Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today's digital landscape, stealer logs have become a significant threat, targeting sensitive information and compromising security. At Foresiet Threat Intelligence Team, we continuously monitor and analyze these threats to help protect individuals and organizations. Here are the top 5 stealer logs currently affecting users.

In a concerning trend observed recently, threat actors are increasingly leveraging encoded URLs to bypass secure email gateways (SEGs), posing a significant challenge to email security defenses. According to recent findings by Cofense, there has been a notable uptick in attacks where threat actors manipulate SEGs to encode or rewrite malicious URLs embedded in emails. This tactic exploits vulnerabilities in SEG technologies, allowing malicious links to slip through undetected to unsuspecting recipients.

A significant data breach has compromised the personal information of 442,519 Life360 customers due to a vulnerability in the company's login API. The breach, discovered in March 2024, has exposed sensitive user details, including email addresses, names, and phone numbers. This incident underscores the critical importance of robust cybersecurity measures, particularly for services handling vast amounts of personal data. Exploiting an Unsecured API Endpoint.

In a startling development, the Akira ransomware gang has demonstrated a dramatic reduction in the time it takes to exfiltrate data from compromised servers. According to the BlackBerry Threat Research and Intelligence Team, this cybercriminal group managed to steal data from a Veeam server in just over two hours during a June attack on a Latin American airline.

The ViperSoftX info-stealing malware has evolved, now utilizing the common language runtime (CLR) to covertly execute PowerShell commands within AutoIt scripts. This sophisticated approach allows ViperSoftX to bypass traditional security measures and remain undetected, posing a significant threat to cybersecurity. Leveraging CLR and AutoIt for Stealth Operations CLR, a core component of Microsoft’s.NET Framework, functions as the execution engine for.NET applications.

GitLab has released a new series of updates to address critical security flaws in its software development platform. Among these, a severe vulnerability tracked as CVE-2024-6385 has been identified, allowing attackers to run pipeline jobs as arbitrary users. This blog will detail the nature of these vulnerabilities, their impact, and the steps GitLab has taken to mitigate them. Critical Vulnerability: CVE-2024-6385.

Russian state-sponsored media organization RT has been using AI-powered software to generate realistic social media personas and spread disinformation for the past two years. This sophisticated tool, known as Meliorator, has been employed to target multiple countries, including the US, Poland, Germany, the Netherlands, Spain, Ukraine, and Israel. Meliorator's Capabilities.

A large-scale fraud operation, dubbed "Ticket Heist," is exploiting over 700 domain names to sell fake tickets for the upcoming Summer Olympics in Paris. This campaign, which appears to predominantly target Russian-speaking users, extends beyond the Olympics to other major sports and music events, posing a significant risk to potential ticket buyers. Details of the Ticket Heist Campaign.

In the ever-evolving landscape of cybersecurity threats, ransomware remains a formidable adversary. Among the recent additions to this domain is Prince Ransomware, a sophisticated piece of malware written from scratch in Go. This blog will provide an in-depth look at Prince Ransomware, its unique encryption mechanisms, the process of building and deploying it, and the ethical considerations surrounding its release as an open-source project. What is Prince Ransomware?