Protergo Admin

Cyber Threat Actors Exploiting Vulnerable Microsoft SQL Servers for FreeWorld Ransomware Attacks

In a concerning development, threat actors have been observed targeting inadequately secured Microsoft SQL (MS SQL) servers to execute attacks involving the deployment of Cobalt Strike and a ransomware strain known as FreeWorld. The cybersecurity firm Securonix has labeled this campaign as DB#JAMMER, noting its distinctiveness in terms of the toolset and infrastructure employed. Security …

Cyber Threat Actors Exploiting Vulnerable Microsoft SQL Servers for FreeWorld Ransomware Attacks Read More »

SapphireStealer Malware: Unveiling a Gateway to Espionage and Ransomware Operations

The cyber threat landscape has been recently shaken by the emergence of SapphireStealer, an open-source .NET-based information-stealing malware. This insidious malware is becoming a tool of choice for various malicious entities looking to bolster their capabilities and create customized versions to suit their nefarious purposes. This type of malware specializes in pilfering sensitive information, including …

SapphireStealer Malware: Unveiling a Gateway to Espionage and Ransomware Operations Read More »

Security Vulnerability in Chrome Extensions: Plain Text Passwords at Risk

A group of researchers from the University of Wisconsin-Madison has recently uncovered a potential security risk within Google Chrome extensions. They have developed a proof-of-concept extension, available on the Chrome Web Store, capable of extracting plaintext passwords from a website’s source code. Upon scrutinizing the text input fields in web browsers, the researchers identified that …

Security Vulnerability in Chrome Extensions: Plain Text Passwords at Risk Read More »

New DreamBus Malware Variant Exploits RocketMQ Vulnerability to Infect Servers

A recently emerged iteration of the DreamBus botnet malware is capitalizing on a critical remote code execution vulnerability present in RocketMQ servers, thereby compromising various devices. This exploited vulnerability, identified as CVE-2023-33246, is characterized by a permission verification lapse that affects RocketMQ version 5.1.0 and earlier. The flaw permits attackers to execute remote commands under …

New DreamBus Malware Variant Exploits RocketMQ Vulnerability to Infect Servers Read More »

Sourcegraph Website Breach Traced to Leaked Admin Access Token

Sourcegraph, an AI-powered coding platform, has recently confirmed a breach of its website resulting from the unintended exposure of a site-admin access token. This security lapse occurred on July 14th, but its exploitation by an attacker took place on August 28th, ultimately leading to unauthorized access and the creation of a new site-admin account on …

Sourcegraph Website Breach Traced to Leaked Admin Access Token Read More »

Expansion of “Classiscam” Fraud-as-a-Service: Banks and 251 Brands Targeted

The “Classiscam” fraud-as-a-service operation has significantly expanded its global reach, encompassing a broader range of brands, industries, and countries. This expansion has resulted in heightened financial losses compared to previous instances. In a manner reminiscent of ransomware-as-a-service endeavors, this operation, active on Telegram, collaborates with affiliates who utilize phishing kits to craft counterfeit advertisements and …

Expansion of “Classiscam” Fraud-as-a-Service: Banks and 251 Brands Targeted Read More »

Ransomware Attackers Reduce Dwell Time to 5 Days, RDP Still Prevalent

The period during which ransomware threat actors remain undetected within compromised networks has shortened significantly, with the median dwell time dropping from nine days in 2022 to just five days in the first half of this year. According to data from cybersecurity firm Sophos, the overall median dwell time for all cyberattacks was eight days …

Ransomware Attackers Reduce Dwell Time to 5 Days, RDP Still Prevalent Read More »

Microsoft Identifies Flax Typhoon Hackers Leveraging LOLBins for Stealthy Operations

Microsoft has uncovered a novel hacking group, dubbed Flax Typhoon, which appears to be targeting government agencies, education institutions, critical manufacturing facilities, and information technology organizations, presumably for espionage purposes. In a distinct approach, this threat actor relies minimally on malware to infiltrate and maintain control over victim networks. Instead, they harness existing components within …

Microsoft Identifies Flax Typhoon Hackers Leveraging LOLBins for Stealthy Operations Read More »

Rhysida Claims Responsibility for Ransomware Attack on Prospect Medical and Threatens Data Sale

