New Attack Steals Your Windows Email, Passwords, 2FA Codes And More
Infostealers are the new black. When it comes to hacking fashion, malware that steals user credentials has been in vogue for a while now. We've seen the evidence in the 19 billion compromised passwords that are already available online, or the 94 billion browser cookies published to the Dark Web and Telegram channels. Microsoft has been spearheading the fight against the credential-stealing criminals, leading the recent global takedown of large parts of the Lumma Stealer network infrastructure, for example. Yet, the danger still persists; in fact, it is evolving. New research has revealed that a notorious threat to Windows users has emerged in the form of a new variant that can steal most anything and everything. Here's what you need to know about Katz.
There is nothing particularly unusual about the way that the Katz Stealer malware is distributed. Victims are targeted through the usual cybercriminal methods, including phishing emails, malicious advertisements, dangerous search results, and dodgy downloads. Once installed, however, Katz looks to see if you are using Google Chrome, Microsoft Edge or the Brave web browser and goes into what is known as headless mode. This is pretty much as it sounds, a browser with no visible interface, running 'headless' in the background but with the body able to render pages and interact with the web as normal. Katz can also bypass Google's app-bound encryption protections for Chrome, according to security researchers, which would aid in the credential-stealing payload. And it's the payload that has us shaking our collective heads in disbelief.
A May 23 analysis of the latest Katz Stealer malware, by the Nextron threat research team, has revealed the true extent of this steal-everything threat to Windows users.
According to the full analysis, which I would recommend you go and read, after you finish here, of course, the range of Katz when it comes to data that can be stolen is, well, extensive.
As well as the usual mitigation advice for consumers to deploy two-factor authentication and passkeys on all accounts where available, apply all operating system and browser security updates as soon as possible and be alert to all the usual phishing tricks, the Nextron threat research team recommended the following for enterprise users:
Nextron also suggested watching out for the scanning of Windows registry keys and files associated with popular browsers and wallet applications, as this is indicative of Katz Stealer activity. As Sergeant Phil Esterhaus used to say, if you know you know, 'be careful out there.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Verge
8 minutes ago
- The Verge
Google's NotebookLM can now make narrated slideshows with AI
Google's NotebookLM is getting a new Video Overviews feature that uses AI to create slideshows with narration. The feature is rolling out now in English, and Google says that support for 'more languages' is coming soon. 'You can think of these as a visual alternative to Audio Overviews: the AI host creates new visuals to help illustrate points while also pulling in images, diagrams, quotes and numbers from your documents,' according to a blog post. 'This makes it uniquely effective for explaining data, demonstrating processes and making abstract concepts more tangible.' Google plans to introduce 'additional formats' in the future. Based on a demo video, Video Overviews have handy playback controls like the ability to skip back and forth by 10 seconds and set playback speed. Google is also announcing updates to NotebookLM's Studio tab, which is where you can have the app generate things like Audio and Video Overviews, study guides, and briefing documents. The biggest change is that you'll be able to 'create and store multiple studio outputs of the same type in a single notebook,' meaning you can make multiple Audio Overviews all referencing information from the notebook you're working from. The Studio tab is getting a visual refresh, too — it will have four tiles at the top for making Audio Overviews, Video Overviews, Mind Maps, and Reports, Google says. The Studio changes will roll out 'over the next few weeks' to all users. Posts from this author will be added to your daily email digest and your homepage feed. See All by Jay Peters Posts from this topic will be added to your daily email digest and your homepage feed. See All AI Posts from this topic will be added to your daily email digest and your homepage feed. See All Google Posts from this topic will be added to your daily email digest and your homepage feed. See All News Posts from this topic will be added to your daily email digest and your homepage feed. See All Tech
Yahoo
11 minutes ago
- Yahoo
U.S. Firms Enhance Cybersecurity for Resilience
