CyberSecurity news
FlagThis - #cybercriminals
|
Mona Thaker@Microsoft Security Blog
//
References:
Microsoft Security Blog
, Wiz Blog | RSS feed
,
Microsoft and Wiz have both been recognized as Leaders in the 2025 IDC MarketScape for Cloud-Native Application Protection Platforms (CNAPP). This recognition underscores the growing importance of CNAPP solutions as organizations grapple with securing increasingly complex cloud environments. The IDC MarketScape assesses vendors based on their capabilities and strategic vision, providing guidance for security leaders seeking to replace fragmented point tools with a unified approach to cloud security. Both Microsoft and Wiz have demonstrated a strong commitment to innovation and customer success in cloud security.
The IDC MarketScape emphasizes that selecting a CNAPP vendor involves more than just consolidating tools. It highlights the importance of seamless integration with existing security infrastructure and the ability to enhance the overall security posture. Key considerations include robust monitoring and reporting on cloud security posture, runtime, and application security. Microsoft's recognition stems from its comprehensive, AI-powered, and integrated security solutions for multicloud environments. Wiz is also committed to customer success across cloud security. Microsoft's Defender for Cloud was specifically lauded for providing visibility into cloud attacks across the entire environment, from endpoints to exposed identities. The platform's holistic approach examines attack vectors both inside and outside the cloud, integrating pre-breach posture graphs with live incidents for exposure risk assessment. Additionally, Microsoft was recognized for its detailed threat analytics, which combines information from various sources to create comprehensive attack paths and facilitate threat prioritization. Customers also highlighted the strong partnership with Microsoft, noting dedicated support and consulting for optimal product use. Recommended read:
References :
Michael Kan@PCMag Middle East ai
//
A new cyber threat has emerged, targeting users eager to experiment with the DeepSeek AI model. Cybercriminals are exploiting the popularity of open-source AI by disguising malware as a legitimate installer for DeepSeek-R1. Unsuspecting victims are unknowingly downloading "BrowserVenom" malware, a malicious program designed to steal stored credentials, session cookies, and gain access to cryptocurrency wallets. This sophisticated attack highlights the growing trend of cybercriminals leveraging interest in AI to distribute malware.
This attack vector involves malicious Google ads that redirect users to a fake DeepSeek domain when they search for "deepseek r1." The fraudulent website, designed to mimic the official DeepSeek page, prompts users to download a file named "AI_Launcher_1.21.exe." Once executed, the installer displays a fake installation screen while silently installing BrowserVenom in the background. Security experts at Kaspersky have traced the threat and identified that the malware reconfigures browsers to route traffic through a proxy server controlled by the hackers, enabling them to intercept sensitive data. Kaspersky's investigation revealed that the BrowserVenom malware can evade many antivirus programs and has already infected computers in various countries, including Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. The analysis of the phishing and distribution websites revealed Russian-language comments within the source code, suggesting the involvement of Russian-speaking threat actors. This incident serves as a reminder to verify the legitimacy of websites and software before downloading, especially when dealing with open-source AI tools that require multiple installation steps. Recommended read:
References :
Lily Hay@feeds.arstechnica.com
//
References:
www.wired.com
, arstechnica.com
,
Cybercriminals are increasingly leveraging residential proxy services to mask malicious web traffic, making it appear as routine online activity and evading detection. This tactic involves routing illicit activities through a network of real IP addresses assigned to homes and offices, making it difficult to distinguish between legitimate and harmful traffic. Researchers at the Sleuthcon conference in Arlington, Virginia, highlighted this growing trend, noting that the shift towards using proxies has become significant in recent years as law enforcement agencies have become more effective at targeting traditional "bulletproof" hosting services.