The Rhysida ransomware group has asserted its involvement in a significant cyberattack on Prospect Medical Holdings, purporting to have acquired 500,000 social security numbers, confidential corporate materials, and patient records. The attack, believed to have transpired on August 3rd, led to the emergence of ransom notes on employee screens, disclosing that their network had been …

Rhysida Claims Responsibility for Ransomware Attack on Prospect Medical and Threatens Data Sale Read More »

Vulnerable Openfire Servers: A Threat to Over 3,000 Instances

A significant security lapse has come to light involving thousands of Openfire servers, leaving them exposed to a takeover threat via CVE-2023-32315. This actively exploited path traversal vulnerability enables unauthorized users to establish new admin accounts, posing a severe risk. Openfire, a widely utilized Java-based open-source chat (XMPP) server boasting 9 million downloads, has become …

Vulnerable Openfire Servers: A Threat to Over 3,000 Instances Read More »

Whiffy Recon Malware: Exploiting WiFi for Location Triangulation

The operators behind the Smoke Loader botnet have unleashed a new strain of malware known as Whiffy Recon, leveraging WiFi scanning and Google’s geolocation API to pinpoint the whereabouts of infected devices. Google’s geolocation API is a service that processes HTTPS requests containing WiFi access point data, returning precise latitude and longitude coordinates even for …

Whiffy Recon Malware: Exploiting WiFi for Location Triangulation Read More »

FBI Alert: Barracuda ESG Appliances Remain Vulnerable Despite Patch Efforts

The Federal Bureau of Investigation (FBI) has issued a warning regarding the ongoing vulnerability of Barracuda Email Security Gateway (ESG) appliances, even after patches were released to address a critical remote command injection flaw. The agency stated that the patches provided by Barracuda have proven to be ‘ineffective,’ as attackers continue to compromise patched appliances. …

FBI Alert: Barracuda ESG Appliances Remain Vulnerable Despite Patch Efforts Read More »

Discord.io Confirms Breach after Hacker Steals Data of 760K Users

The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members. Discord.io is not an official Discord site but a third-party service allowing server owners to create custom invites to their channels. Most of the community was built around the service’s Discord server, with over 14,000 …

Discord.io Confirms Breach after Hacker Steals Data of 760K Users Read More »

Raccoon Stealer Malware Returns with New Stealthier Version

The developers of Raccoon Stealer information-stealing malware have ended their 6-month hiatus from hacker forums to promote a new 2.3.0 version of the malware to cyber criminals. Raccoon is one of the most well-known and widely used information-stealing malware families, having been around since 2019, sold via a subscription model for $200/month to threat actors. …

Raccoon Stealer Malware Returns with New Stealthier Version Read More »

CISA Warns of Critical Citrix ShareFile Flaw Exploited in The Wild

CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild. Citrix ShareFile (also known as Citrix Content Collaboration) is a managed file transfer SaaS cloud storage solution that …

CISA Warns of Critical Citrix ShareFile Flaw Exploited in The Wild Read More »

Clop Ransomware now Uses Torrents to Leak Data and Evade Takedowns

The Clop ransomware gang has once again altered extortion tactics and is now using torrents to leak data stolen in MOVEit attacks. Starting on May 27th, the Clop ransomware gang launched a wave of data-theft attacks exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform. Exploiting this zero-day allowed the threat actors …

Clop Ransomware now Uses Torrents to Leak Data and Evade Takedowns Read More »

Knight Ransomware Distributed in Fake Tripadvisor Complaint Emails

The Knight ransomware is being distributed in an ongoing spam campaign that pretends to be TripAdvisor complaints. Knight ransomware is a recent rebrand of the Cyclop Ransomware-as-a-Service, which switched its name at the end of July 2023. The Cyclops ransomware operation launched in May 2023 when the operators began recruiting affiliates for the new ransomware-as-a-service …

Knight Ransomware Distributed in Fake Tripadvisor Complaint Emails Read More »

Rhysida Ransomware Behind Recent Attacks on Healthcare

The Rhysida ransomware operation is making a name for itself after a wave of attacks on healthcare organizations has forced government agencies and cybersecurity companies to pay closer attention to its operations. Following a security bulletin by the U.S. Department of Health and Human Services (HHS), CheckPoint, Cisco Talos, and Trend Micro have all released …

Rhysida Ransomware Behind Recent Attacks on Healthcare Read More »

