Chinese state hackers target telcos with new malware toolkit

A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge ...
Microsoft

Signed malware impersonating workplace apps deploys RMM backdoors

Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise ...
Security Boulevard

A fake FileZilla site hosts a malicious download

A tampered copy of FileZilla quietly contacts attacker-controlled servers using encrypted DNS traffic that can slip past ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery

Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ...

基于合法RMM工具的钓鱼攻击隐蔽机制与防御策略研究

RMM工具之所以难以被检测,还在于其通信机制的隐蔽性。大多数现代RMM软件采用端到端加密的HTTPS或专有加密协议与控制服务器通信。对于网络监控设备而言,这些流量看起来与普通的Web浏览流量或合法的软件更新流量无异。此外,RMM软件通常会连接到全球分布的云节点,IP地址频繁变动且属于知名云服务商(如AWS, Azure, Google Cloud),这使得基于IP信誉的黑名单机制难以生效。
Midweek Herald

East Devon to recognise rights of rivers following vote

A bid to better protect a Devon district’s rivers has secured unanimous backing and made the council behind it at the forefront of such efforts.