Phishing emails employ "hidden text salting" to avoid detection
Malware Developments
Phishing emails employ "hidden text salting" to avoid detection
Hidden text salting, also known as "poisoning," is a technique increasingly employed by threat actors to evade email parsers, spam filters, and detection systems. This method involves embedding characters or elements within the HTML or CSS of emails that are invisible to recipients but interfere with detection engines relying on keyword recognition or brand extraction. Security researchers have observed a significant rise in the use of this method in phishing campaigns, showcasing its adaptability and impact in bypassing modern email security measures. READ MORE.
Innovative infection chain highlights Lumma Stealer's reach?
A recent campaign deploying Lumma Stealer demonstrates an innovative infection chain targeting victims across various geographic regions and industry sectors. Threat actors employ a combination of fake CAPTCHA prompts and malvertising to deliver the malware while evading detection. READ MORE.
Exploiting RID hijacking for stealthy privilege escalation
Recent analyses have revealed the use of Relative Identifier (RID) Hijacking by Andariel Group, a known threat actor group believed to be affiliated with Lazarus. This technique allows attackers to escalate privileges by modifying the RID of a low-privilege account, such as a standard user or guest, to impersonate a high-privilege account, like an administrator. By exploiting this method, attackers gain unauthorized control over a system, enabling them to perform malicious activities while bypassing traditional detection systems. READ MORE.
QBot resurfaces with advanced payload delivery techniques
QBot, also known as Qakbot or Pinkslipbot, is a modular information stealer that has evolved from its origins as a banking Trojan into a sophisticated malware loader used in ransomware and other cyberattacks. Leveraging command and control (C&C) servers, it deploys malicious payloads, making it an enabler of secondary infections. While law enforcement actions temporarily disrupted its infrastructure, security researchers have identified signs of its resurgence, with new technical capabilities that amplify its threat to organizations. READ MORE.
领英推荐
Vulnerabilities and Exploitation Attempts
Oracle patches critical exploitable vulnerabilities across platforms
Oracle’s January 2025 Critical Patch Update (CPU) addresses 318 newly identified security vulnerabilities across its product range, emphasizing the urgency of patching due to several high-severity issues that pose significant risks if exploited. READ MORE.
Cybersecurity Regulatory News
EU's DORA Regulation Now in Effect
The EU’s Digital Operational Resilience Act (DORA) is now in place, introducing new cybersecurity and operational risk requirements for financial organizations. The act requires firms to establish clear incident reporting processes, maintain continuous IT security oversight, and strengthen third-party risk management practices. These rules aim to improve the resilience of financial institutions against cyber threats and operational disruptions. Non-compliance can lead to significant fines, reputational damage, and greater vulnerability to attacks, making it essential for organizations to adapt their systems and processes to meet these new standards.
Gain deeper Cyber Threat Intelligence (CTI) insights!
CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.
Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.