Hackers use new malware to breach air-gapped devices in Eastern Europe

Chinese state-sponsored hackers have been targeting industrial organizations with new malware that can steal data from air-gapped systems. Air-gapped systems typically fulfill critical roles and are isolated from the enterprise network and the public internet either physically or through software and network devices. Researchers at cybersecurity company Kaspersky discovered the new malware and attributed it …

Hackers use new malware to breach air-gapped devices in Eastern Europe Read More »

Canon warns of Wi-Fi Security Risks when Discarding Inkjet Printers

Canon is warning users of home, office, and large format inkjet printers that their Wi-Fi connection settings stored in the devices’ memories are not wiped, as they should, during initialization, allowing others to gain access to the data. This flaw could introduce a security and privacy risk for impacted users if the printer memory is …

Canon warns of Wi-Fi Security Risks when Discarding Inkjet Printers Read More »

FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022

In collaboration with CISA, the NSA, and the FBI, Five Eyes cybersecurity authorities have issued today a list of the 12 most exploited vulnerabilities throughout 2022. Cybersecurity agencies in the United States, Australia, Canada, New Zealand, and the United Kingdom called on organizations worldwide to address these security flaws and deploy patch management systems to …

FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022 Read More »

8 Million People Hit by Data Breach at US Govt Contractor Maximus

U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks. Maximus is a contractor that manages and administers US government-sponsored programs, including federal and local healthcare programs and student loan servicing. The company employs 34,300 …

8 Million People Hit by Data Breach at US Govt Contractor Maximus Read More »

New Android Malware Uses OCR to Steal Credentials from Images

Two new Android malware families named ‘CherryBlos’ and ‘FakeTrade’ were discovered on Google Play, aiming to steal cryptocurrency credentials and funds or conduct scams. The new malware strains were discovered by Trend Micro, which observed both using the same network infrastructure and certificates, indicating the same threat actors created them. The malicious apps use various …

New Android Malware Uses OCR to Steal Credentials from Images Read More »

BreachForums Database and Private Chats for Sale in Hacker Data Breach

While consumers are usually the ones worried about their information being exposed in data breaches, it’s now the hacker’s turn, as the notorious Breached cybercrime forum’s database is up for sale and member data shared with Have I Been Pwned. Yesterday, the Have I Been Pwned data breach notification service announced that visitors can check …

BreachForums Database and Private Chats for Sale in Hacker Data Breach Read More »

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software

A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. “HotRat malware equips attackers with a wide array of capabilities, such as stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, …

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software Read More »

VirusTotal Apologizes for Data Leak Affecting 5,600 Customers

VirusTotal apologized for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file containing their info to the platform last month. The data leak impacted only Premium account customers, with the uploaded file containing their names and corporate email addresses. Emiliano Martines, the online malware scanning service’s head of product …

VirusTotal Apologizes for Data Leak Affecting 5,600 Customers Read More »

Mallox Ransomware Exploits Weak MS- SQL Servers to Breach Networks

Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. “Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization’s files, and then threatening to publish the stolen data on a …

Mallox Ransomware Exploits Weak MS- SQL Servers to Breach Networks Read More »

Microsoft: Hackers Turn Exchange Servers Into Malware Control Centers

Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry and Microsoft Exchange servers with a new ‘DeliveryCheck’ malware backdoor. Turla, aka Secret Blizzard, KRYPTON, and UAC-0003, is believed to be an advanced persistent threat actor (APT) linked to Russia’s Federal Security Service (FSB) The …

Microsoft: Hackers Turn Exchange Servers Into Malware Control Centers Read More »

OpenAI Credentials Stolen by The Thousands for Sale on The Dark Web

Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for sale on the dark web and access to a malicious alternative for ChatGPT. Both less skilled and seasoned cybercriminals can use the tools to create more convincing phishing emails that are customized for the intended …

OpenAI Credentials Stolen by The Thousands for Sale on The Dark Web Read More »

GitHub Warns of Lazarus Hackers Targeting Devs with Malicious Projects

GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware. The campaign was linked to the North Korean state-sponsored Lazarus hacking group, also known as Jade Sleet (Microsoft Threat Intelligence) and TraderTraitor (CISA). The US government released …

GitHub Warns of Lazarus Hackers Targeting Devs with Malicious Projects Read More »

