Friday, December 6, 2024

THREATS

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated learning (FL) to improve the efficiency and privacy of training large language models (PLMs) on...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target e-commerce platforms during the holiday season, which allow attackers to...

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated Windows RAT that, initially detected in 2023, employs advanced evasion...

New CleverSoar Malware Attacking Windows Users Bypassing Security Mechanisms

CleverSoar, a new malware installer, targets Chinese and Vietnamese users to deploy advanced tools like Winos4.0 and Nidhogg rootkit. These tools enable keylogging, data...

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central Asia, East Asia, and Europe by deploying custom malware,...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers in Europe and the USA during the Black Friday...

Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints

Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to test an AV/EDR bypass tool were compromised, granting unauthorized access.The...

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to launch highly evasive password spray attacks, successfully stealing credentials...

Russia, Iran, And China Influence U.S. Elections, Microsoft Warns

The researchers have observed consistent efforts by Russia, Iran, and China to exert foreign influence on democratic processes in the United States. Recent U.S. government...

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication on cryptocurrency exchanges, which is designed specifically for NAF (New...

DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials

In a new campaign that is aimed at users who speak Russian, the modular remote access tool (RAT) known as DCRat has been utilized. Delivered...