With a new phishing kit, red teams and cybercriminals can create Progressive Web Apps (PWAs) with convincing corporate login forms aimed at stealing credentials. A PWA is a web-based app built with HTML, CSS, and JavaScript that can be installed from a website like a desktop application. Mr.d0x, a security researcher, has developed a new phishing toolkit that demonstrates how to create PWAs to display corporate login forms, including a fake address bar that shows the normal corporate login URL. This article continues to discuss the new phishing toolkit involving PWAs.

"Coathanger," a piece of malware designed specifically to live on Fortinet's FortiGate appliances, may still be present on many devices. The Dutch Military Intelligence and Security Service (MIVD) and General Intelligence and Security Service (AIVD) reported in February 2024 that Chinese state-sponsored hackers breached the Dutch Ministry of Defense in 2023 by exploiting a FortiOS pre-auth Remote Code Execution (RCE) vulnerability and launched Remote Access Trojan (RAT) malware to create a persistent backdoor. The Coathanger RAT survived reboots and firmware upgrades.

A Windows backdoor, dubbed "WarmCookie" by Elastic Security Labs, gives attackers entry into targeted systems. Following initial access, they move on to ransomware delivery and system compromise. Starting in late April, the backdoor has been distributed in a phishing campaign called "REF6127." The phishing emails use recruitment and potential jobs as lures. This article continues to discuss findings regarding the WarmCookie malware.

According to Symantec, the "Black Basta" ransomware group may have exploited a recently patched Windows privilege escalation vulnerability. The Windows error reporting service privilege escalation vulnerability allows an attacker to gain system privileges. Symantec found evidence that the Black Basta group may have exploited this vulnerability as a zero-day. The company discovered a tool that exploits the flaw to start a shell with administrative privileges.

Fortinet recently announced patches for multiple vulnerabilities in FortiOS and other products, including several flaws leading to code execution.  The most severe vulnerability is CVE-2024-23110 (CVSS score of 7.4), which collectively tracks multiple stack-based buffer overflow security defects in the platform’s command line interpreter.  Successful exploitation of the high-severity flaw may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.

GuidePoint Security has discovered that the "Scattered Spider" cybercrime group is an affiliate of the "RansomHub" Ransomware-as-a-Service (RaaS) operator. Based on observed tactics, techniques, and procedures (TTPs), the researchers believe that at least some of Scattered Spider, a former ALPHV/BlackCat affiliate, is now running ransomware with RansomHub. This article continues to discuss Scattered Spider's link to RansomHub.

NYU Tandon School of Engineering researchers are proposing new measurement methods to better identify and quantify flaws in popular web browser extensions that are supposed to protect user privacy and block online ads. The team analyzed over 40,000 user reviews of seven popular privacy-preserving Chrome extensions. The researchers found five major user concerns: performance, web compatibility, data and privacy policy, effectiveness, and default configurations. They found a gap between user expectations and what the extensions actually provide.

Authorities in the UK recently made two arrests in an investigation into a large smishing campaign relying on an illegal phone mast.  The suspects were located in Manchester and London and allegedly used a homemade mobile antenna to send thousands of phishing SMS messages to unsuspecting individuals.  The police noted that the messages were crafted to mimic those of banks and other official organizations, and the illegal SMS blaster allowed the perpetrators to bypass the protections put in place by mobile phone networks to block suspicious text messages.

According to a new study by Bitdefender, over 70% of cybersecurity professionals often have to work weekends to address security concerns in their organizations.  The company noted that this intense workload appears to correlate strongly with job dissatisfaction, with around two-thirds (64%) of the 1200 cyber professionals surveyed stating that they are planning on looking for a new job in the next 12 months.  In the US, the figures were 70.2% (work weekends) and 62.2% (looking for a new job), respectively.

MITRE says the next presidential administration must prepare the US for quantum computing that can outperform current encryption methods. In a recent advisory document, MITRE calls on the next presidential administration to prioritize quantum computing advances, critical infrastructure protections, cyber leadership roles, and implementing a Zero Trust (ZT) framework for the federal government. Current cryptographic systems use complex mathematical algorithms that traditional computers find difficult to solve.