Gamaredon Hackers Start Stealing Data 30 Minutes After a Breach

Gamaredon attacks commonly start with an email or message sent to targets via Telegram, WhatsApp, Signal, or other IM apps. The initial infection is achieved by tricking the victim into opening malicious attachments such as HTM, HTA, and LNK files disguised as Microsoft Word or Excel documents. Once the victim launches the malicious attachments, PowerShell …

Gamaredon Hackers Start Stealing Data 30 Minutes After a Breach Read More »

Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys

Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface. Docker Hub is a cloud-based repository for the Docker community to store, share, and distribute Docker images. These …

Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Read More »

Beware of Big Head Ransomware: Spreading Through Fake Windows

A developing piece of ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers. Big Head was first documented by Fortinet FortiGuard Labs last month, when it discovered multiple variants of the ransomware that are designed to encrypt files on …

Beware of Big Head Ransomware: Spreading Through Fake Windows Read More »

Fake Linux vulnerability exploit drops data-stealing malware

Cybersecurity researchers and threat actors are targeted by a fake proof of concept (POC) CVE-2023-35829 exploit that installs a Linux password-stealing malware. Uptycs analysts discovered the malicious PoC during their routine scans when detection systems flagged irregularities such as unexpected network connections, unauthorized system access attempts, and atypical data transfers. Three repositories were found hosting …

Fake Linux vulnerability exploit drops data-stealing malware Read More »

USB drive malware attacks spiking again in first half of 2023

What’s old is new again, with researchers seeing a threefold increase in malware distributed through USB drives in the first half of 2023 A new report by Mandiant outlines how two USB-delivered malware campaigns have been observed this year; one named ‘Sogu,’ attributed to a Chinese espionage threat group ‘TEMP.HEX,’ and another named ‘Snowydrive,’ attributed …

USB drive malware attacks spiking again in first half of 2023 Read More »

Ransomware payments on record-breaking trajectory for 2023

Data from the first half of the year indicates that ransomware activity is on track to break previous records, seeing a rise in the number of payments, both big and small. According to a report by blockchain analysis firm Chainalysis, ransomware is the only cryptocurrency crime category seeing a risethis year, with all others, including …

Ransomware payments on record-breaking trajectory for 2023 Read More »

Iranian Hackers’ Sophisticated Malware Targets Windows and macOS Users

The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware. “TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho,” Proofpoint said in a new …

Iranian Hackers’ Sophisticated Malware Targets Windows and macOS Users Read More »

BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days

Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify. Recently, Microsoft’s Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes’ terrifying velocity and damaging nature. The findings indicate that hackers can complete the entire attack process, from gaining initial access to …

BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days Read More »

New ‘Big Head’ Ransomware Displays Fake Windows Update Alert

Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers. Two samples of the malware have been analyzed before by cybersecurity company Fortinet, who looked at the infection vector and how the malware executes. Today, Trend Micro published …

New ‘Big Head’ Ransomware Displays Fake Windows Update Alert Read More »

How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance

As technology advances and organizations become more reliant on data, the risks associated with data breaches and cyber-attacks also increase. The introduction of data privacy laws, such as the GDPR, has made it mandatory for organizations to disclose breaches of personal data to those affected. As such, it has become essential for businesses to protect …

How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance Read More »

Cisco warns of bug that lets attackers break traffic encryption

Cisco warned customers today of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with encrypted traffic. Tracked as CVE-2023-20185, the flaw was found during internal security testing in the ACI Multi-Site CloudSec encryption feature of data center Cisco Nexus 9000 Series Fabric Switches. The vulnerability only impacts Cisco Nexus …

Cisco warns of bug that lets attackers break traffic encryption Read More »

Over 130,000 solar energy monitoring systems exposed online

Security researchers are warning that tens of thousands of photovoltaic (PV) monitoring and diagnostic systems are reachable over the public web, making them potential targets for hackers. These systems are used for remote performance monitoring, troubleshooting, system optimization, and other functions to allow remote management of renewable energy production units. Cyble’s threat analysts scanned the …

Over 130,000 solar energy monitoring systems exposed online Read More »

Snappy: A tool to detect rogue WiFi access points on open networks

Cybersecurity researchers have released a new tool called ‘Snappy’ that can help detect fake or rogue WiFi access points that attempts to steal data from unsuspecting people. Attackers can create fake access points in supermarkets, coffee shops, and malls that impersonate real ones already established at the location. This is done to trick users into …

