Project Hyphae

Threats

the latest cybersecurity threat alerts

‘Picture-in-Picture’ Obfuscation Spoofs Delta, Kohl’s for Credential Harvesting Article Link: https://www.darkreading.com/endpoint/picture-in-picture-obfuscation-spoofs-delta-kohls-credential-harvesting NSA and FBI: Kimsuky Hackers Pose as Journalists to Steal

CVE-2023-n-a CVSSv3: n/a A critical vulnerability has been discovered within the Progress product MOVEit Transfer that if exploited could be used

**Note: In observance of Memorial Day, there will not be any Security News published for the week of May 29th –

Greatness Phishing-as-a-Service Threatens Microsoft 365 Users Article Link: https://www.helpnetsecurity.com/2023/05/12/phishing-microsoft-365/ Israeli Threat Group Uses Fake Company Acquisitions in CEO Fraud Schemes Article

In the ever-evolving world of cybersecurity, phishing campaigns persist as a serious menace, constantly devising new strategies to exploit unsuspecting individuals.

Ransomware Gang Hijacks University’s Emergency Alert System, Threatens Students Article Link: https://www.cybertalk.org/2023/05/05/ransomware-gang-hijacks-colleges-emergency-alert-system-threatens-students/ Attackers Route Malware Activity Over Popular CDNs Article Link:

Hackers use Fake “Windows Update” Guides to Target Ukrainian Govt Article Link: https://www.bleepingcomputer.com/news/security/hackers-use-fake-windows-update-guides-to-target-ukrainian-govt/ Many Public Salesforce Sites are Leaking Private Data

Discarded, Not Destroyed: Old Routers Reveal Corporate Secrets Article Link: https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/ Major US CFPB Data Breach Caused by Employee Article Link:

Cisco, the United States and British governments are warning of APT28 hackers deploying custom malware capable of allowing remote access, named

A new cybercrime tool called “AuKill” has revealed itself in the wild, capable of tracking down and killing processes for various

Vice Society Ransomware uses New PowerShell Data Theft Tool in Attacks Article Link: https://www.bleepingcomputer.com/news/security/vice-society-ransomware-uses-new-powershell-data-theft-tool-in-attacks/ A “By-Design” Flaw in Microsoft Azure can

CISA added CVE-2023-28252, a Windows zero-day vulnerability in the Common Log File System (CLFS), to its catalog of Known Exploited Vulnerabilities

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.