However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks.

https://threatpost.com/lockbit-blackcat-swissport-ransomware-activity/178261/

The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.

https://threatpost.com/quadream-israeli-spyware-weaponized-iphone-bug/178252/

The ‘smishing’ group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims.

https://threatpost.com/roaming-mantis-android-backdoor-europe/178247/

The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.

https://threatpost.com/attackers-intuit-cancel-tax-accounts/178219/

And customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the “real pain in the rear end” of manual inputting, inaccurate wages & more.

https://threatpost.com/kronos-dragging-itself-back-ransomware-hell/178213/

Attackers are using socially engineered emails with .ppam file attachments that hide malware that can rewrite Windows registry settings on targeted machines.

https://threatpost.com/powerpoint-abused-take-over-computers/178182/

The Conti gang strikes again, disrupting the nom-merchant’s supply chain and threatening empty supermarket shelves lasting for weeks.

https://threatpost.com/kp-snacks-crumbs-ransomware-attack/178176/

Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors.

https://threatpost.com/malicious-npm-packages-web-apps/178137/

The notorious Iranian APT is fortifying its arsenal with new malicious tools and evasion tactics and may even be behind the Memento ransomware.

https://threatpost.com/charming-kitten-powershell-backdoor/178158/

The warning follows a Citizen Lab report that found the official, mandatory app has an encryption flaw that “can be trivially sidestepped.” Besides burners, here are more tips on staying cyber-safe at the Games.

https://threatpost.com/fbi-burner-phone-olympics-beijing/178153/

Finland is weathering a bout of Pegasus infections, along with a Facebook Messenger phishing scam.

https://threatpost.com/nso-group-pegasus-spyware-finnish-diplomats/178113/

The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2.

https://threatpost.com/lazarus-apt-windows-update-malware-github/178096/

The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.

https://threatpost.com/zerodium-payout-outlook-zero-days/178089/

QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics’ network has been crippled.

https://threatpost.com/conti-deadbolt-delta-qnap-ransomware/178083/

The Vultur trojan steals bank credentials but asks for permissions to do far more damage down the line.

https://threatpost.com/2fa-app-banking-trojan-google-play/178077/

The malware had already put millions of routers and IoT devices at risk, and now any noob can have at it.

https://threatpost.com/botenago-botnet-code-leaked-to-github/178059/

Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.

https://threatpost.com/shipment-delivery-scams-a-fav-way-to-spread-malware/178050/

The malware has added an anti-debugging tool that crashes browser tabs when researchers use code beautifying for analysis.

https://threatpost.com/trickbot-crash-security-researchers-browsers/178046/

iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.

https://threatpost.com/apple-zero-day-security-exploited/178040/

Need a blueprint for architecting a formidable cyber-defense? Kerry Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.

https://threatpost.com/tips-activate-cyber-defense/177955/