A new malicious QBot campaign was recently discovered spreading on Windows
devices through PDF and Windows Script Files. The former banking Trojan is
notorious for facilitating initial access to compromised networks for threat
actors.

Perpetrators are historically known to use QBot to deploy additional malware,
such as Cobalt Strike beacons
[https://www.bitdefender.com/blog/hotforsecurity/emotet-deploys-cobalt-strike-beacons-directly-onto-targets-with-new-technique/]
and backdoors, to move lat

Cybercrime is no longer something that just happens to “other people” – it’s now
commonplace.

In 2021, nearly 2.5 million people in the Netherlands aged 15 or older (17
percent of the population) said they had fallen victim to cybercrime, according
to a Statistics Netherlands (CBS) report
[https://www.cbs.nl/en-gb/news/2022/09/nearly-2-5-million-people-victims-of-cybercrime-in-2021]
based on the Safety Monitor 2021.

Ten percent – over 1.5 million people – fell victim to online scams and fraud

The personal and medical information of 20,800 Iowa Medicaid members was exposed
in a data breach at a third-party vendor managing the state’s health insurance
program.

The breach occurred at a Florida-based company called Independent Living Systems
(ILS). According to a March 14, 2023 notice
[https://ilshealth.com/supplemental-data-notice/], the company learned of
unauthorized access to its systems on July 5, 2022.

“Through our response efforts, we learned that an unauthorized actor obtained

NIST is launching its fifth prize competition to continue advancing UAS technology for first responder search and rescue operations, with a total prize purse of up to $987,500. The First Responder UAS Three-Dimensional (3D) Mapping Challenge, or UAS

Rapid technological evolution requires security that is resilient, up to date and adaptable.
In this article, we will cover the transformation in the field of DFIR (digital forensics and incident response) in the last couple years, focusing on the digital forensics’ aspect and how XDR fits into the picture.
Before we dive into the details, let’s first break down the main components of DFIR and

Cyberattacks that use banking trojans of the Qbot family have been targeting companies in Germany, Argentina, and Italy since April 4 by hijacking business emails, according to a research by cybersecurity firm Kaspersky.

In the latest campaign, the malware is delivered through emails written in English, German, Italian, and French. The messages are based on real business emails that the attackers have gained access to. This gives the attackers the opportunity to join the correspondence thread with messages of their own, Kaspersky said in its report.

To read this article in full, please click here

The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems.
While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB has revealed the adversary’s use of the SimpleHelp remote support software in June 2022.
MuddyWater,

A new malware, dubbed Domino, developed by the FIN7 cybercrime group has been used by the now-defunct Conti ransomware gang. IBM Security X-Force researchers recently discovered a new malware family, called Domino, which was created by developers associated with the FIN7 cybercriminal group (tracked by X-Force as ITG14). FIN7 is a Russian criminal group (aka Carbanak) that has […]

The post The intricate relationships between the FIN7 group and members of the Conti ransomware gang appeared first on Security Affairs.