Service providers help companies integrate new tools to defend cloud-based resources, AI applications against evolving threats, ISG Provider Lens® report says STAMFORD, Conn., July 25, 2025--(BUSINESS WIRE)--Enterprises in the U.S. are adopting a wide range of advanced cybersecurity services and solutions to protect their assets from increasingly sophisticated attacks, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a global AI-centered technology research and advisory firm. The 2025 ISG Provider Lens® Cybersecurity — Services and Solutions report for the U.S. finds that organizations are partnering with service and solution providers to implement adaptive systems for enterprise resilience, including AI-enabled capabilities. They are responding to growing and evolving threats, as demonstrated by the increasing frequency and impact of data breaches and ransomware attacks throughout 2024. "Security threats are more complex than ever, and regulations continue to expand and evolve," said Doug Saylors, partner and leader of ISG Cybersecurity. "Companies in the U.S. want automated, proactive cybersecurity solutions closely integrated with their business strategies and objectives." U.S. enterprises are using advanced analytics and automation to make security operations more efficient and effective, the report says. These technologies streamline workflows by linking various tools, automating repetitive tasks and codifying incident response processes. AI innovations enhance these capabilities with new ways to interpret data, identify patterns and make real-time recommendations. This trend is expected to continue through 2025, shaping the future of technical security services. AI is playing a growing role in U.S. cybersecurity strategies as both threat actors and solution providers rapidly adopt AI-enabled technologies, ISG says. IT professionals are increasingly concerned about attackers using AI to exploit vulnerabilities with malware more quickly and to greater effect. However, AI-powered defense systems can process massive amounts of data to identify threats that manual detection might not find. In addition, the increasing use of AI tools is driving up demand for solutions to protect AI models, training data and applications from attacks such as data poisoning. Zero trust architecture is gaining significant traction in the U.S. as enterprises seek to protect resources across ever-wider security perimeters, the report says. Cloud migration and distributed operations are making this approach more attractive. Zero trust systems deploy components such as identity and access management (IAM) to verify users and microsegmentation to isolate individual assets. As U.S. companies accelerate digital transformation while preparing for future threats, strategic security services will focus on enhancing business resilience and using real-time intelligence to help enterprises devise strategies aligned with their risk profiles, ISG says. At the same time, organizations are taking advantage of significant advancements in security operations center/managed detection and response (SOC/MDR) services, including improved proactive threat hunting and prioritization of threats. "Successful enterprises in the U.S. are integrating people, processes and technology into their security postures to meet AI-related risks," said Gowtham Sampath, assistant director and principal analyst, ISG Provider Lens Research, and lead author of the report. "Partnering with service providers is crucial for augmenting internal teams with specialized skills and building up defenses." The report also explores global cybersecurity technology trends affecting U.S. enterprises, including increasing adoption of IAM, extended detection and response (XDR) and security service edge (SSE). For more insights into the cybersecurity challenges facing enterprises in the U.S., plus ISG's advice on how to address them, see the ISG Provider Lens® Focal Points briefing here. The 2025 ISG Provider Lens® Cybersecurity — Services and Solutions report for the U.S. evaluates the capabilities of 116 providers across nine quadrants: Identity and Access Management (Global), Extended Detection and Response (Global), Security Service Edge (Global), Technical Security Services — Large Accounts, Technical Security Services — Midmarket, Strategic Security Services — Large Accounts, Strategic Security Services — Midmarket, Next-Gen SOC/MDR Services — Large Accounts and Next-Gen SOC/MDR Services — Midmarket. The report names IBM as a Leader in five quadrants. It names Accenture, Atos, Capgemini, CyberProof, Deloitte, EY, HCLTech, Infosys, Kudelski Security, NCC Group, Optiv, PwC, Rackspace Technology, TCS, Trustwave, Unisys and Wipro as Leaders in three quadrants each. Broadcom, Fortinet, Microland, Microsoft, Palo Alto Networks and Persistent Systems are named as Leaders in two quadrants each. Cato Networks, Check Point Software, Cisco, Critical Start, CrowdStrike, CyberArk, Cyderes, Forcepoint, KPMG, Kroll, ManageEngine, Mphasis, Netskope, Okta, One Identity (OneLogin), Ping Identity, Proficio, SailPoint, Saviynt, SentinelOne, Trellix, Trend Micro, Versa Networks and Zscaler are named as Leaders in one quadrant each. In