the DarkGate Loader malware via external Microsoft Teams messages. “On August 29, in the timespan from 11:25 to 12:25 UTC, Microsoft Teams chat messages were sent from two external Office 365 accounts compromised prior to the campaign,” the researchers write.

When the well-renowned Oracle database started penetrating the enterprise, database administrators typically backed up to tape and disk, with the former being the preferred target. To support the various tape and disk vendors in the marketplace, Oracle came up with the concept of a media management layer that allowed vendors to provide front-ends to their tape or disk devices.

Qakbot, also known as Pinkslipbot, Qbot and Quakbot, is a notorious Banking Trojan designed to steal account credentials and online banking session information leading to account takeover fraud. Commonly distributed via malicious unsolicited email (malspam), Qakbot campaigns reportedly deployed ‘Cobalt Strike’ beacons likely in an attempt to move laterally as well as gaining persistency and establishing a robust communication channel back to the threat actor.

New data suggests that the gangs and toolkits behind current ransomware attacks are materially improving their abilities, resulting in a speeding up of attacks before defenses kick in. It’s the last thing we want to hear; the threat actors are winning. But, according to Sophos’ 2023 Active Adversary Report for Tech Leaders report – at least when looking at threat actor dwell time – it seems to be the case.

As a principal security researcher on Corelight’s Labs team, I help to solve difficult network security research problems at scale. Corelight’s customers might recognize some of my work if you see the packages “VPN Insights” or “App ID” on your sensors. Outside of my day-to-day role, I have a hobby podcast called eCrimeBytes where we lightheartedly discuss an electronic crime case each week.

One thing is becoming evident as ransomware attacks increase in frequency and impact: businesses can take additional precautions. Unfortunately, many companies are failing to do so. Most victims are sufficiently warned about potential weaknesses yet unprepared to recover when hit. Robust ransomware prevention is more important than ever. This becomes very clear when you consider what causes the majority of ransomware attacks nowadays. Some are caused by errors that are easily avoidable.