Russian Foreign Intelligence Service (SVR) Cyber Actors Use JetBrains TeamCity CVE in Global Targeting

Context On December 13, 2023, the United States Federal Bureau of Investigation, Cybersecurity & Infrastructure Security Agency, National Security Agency, Polish Military Counterintelligence Service, Community Emergency Response Team Polska, and the United Kingdom’s National Cyber Security Centre released a report that assessed that cyber actors associated with the Russian Foreign Intelligence Service (SVR), also known…

Read More

Cyber Week 2023: The Impact of Scalper Bots

In North America and Europe, Black Friday and Cyber Monday have become an annual tradition for retailers — and consumers — to kick off the holiday shopping season. As a result of promotions and seasonal specials, items for sale during Cyber Week may be in limited supply and attract the attention of bot operators looking…

Read More

10 Unpatched Vulnerabilities Disclosed in Loytec Building Automation Solutions

On December 5, 2023, industrial and operational technology security vendor TXOne Networks disclosed details of 10 unpatched vulnerabilities in building automation products made by Austrian company Loytec. Context According to reports, TXOne researchers discovered the vulnerabilities over two years ago. According to reports, “The vulnerabilities are related to usernames and passwords being transmitted or stored…

Read More

DarkGate and PikaBot Leveraging QakBot TTPs in Phishing Campaign

On November 20, 2023, Cofense researchers published a report on a phishing campaign spreading DarkGate and Pikabot that is leveraging tactics previously used to deploy QakBot. Context Cofense researchers stated, “This campaign disseminates a high volume of emails to a wide range of industries, and due to the loader capabilities of the malware delivered, targets…

Read More

GoPIX Infostealer Targeting PIX Payment System in Brazil

Context On October 24, 2023, Kaspersky researchers released a report on several cyber threats, including the GoPIX infostealer malware campaign, which they assess has been active since December 2022. Technical Details According to Kaspersky: “GoPIX is a typical clipboard stealer malware that steals PIX “transactions” used to identify payment requests and replaces them with a…

Read More