Snappy: A tool to detect rogue WiFi access points on open networks Read More »

BlackCat ransomware pushes Cobalt Strike via WinSCP search ads

The BlackCat ransomware group (aka ALPHV) is running malvertizing campaigns to lure people into fake pages that mimic the official website of the WinSCP file-transfer application for Windows but instead push malware-ridden installers. WinSCP (Windows Secure Copy) is a popular free and open-source SFTP, FTP, S3, SCP client, and file manager with SSH file transfer …

BlackCat ransomware pushes Cobalt Strike via WinSCP search ads Read More »

Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts

As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), impacts all versions of the Ultimate Member plugin, including the latest version (2.6.6) that was released on June 29, 2023. Ultimate Member is a …

Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts Read More »

New EarlyRAT malware linked to North Korean Andariel hacking group

Security analysts have discovered a previously undocumented remote access trojan (RAT) named ‘EarlyRAT,’ used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group. Andariel (aka Stonefly) is believed to be part of the Lazarus hacking group known for employing the DTrack modular backdoor to collect information from compromised systems, such as browsing …

New EarlyRAT malware linked to North Korean Andariel hacking group Read More »

Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users’ Personal Data

Android-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. “As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts,” LetMeSpy said in an announcement on its …

Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users’ Personal Data Read More »

Linux version of Akira ransomware targets VMware ESXi servers

The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide. Akira first emerged in March 2023, targeting Windows systems in various industries, including education, finance, real estate, manufacturing, and consulting. Like other enterprise-targeting ransomware gangs, the threat actors steal data from breached networks and encrypt …

Linux version of Akira ransomware targets VMware ESXi servers Read More »

Trojanized Super Mario game used to install Windows malware

A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been infecting unsuspecting players with multiple malware infections. Super Mario 3: Mario Forever is a free-to-play remake of the classic Nintendo game developed by Buziol Games and released for the Windows platform in 2003. The game became very popular, downloaded …

Trojanized Super Mario game used to install Windows malware Read More »

Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam

A U.K. citizen who took part in the massive July 2020 hack of Twitter has been sentenced to five years in prison in the U.S. Joseph James O’Connor (aka PlugwalkJoe), 24, was awarded the sentence on Friday in the Southern District of New York, a little over a month after he pleaded guilty to the …

Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam Read More »

American Airlines, Southwest Airlines disclose data breaches affecting pilots

American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines’ pilot applications and recruitment portals. Both airlines were informed of the Pilot Credentials incident on May 3, which was limited solely to the …

American Airlines, Southwest Airlines disclose data breaches affecting pilots Read More »

Microsoft Teams bug allows malware delivery from external accounts

Security researchers have found a simple way to deliver malware to an organization with Microsoft Teams, despite restrictions in the application for files from external sources. With 280 million monthly active users, Microsoft Teams has been adopted by organizations as a communication and collaboration platform part of the Microsoft 365 cloud-based services. Given the product’s …

Microsoft Teams bug allows malware delivery from external accounts Read More »

NSA shares tips on blocking BlackLotus UEFI malware attacks

The U.S. National Security Agency (NSA) released today guidance on how to defend against BlackLotus UEFI bootkit malware attacks. BlackLotus has been circulating on hacking forums since October 2022, marketed as malware capable of evading detection, withstanding removal efforts, and neutralizing multiple Windows security features such as Defender, HVCI, and BitLocker. In May, Microsoft released …

NSA shares tips on blocking BlackLotus UEFI malware attacks Read More »

MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans

A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. “The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances, such as Warzone RAT and Quasar RAT,” Securonix researchers Den …

MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans Read More »

Reddit hackers threaten to leak data stolen in February breach

The BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen 80GB of data from the company. On February 9th, Reddit disclosed that its systems were hacked on February 5th after an employee fell victim to a phishing attack. This phishing attack allowed the threat actors …

Reddit hackers threaten to leak data stolen in February breach Read More »

US govt offers $10 million bounty for info on Clop ransomware

The U.S. State Department’s Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the Clop ransomware attacks to a foreign government. “Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government? Send us a tip. You could …

US govt offers $10 million bounty for info on Clop ransomware Read More »

From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet

Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. “The Diicot name is significant, as it’s also the name of the Romanian organized crime and anti-terrorism policing unit,” Cado Security said in a technical report. “In addition, artifacts from the …

From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet Read More »

