Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the ever-evolving landscape of cybercrime, malware-as-a-service (MaaS) has emerged as a lucrative business for cybercriminals. One of the most notorious examples is Raccoon Infostealer, malware designed to harvest personal and financial information from unsuspecting victims worldwide. The mastermind behind this operation, a Ukrainian national named Mark Sokolovsky, recently pleaded guilty in a U.S. federal court to his role in the cybercrime network.

Cato CTRL security researchers have recently discovered a threat actor, ProKYC, selling a deepfake tool in the cybercriminal underground that helps threat actors beat two-factor authentication (2FA) for conducting account fraud attacks. The tool being sold is customized to target cryptocurrency exchanges—specifically ones that authenticate new users leveraging a government-issued document and by enabling the computer’s camera to perform facial recognition.

In the ever-evolving landscape of cybersecurity threats, the DragonForce ransomware group has quickly become a serious menace to organizations worldwide. First discovered in August 2023, DragonForce has made headlines by leveraging two powerful ransomware variants—a fork of the infamous LockBit3.0 and a modified version of ContiV3.

In February of 2024, SenseOn was contacted to assist with investigating suspicious activity on a customer’s estate. SenseOn analysts quickly identified a malware infection and identified the variant as SocGholish. This blog will showcase SenseOn’s detection and response capabilities against the malware and a breakdown of SocGholish’s techniques and that of the threat actor observed.

This report is the latest in a series that will delve into the deep research the Trustwave SpiderLabs Threat Intelligence team conducts daily on the major threat actor groups currently operating globally. The information gathered is part of a data repository that helps Trustwave SpiderLabs identify possible intrusions as it conducts threat hunts, vulnerability scans, and other offensive and defensive security tasks.

Trustwave's Threat Intelligence team has discovered a new malware dubbed Pronsis Loader, with its earliest known variant dating back to November 2023. This loader shares similarities with the D3F@ck Loader , which surfaced in January 2024. Pronsis Loader has been observed delivering different malware variants, including Lumma Stealer and Latrodectus as its primary payloads. Additionally, the team identified infrastructure linked to Lumma Stealer during the investigation.

Increasingly targeted ransomware attacks, has cyber professionals on high alert securing their networks and understandably with a single attack being potentially such a massive loss (both in terms of finance, operational disruption as well as brand damage). A company that relies on its data to operate or grow should make setting in place a defense against ransomware a top priority. But we cannot take any protection measure without knowing what ransomware is all about.

Dreamforce 2024 once again proved to be a monumental event, with major AI advancements, product announcements, and keynotes that inspired the entire tech community. Among the highlights, Salesforce's introduction of Agentforce took center stage, offering businesses the ability to deploy autonomous AI agents that optimize customer interactions and streamline operations.