The core issue lies in the fact that proxy services are designed to obfuscate the source of web traffic, making it nearly impossible to identify malicious actors within a node. As Thibault Seret, a researcher at Team Cymru, explained, the strength of a proxy service lies in its anonymity, which while beneficial for internet freedom, presents a major challenge for analyzing and identifying harmful activities. This is particularly true of residential proxies, which use real IP addresses of everyday internet users, blurring the lines between legitimate and criminal behavior. The use of residential proxies by cybercriminals represents a significant shift in tactics, prompting security professionals to reassess their detection strategies. These proxies operate on consumer devices like old Android phones or low-end laptops, making it even more difficult to trace the origin of malicious activities. As criminals and companies seek to maintain anonymity and privacy, they are increasingly relying on these services, complicating the efforts to combat cybercrime effectively. Recommended read:
References :
@cyberscoop.com
//
An international law enforcement operation, dubbed Operation Endgame, has successfully taken down AVCheck, a notorious service used by cybercriminals to test their malware against antivirus software. The coordinated effort involved law enforcement agencies from multiple countries, including the US, Netherlands, and Finland. This takedown represents a significant blow to cybercriminal infrastructure, as AVCheck was one of the largest counter antivirus (CAV) services operating globally, enabling criminals to refine their malware to evade detection by security software. The service allowed users to upload their malware and test it against various antivirus engines, ensuring it could slip past defenses undetected.
The takedown included the seizure of the AVCheck domain (avcheck.net) along with several other related domains, including Cryptor.biz, Cryptor.live, Crypt.guru, and Getcrypt.shop, which provided "malware crypting" services. These crypting services were closely linked to AVCheck's administrators and helped malware authors obfuscate their code, further enhancing its ability to bypass antivirus detection. Authorities made undercover purchases from seized websites and analyzed the services, confirming they were designed for cybercrime. Court documents also allege authorities reviewed linked email addresses and other data connecting the services to known ransomware groups that have targeted victims both in the United States and abroad. The Dutch police played a crucial role in the operation, even setting up a fake login page on AVCheck prior to the takedown. This fake page warned users about the legal risks associated with using the service and collected data on those attempting to log in. This tactic allowed law enforcement to gather valuable intelligence on the users of AVCheck and potentially deter them from engaging in further cybercriminal activities. Authorities have highlighted the importance of international cooperation in combating cybercrime, emphasizing the need to target not just individual cybercriminals but also the services and infrastructure that enable their malicious activities. Recommended read:
References :
info@thehackernews.com (The@The Hacker News
//
Cybercriminals are increasingly disguising malicious software, including ransomware and destructive malware, as legitimate AI tool installers to target unsuspecting users. Cisco Talos and other cybersecurity researchers have recently uncovered several of these threats, which are distributed through various channels, including social media platforms like Facebook and LinkedIn, as well as fake AI platforms designed to mimic legitimate AI software vendors. The attackers employ sophisticated social engineering tactics, such as SEO poisoning to manipulate search engine rankings and the use of lookalike domains, to lure victims into downloading counterfeit tools that are actually malware-laden installers.
The malicious installers are designed to deliver a variety of threats, including ransomware families like CyberLock and Lucky_Gh0$t, as well as a newly discovered destructive malware called Numero. CyberLock ransomware, written in PowerShell, focuses on encrypting specific files, while Lucky_Gh0$t is a variant of the Yashma ransomware family. Numero, on the other hand, renders Windows systems completely unusable by manipulating the graphical user interface (GUI) components. These threats often target individuals and organizations in the B2B sales, technology, and marketing sectors, as these are the industries where the legitimate versions of the impersonated AI tools are particularly popular. To protect against these threats, cybersecurity experts advise users to exercise extreme caution when downloading AI tools and software. It is crucial to meticulously verify the authenticity of AI tools and their sources before downloading and installing them, relying exclusively on reputable vendors and official websites. Scanning downloaded files with antivirus software before execution is also recommended. By staying vigilant and informed, users can avoid falling prey to these increasingly sophisticated cybercriminal campaigns that exploit the growing interest in AI technology. Recommended read:
References :
|