Tech Threats Update: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums, and More

In the final weeks of December 2020, www.market0day[.]com faced complaints from numerous customers who had not received their purchases. The administrator of the site, Belmili, responded by claiming he was no longer in charge and instead directed users to a new marketplace – www.spoxy[.]us. This new platform was promoted as a “new store for bulk SMS,” a term often associated with the dissemination of fraudulent text messages. This transition resulted in approximately 5,600 individuals in the United States and around the world becoming victims of this scheme.

The realm of cybercrime continues to evolve, with a new phishing tactic known as collaboration phishing making waves. This strategy involves exploiting Outlook Groups and Microsoft 365 collaboration features to make malicious activities seem routine. By adding targets to an attacker-controlled Microsoft 365 group, cybercriminals can execute credential theft, token capture, or malware delivery through shared files, fake calendar invites, and group mailboxes.

Artificial Intelligence (AI) has become a prevalent topic in underground cyber communities, with threat actors exploring its potential for developing malware and tools. Some individuals are leveraging AI to enhance social engineering tactics and create AI-enabled malware like ApexAI, Metatron, and PolyEngine. Additionally, there are discussions about utilizing public AI models for intrusion activities and employing AI assistants for malicious purposes. However, there are concerns within the cybercrime ecosystem about how AI advancements could impact job opportunities and reshape the competitive landscape.

Recent findings have revealed over 8,500 instances of REDCap, a web application used by research institutions to store sensitive data, globally. These instances have been targeted by threat actors, with a China-nexus actor identified as UNC6508 conducting espionage campaigns against academic, medical, and military research institutions. The attackers exploited internet-facing REDCap servers to deploy a backdoor named INFINITERED, allowing them to exfiltrate valuable information.

A report by Human Rights Watch shed light on surveillance export gaps, highlighting how a Bulgaria-based firm, Circles, sold surveillance technology to countries with a history of human rights violations. This export of technology to nations like Azerbaijan, Bahrain, and Mexico raises concerns about the potential misuse of these tools for oppressive purposes. The report underscores the need for stricter export controls to prevent the proliferation of surveillance technology to unethical entities.

In the realm of malware distribution, a campaign using the Browser-in-the-Browser (BitB) technique has been observed impersonating popular software brands to distribute malicious payloads. By creating fake software update warnings and utilizing social engineering tactics, attackers trick users into downloading and executing harmful installers. This campaign underscores the importance of vigilance against phishing attacks that exploit trust and familiarity to deceive victims.

Overall, these incidents highlight the persistent threat posed by cybercriminals who leverage various tactics to exploit vulnerabilities and manipulate user behavior. As the cybersecurity landscape continues to evolve, it is crucial for individuals and organizations to stay vigilant, patch vulnerabilities, and prioritize security measures to safeguard against emerging threats. By remaining proactive and informed, users can mitigate the risks associated with cybercrime and protect themselves from potential attacks in the digital age.

Welcome to our WordPress Website!

Are you ready to learn more about our products and services? We’re here to provide you with all the information you need in a clear and engaging way. Our goal is to make your experience on our website as informative and enjoyable as possible.

Whether you’re looking for the latest updates on our offerings or helpful tips and tricks to make the most out of our products, you’ll find it all here. Feel free to explore our site and discover everything we have to offer.

Don’t hesitate to reach out if you have any questions or need assistance. We’re here to help and make sure you have a great experience with us. Thank you for visiting our WordPress website!