Rhysida ransomware leaks documents stolen from Chilean Army

Threat actors behind a recently surfaced ransomware operation known as Rhysida have leaked online what they claim to be documents stolen from the network of the Chilean Army (Ejército de Chile). The leak comes after the Chilean Army confirmed on May 29 that its systems were impacted in a security incident detected over the weekend …

Rhysida ransomware leaks documents stolen from Chilean Army Read More »

Suspected LockBit ransomware affiliate arrested, charged in US

Russian national Ruslan Magomedovich Astamirov was arrested in Arizona and charged by the U.S. Justice Department for allegedly deploying LockBit ransomware on the networks of victims in the United States and abroad. According to the criminal complaint, the 20-year-old suspect from the Chechen Republic was allegedly involved in LockBit ransomware attacks between August 2020 and …

Suspected LockBit ransomware affiliate arrested, charged in US Read More »

Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency

Ransomware actors and cryptocurrency scammers have joined nation-state actors in abusing cloud mining services to launder digital assets, new findings reveal. “Cryptocurrency mining is a crucial part of our industry, but it also holds special appeal to bad actors, as it provides a means to acquire money with a totally clean on-chain original source,” blockchain …

Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency Read More »

Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now

Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices. The security fixes were released on Friday in FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5. While not mentioned in the release notes, security professionals and admins have hinted that the updates quietly …

Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now Read More »

Strava heatmap feature can be abused to find home addresses

Researchers at the North Carolina State University Raleigh have discovered a privacy risk in the Strava app’s heatmap feature that could lead to identifying users’ home addresses. Strava is a popular running companion and fitness-tracking application with over 100 million users worldwide, helping people track their heart rate, activity details, GPS location, and more. In …

Strava heatmap feature can be abused to find home addresses Read More »

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies

Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER. “SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory manipulation, and token impersonation capabilities,” Elastic Security Labs said in a Friday report. The …

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies Read More »

Clop ransomware likely testing MOVEit zero-day since 2021

The Clop ransomware gang has been looking for ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer (MFT) solution since 2021, according to Kroll security experts. While analyzing logs on some clients’ compromised networks during the investigation of recent Clop data theft attacks targeting vulnerable MOVEit Transfer instances, they found malicious …

Clop ransomware likely testing MOVEit zero-day since 2021 Read More »

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation

Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component. “An attacker who successfully exploited this …

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation Read More »

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve …

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities Read More »

Atomic Wallet hacks lead to over $35 million in crypto stolen

The developers of Atomic Wallet are investigating reports of large-scale theft of cryptocurrency from users’ wallets, with over $35 million in crypto reportedly stolen. Atomic Wallet is a mobile and desktop crypto wallet allowing users to store various cryptocurrencies. The wallet is offered for multiple operating systems, including Windows, Android, iOS, macOS, and Linux. On …

Atomic Wallet hacks lead to over $35 million in crypto stolen Read More »

Online sellers targeted by new information-stealing malware campaign

Online sellers are targeted in a new campaign to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks. The new campaign launched this week, with threat actors sending complaints to online store admins through email and website contact forms. These emails pretend to be from a customer of an …

Online sellers targeted by new information-stealing malware campaign Read More »

New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal

An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal. Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an “extremely high degree of similarity” between Royal and BlackSuit. “In fact, they’re nearly identical, with 98% …

New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal Read More »

New Horabot campaign takes over victim’s Gmail, Outlook accounts

A previously unknown campaign involving the Horabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool. The malware enables the operators to take control of the victim’s Gmail, Outlook, Hotmail, or Yahoo email accounts, steal email data and 2FA codes arriving …

New Horabot campaign takes over victim’s Gmail, Outlook accounts Read More »

New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware

A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. “The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data,” Kaspersky …

New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware Read More »

Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks

An analysis of the “evasive and tenacious” malware known as QBot has revealed that 25% of its command-and-control (C2) servers are merely active for a single day. What’s more, 50% of the servers don’t remain active for more than a week, indicating the use of an adaptable and dynamic C2 infrastructure, Lumen Black Lotus Labs …

Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks Read More »

Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains

A new ‘File Archivers in the Browser’ phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files. Earlier this month, Google began offering the ability to register ZIP TLD domains, such as bleepingcomputer.zip, for hosting websites or email addresses. Since the …

Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains Read More »