addition, NTT DATA is named as a Rising Star — a company with a "promising portfolio" and "high future potential" by ISG's definition — in three quadrants. BeyondTrust, HPE (Aruba), Microland, Mphasis, Persistent Systems and Sophos are named as Rising Stars in one quadrant each. In the area of customer experience, PwC is named the global ISG CX Star Performer for 2025 among cybersecurity service and solution providers. PwC earned the highest customer satisfaction scores in ISG's Voice of the Customer survey, part of the ISG Star of Excellence™ program, the premier quality recognition for the technology and business services industry. Customized versions of the report are available from Capgemini, CyberProof, Rackspace and Unisys. The 2025 ISG Provider Lens® Cybersecurity — Services and Solutions report for the U.S. is available to subscribers or for one-time purchase on this webpage. About ISG Provider Lens® Research The ISG Provider Lens® Quadrant research series is the only service provider evaluation of its kind to combine empirical, data-driven research and market analysis with the real-world experience and observations of ISG's global advisory team. Enterprises will find a wealth of detailed data and market analysis to help guide their selection of appropriate sourcing partners, while ISG advisors use the reports to validate their own market knowledge and make recommendations to ISG's enterprise clients. The research currently covers providers offering their services globally, across Europe, as well as in the U.S., Canada, Mexico, Brazil, the U.K., France, Benelux, Germany, Switzerland, the Nordics, Australia and Singapore/Malaysia, with additional markets to be added in the future. For more information about ISG Provider Lens research, please visit this webpage. About ISG ISG (Nasdaq: III) is a global AI-centered technology research and advisory firm. A trusted partner to more than 900 clients, including 75 of the world's top 100 enterprises, ISG is a long-time leader in technology and business services that is now at the forefront of leveraging AI to help organizations achieve operational excellence and faster growth. The firm, founded in 2006, is known for its proprietary market data, in-depth knowledge of provider ecosystems, and the expertise of its 1,600 professionals worldwide working together to help clients maximize the value of their technology investments. View source version on Contacts Press Contacts:Laura Hupprich, ISG+1 203 517 Julianna Sheridan, Matter Communications for ISG+1 978-518-4520isg@
Yahoo
11 minutes ago
- Yahoo
EU trade deal: What to expect in markets & earnings this week
Stocks (^GSPC, ^IXIC, ^DJI) are higher as investors look past tariff headlines and focus on upcoming tech earnings from giants like Apple (AAPL) and Microsoft (MSFT). Yahoo Finance Senior Reporters Brooke DiPalma, Josh Schafer, and Allie Canal explain what easing EU tariffs mean for liquor stocks and how market euphoria is shaping investor sentiment. To watch more expert insights and analysis on the latest market action, check out more Morning Brief here. Brooke, let's start with you, because as we've been talking about in recent days, we don't necessarily see a one-to-one correlation between these trade headlines anymore and the broader market. But certainly, we do see individual stocks and individual sectors that are more directly impacted by all of this, that are seeing a movement, and that includes some of the industries that you cover. Yeah, absolutely. What we're seeing here is stocks roughly flat, and, uh, you're, Danny, saying in a note this morning that the financial markets anticipated the latest deal and the reaction to it is likely to be relatively muted this week. Of course, investors are thinking big picture here. They're not just now uh solely focusing on these latest trade deals, especially with the EU, but rather, they're looking out to these tech earnings, which will be, you know, worth $11 trillion of companies like Microsoft, Apple, Amazon, as well as Meta here. And really, what they're looking forward to is these companies reporting their really, their outlook for what this could look like at the rest of the year. Is Apple able to overcome these latest uh trade headlines? Will they be able to to ultimately get in on this AI revolution? And ultimately, will their earnings beat despite all this noise that they have been in focus over the past second quarterly reports? Of course, in addition to that, once again, AI will be in focus. And largely, what we've seen here is just this push away of investors solely focusing on these trade headlines, but rather focusing on exactly how companies, key key companies like Delta, like Levi's, as well as others, including Starbucks this week, have been able to overcome this environment with so much uncertainty, especially around the consumer. Hey, Brooke, so talk to me about the um liquor companies here this morning and and the action that we're seeing there. Yeah, what we're really hearing from