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. “It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility,” Trend Micro said in a …

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets Read More »

Microsoft 365 phishing attacks use encrypted RPMSG messages

Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways. RPMSG files (also known as restricted permission message files) are encrypted email message attachments created using Microsoft’s Rights Management Services (RMS) and offer an extra layer …

Microsoft 365 phishing attacks use encrypted RPMSG messages Read More »

Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry

A new botnet called Dark Frost has been observed launching distributed denial-of-service (DDoS) attacks against the gaming industry. “The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices,” Akamai security researcher Allen West said in a new technical analysis shared with The Hacker News. …

Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry Read More »

‘Operation Magalenha’ targets credentials of 30 Portuguese banks

A Brazilian hacking group has been targeting thirty Portuguese government and private financial institutions since 2021 in a malicious campaign called ‘Operation Magalenha.’ Examples of the targeted entities include ActivoBank, Caixa Geral de Depósitos, CaixaBank, Citibanamex, Santander, Millennium BCP, ING, Banco BPI, and Novobanco. This campaign was exposed by a Sentinel Labs report highlighting the …

‘Operation Magalenha’ targets credentials of 30 Portuguese banks Read More »

Android phones are vulnerable to fingerprint brute-force attacks

Researchers at Tencent Labs and Zhejiang University have presented a new attack called ‘BrutePrint,’ which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device. Brute-force attacks rely on many trial-and-error attempts to crack a code, key, or password and gain unauthorized access to accounts, systems, or networks. The Chinese …

Android phones are vulnerable to fingerprint brute-force attacks Read More »

Cloned CapCut websites push information stealing malware

A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims. CapCut is ByteDance’s official video editor and maker for TikTok, supporting music mixing, color filters, animation, slow-mo effects, picture-in-picture, stabilization, and more. It has over 500 million downloads on Google Play alone, and its …

Cloned CapCut websites push information stealing malware Read More »

Warning: Samsung Devices Under Attack! New Security Flaw Exposed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a medium-severity flaw affecting Samsung devices. The issue, tracked as CVE-2023-21492 (CVSS score: 4.4), impacts select Samsung devices running Android versions 11, 12, and 13. The South Korean electronics giant described the issue as an information disclosure flaw that could be …

Warning: Samsung Devices Under Attack! New Security Flaw Exposed Read More »

Cybercrime gang pre-infects millions of Android devices with malware

A large cybercrime enterprise tracked as the “Lemon Group” has reportedly pre-installed malware known as ‘Guerilla’ on almost 9 million Android-based smartphones, watches, TVs, and TV boxes. The threat actors use Guerilla to load additional payloads, intercept one-time passwords from SMS, set up a reverse proxy from the infected device, hijack WhatsApp sessions, and more. …

Cybercrime gang pre-infects millions of Android devices with malware Read More »

Apple fixes three new zero-days exploited to hack iPhones, Macs

Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads. “Apple is aware of a report that this issue may have been actively exploited,” the company revealed in security advisories describing the flaws. The security bugs were all found in the multi-platform WebKit browser engine and are tracked …

Apple fixes three new zero-days exploited to hack iPhones, Macs Read More »

MalasLocker ransomware targets Zimbra servers, demands charity donation

A new ransomware operation is hacking Zimbra servers to steal emails and encrypt files. However, instead of demanding a ransom payment, the threat actors claim to require a donation to charity to provide an encryptor and prevent data leaking. The ransomware operation, dubbed MalasLocker by BleepingComputer, began encrypting Zimbra servers towards the end of March …

MalasLocker ransomware targets Zimbra servers, demands charity donation Read More »

Microsoft patches bypass for recently fixed Outlook zero-click bug

Microsoft fixed a security vulnerability this week that could be used by remote attackers to bypass recent patches for a critical Outlook zero-day security flaw abused in the wild. This zero-click bypass (CVE-2023-29324) impacts all supported versions of Windows and was reported by Akamai security researcher Ben Barnea. “All Windows versions are affected by the …

Microsoft patches bypass for recently fixed Outlook zero-click bug Read More »

Brightly warns of SchoolDude data breach exposing credentials

U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform. SchoolDude is a cloud-based platform for managing work orders used by over 7,000 colleges, universities, and K-12 schools from school districts of up …

Brightly warns of SchoolDude data breach exposing credentials Read More »

Scammers Distribute Malware via Verified Account Ads on Facebook

Scamming campaigns frequently involve threat actors impersonating businesses or significant individuals. However, a recent trend of Facebook ad scams has been especially threatening, with scammers potentially infecting a large number of people with malware. Several verified Facebook pages were recently hacked and started distributing malware via ads purchased through and approved by the platform. The …

Scammers Distribute Malware via Verified Account Ads on Facebook Read More »

Western Digital says hackers stole customer data in March cyberattack

Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack. The company emailed the data breach notifications late Friday afternoon, warning that customers’ data was stored in a Western Digital database stolen during the attack. “Based on the investigation, we …

Western Digital says hackers stole customer data in March cyberattack Read More »

Cyber Attackers Continue Threatening Education and Healthcare Organizations

The recent cyber attacks on Bluefield University and University Urology highlight the increasing risk of cybercrime targeting organizations in the education and healthcare industries. As organizations become more reliant on technology for storing and processing data, they must remain vigilant and invest in comprehensive cybersecurity measures to protect themselves and the individuals they serve from …

Cyber Attackers Continue Threatening Education and Healthcare Organizations Read More »

Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN

Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019. “The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments trying to alter legitimate banking transfers performed by the victims by changing the …

Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN Read More »

New LOBSHOT malware gives hackers hidden VNC access to Windows devices

A new malware known as ‘LOBSHOT’ distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC. Earlier this year, BleepingComputer and numerous cybersecurity researchers reported a dramatic increase in threat actors utilizing Google ads to distribute malware in search results. These advertising campaigns impersonated websites for 7-ZIP, VLC, OBS, …

New LOBSHOT malware gives hackers hidden VNC access to Windows devices Read More »

T-Mobile discloses second data breach since the start of 2023

T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023. Compared to previous data breaches reported by T-Mobile, the latest of which impacted 37 million people, this incident affected only 836 customers. Still, the …

T-Mobile discloses second data breach since the start of 2023 Read More »

Wanted Dead or Alive: Real-Time Protection Against Lateral Movement

Just a few short years ago, lateral movement was a tactic confined to top APT cybercrime organizations and nation-state operators. Today, however, it has become a commoditized tool, well within the skillset of any ransomware threat actor. This makes real-time detection and prevention of lateral movement a necessity to organizations of all sizes and across …

Wanted Dead or Alive: Real-Time Protection Against Lateral Movement Read More »

Google banned 173K developer accounts to block malware, fraud rings

Google says it banned 173,000 developer accounts in 2022 to block malware operations and fraud rings from infecting Android users’ devices with malicious apps. The company revealed in its “bad apps” yearly report that it also prevented almost 1.5 million apps linked to various policy violations from reaching the Google Play Store. The Google Play …

Google banned 173K developer accounts to block malware, fraud rings Read More »

New Atomic macOS info-stealing malware targets 50 crypto wallets

A new macOS information-stealing malware named ‘Atomic’ (aka ‘AMOS’) is being sold to cybercriminals via private Telegram channels for a subscription of $1,000 per month. For this hefty price, buyers get a DMG file containing a 64-bit Go-based malware designed to target macOS systems and steal keychain passwords, files from the local filesystem, passwords, cookies, …

New Atomic macOS info-stealing malware targets 50 crypto wallets Read More »

Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks

The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That’s according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal. Alloy Taurus is …

Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks Read More »

CISA warns of Android bug exploited by Chinese app to spy on users

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of a high-severity Android vulnerability believed to have been exploited by a Chinese e-commerce app Pinduoduo as a zero-day to spy on its users. This Android Framework security flaw (tracked as CVE-2023-20963) allows attackers to escalate privileges on unpatched Android devices without requiring user interaction. …

CISA warns of Android bug exploited by Chinese app to spy on users Read More »

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of …

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability Read More »

Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen

Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company’s MyBB forum database containing user data and private messages. What’s more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace. “MyBB admin logs show the account …

Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen Read More »

Microsoft: Phishing attack targets accountants as Tax Day approaches

Microsoft is warning of a phishing campaign targeting accounting firms and tax preparers with remote access malware allowing initial access to corporate networks. With the USA reaching the end of its annual tax season, accountants are scrambling to gather clients’ tax documents to complete and file their tax returns. Due to this, it makes it …

Microsoft: Phishing attack targets accountants as Tax Day approaches Read More »