key consumer groups around the spirits, as well as wine, is this hope that we're going to see the zero to zero tariff. Of course, Brown-Forman, Diageo, Pernod Ricard, those were companies that were uh concerned about that 100% EU tariff that was speculated to go into effect. Now they're hoping for those to sort of back down. And investors are certainly trying to understand and digest, you know, in this new environment where we're looking more at that 15% baseline, they're also at the same time hoping that that tariff comes down to zero for key distillery companies like a Brown-Forman, ultimately, that whiskey headline that went into uh that made headlines rather a few months ago where there was lots of nerve about the 100% uh tariff rather. Now we're seeing that slowly fear sort of go away. Um and, you know, when we talk about also the sort of earnings optimism that's in the background, even with the trade stuff at the forefront, I guess, Josh, that's one of the reasons that we saw John Stoltzfus already a big bull got a little more bullish. Yeah, so John Stoltzfus over at Oppenheimer, Julie, the chief strategist over there, coming back out and saying 7,100 for the year end for the S&P 500. Now, that was his previous target before the April tariff turmoil that sort of sent us way down, right? S&P 500 fell 19%. Picked a trough there, but he came out on Sunday night. Now saying 7,100, he is at the top of the chart that you're looking at on your screen there. Stoltzfus saying earnings per share of about $270 to $275 this year, a PE of nearly 26 times next 12 months earnings, which should be uh quite highly valued and something that we talk about quite a lot here. But Stoltzfus is essentially arguing that with most of the trade uncertainty now passed, you take a look at these earnings, as Brooke was sort of just hitting on, you look at the guidance that you've seen over the next six months, even into 2026. I was looking through some of the FactSet numbers over the weekend. I mean, over the last month, you've had earnings estimates for the next two quarters and the next year actually move higher. So when you think about what these tariffs are meaning for corporate profits, they're not expected to really compress corporate profits, at least at this point. Remember, we're only a third of the way through earnings season. But someone like Stoltzfus takes a look at what he's seeing in the market with the rally and seeing sort of this bubbling continued to brew higher, right? I hate to use the word bubble, but starting to brew a little bit higher. And he says, all right, I think the market can continue to trade at a high multiple and probably be supported as well by some continued earnings growth through the end of the year. I think we can use the word bubble sometimes, Josh. It's okay. I mean, Allie, um, you used the word euphoria, uh, which I think is another version, right, of of bubble and whether we're seeing bubble behavior. You looked into that in uh a story you wrote over the weekend. And, you know, there is this view of what Josh is saying and what John Stoltzfus is saying that there is earnings growth to actually back it up. But what were the folks that you were talking to saying? Yeah, so Citi has a great indicator. It's called the Levkovich Index. And this is based on hard economic data and really stats out there in the market. So margin levels, short interest, and options pricing. Now, that hit a level of 0.65 on Friday. Now, this was above the 0.49 that was seen in the week prior. And the threshold there is 0.38. That signals euphoria. And we've seen in the past that markets can really trade in this euphoric territory for a long time. The problem is, is that when you have a lot of optimism in the market, that makes the fall, the eventual fall hurt a lot more. And that is something that I spoke with uh Citi analyst, Drew Pettit about. And he told me that, you know, at this current moment, we have speculative trading, we have the rise of meme stocks. All of that is making strategists a little bit on edge about how optimistic markets currently are. At the same time, though, when we talk about this bubble activity, this behavior in from the part of investors, if you look back in history at the dot-com bubble, what we saw in 2021, we're in a different spot today. And a large part of that is because of the earnings growth that you mentioned. That's not to say that there aren't some cracks underneath the surface, particularly when we look at some of those consumer names that are more exposed to lower income consumers. We have seen some softness in demand there. But overall, we are seeing solid beats. According to FactSet, we're continuing to rise when it comes to long-term earnings growth, not just for 2025, but also 2026 and beyond. So that is all leading to a lot of the optimism that you're seeing in markets right now and also a lot of the analyst price targets uh that we continue to chase higher and higher as we continue to see these record highs.
