News

Phorpiex Botnet Launches Massive LockBit Black Ransomware Email Campaign

Since April, the Phorpiex botnet has been responsible for sending millions of phishing emails in a widespread LockBit Black ransomware campaign. These emails contain ZIP attachments with an executable file that, once opened, deploys the LockBit Black ransomware, encrypting the recipient’s system. The LockBit Black encryptor used in this campaign is likely derived from the …

Phorpiex Botnet Launches Massive LockBit Black Ransomware Email Campaign Read More »

Cuttlefish Malware Targets Routers to Steal Credentials

A newly identified malware named ‘Cuttlefish’ has been detected infecting both enterprise-grade and small office/home office (SOHO) routers to monitor traffic and steal authentication information. Cuttlefish creates a proxy or VPN tunnel on compromised routers, allowing data exfiltration without triggering security alerts. This malware can also perform DNS and HTTP hijacking within private IP spaces, …

Cuttlefish Malware Targets Routers to Steal Credentials Read More »

Fake Android Apps Impersonate Popular Brands to Steal Credentials

Cybersecurity researchers have identified malicious Android apps posing as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) to steal user credentials. These apps use familiar icons to deceive users into installing them on their devices, according to the recent report. The distribution method for these malicious apps is not yet known. Once installed, the apps …

Fake Android Apps Impersonate Popular Brands to Steal Credentials Read More »

Microsoft Quick Assist Exploited in Ransomware Attacks by Storm-1811

The Microsoft Threat Intelligence team has identified a cybercriminal group known as Storm-1811 exploiting Microsoft’s Quick Assist feature in social engineering attacks to deploy ransomware. In a report published on May 15, 2024, Microsoft detailed how this financially motivated group uses Quick Assist to target users, ultimately delivering Black Basta ransomware. Storm-1811 initiates their attack …

Microsoft Quick Assist Exploited in Ransomware Attacks by Storm-1811 Read More »

TunnelVision Attack Exposes VPN Traffic to Hijacking via DHCP Manipulation

Researchers have uncovered a VPN bypass technique called TunnelVision that enables attackers to intercept and manipulate network traffic by simply being on the same local network as the victim. This technique, identified as CVE-2024-3661 with a CVSS score of 7.6, affects all operating systems that support DHCP option 121 routes. TunnelVision works by exploiting a …

TunnelVision Attack Exposes VPN Traffic to Hijacking via DHCP Manipulation Read More »

FIN7 Uses Malicious Google Ads to Spread NetSupport RAT

The notorious hacker group FIN7 has been exploiting Google ads to distribute MSIX installers, ultimately deploying NetSupport RAT. According to a recent report, these malicious ads mimic reputable brands like AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Street Journal, Workable, and Google Meet. FIN7, also known as Carbon Spider and Sangria Tempest, has been active …

FIN7 Uses Malicious Google Ads to Spread NetSupport RAT Read More »

Android Malware Wpeeper Exploits Compromised WordPress Sites to Hide C2 Servers

Security researchers have uncovered a new Android malware variant, dubbed Wpeeper, which employs compromised WordPress sites as intermediaries for its actual command-and-control (C2) servers to evade detection. Wpeeper, an ELF binary, uses the HTTPS protocol to secure its C2 communications. According to the report, Wpeeper functions as a backdoor Trojan for Android devices, capable of …

Android Malware Wpeeper Exploits Compromised WordPress Sites to Hide C2 Servers Read More »

Hackers Increasingly Exploiting Microsoft Graph API for Covert Malware Communications

Cybercriminals are increasingly turning to Microsoft Graph API as a tool for conducting malicious activities while evading detection. According to the report, threat actors are leveraging Microsoft Graph API to establish communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services. Since January 2022, several nation-state-aligned hacking groups, including APT28, REF2924, Red Stinger, Flea, APT29, …

Hackers Increasingly Exploiting Microsoft Graph API for Covert Malware Communications Read More »

ZLoader Malware Adopts Anti-Analysis Technique from Zeus Banking Trojan

The ZLoader malware, known for its origins in the Zeus banking trojan, has resurfaced with a new feature indicating active development. The researcher revealed that the latest version, 2.4.1.0, introduces an anti-analysis feature reminiscent of the Zeus 2.X source code, designed to prevent execution on machines different from the original infection. After a hiatus of …

ZLoader Malware Adopts Anti-Analysis Technique from Zeus Banking Trojan Read More »

China-Linked ‘Muddling Meerkat’ Uses DNS Hijacking for Global Internet Mapping

A newly discovered cyber threat known as Muddling Meerkat has emerged, exhibiting complex domain name system (DNS) activities since October 2019. The threat, likely affiliated with China, manipulates DNS to evade security measures and conduct network reconnaissance globally. The reports identified the threat actor’s ability to control the Great Firewall (GFW), which regulates internet traffic …

China-Linked ‘Muddling Meerkat’ Uses DNS Hijacking for Global Internet Mapping Read More »

Google Thwarts 2.28 Million Malicious Apps from Entering Play Store in 2023

Google has disclosed that it prevented nearly 200,000 app submissions to its Play Store for Android due to issues related to access to sensitive data, such as location or SMS messages, in the past year. Additionally, the tech giant blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or …

Google Thwarts 2.28 Million Malicious Apps from Entering Play Store in 2023 Read More »

Android Malware ‘Brokewell’ Spreads via Fake Browser Updates

A newly discovered Android malware, dubbed Brokewell, is circulating through fake browser updates, posing a significant threat to users’ financial and personal information. According to the report, Brokewell is a sophisticated banking malware with data-stealing and remote-control capabilities. It is continuously evolving, incorporating new commands to capture touch events, screen text, and launched applications. The …

Android Malware ‘Brokewell’ Spreads via Fake Browser Updates Read More »

Fake Game Cheat Tricks Gamers into Spreading Infostealer Malware

A newly discovered info-stealing malware associated with Redline has been found masquerading as a game cheat named ‘Cheat Lab.’ It offers users a free copy if they can persuade their friends to install it as well. Redline is a potent information-stealing malware known for extracting sensitive data like passwords, cookies, autofill information, and cryptocurrency wallet …

Fake Game Cheat Tricks Gamers into Spreading Infostealer Malware Read More »

WP Automatic WordPress Plugin Under Siege from Millions of SQL Injection Attacks

The WP Automatic plugin for WordPress is facing a barrage of attacks from hackers exploiting a critical vulnerability. This flaw allows attackers to create user accounts with administrative privileges and implant backdoors for persistent access. WP Automatic, utilized by over 30,000 websites, enables administrators to automate the import of content like text, images, and videos …

WP Automatic WordPress Plugin Under Siege from Millions of SQL Injection Attacks Read More »

Malicious npm Packages Target Software Developers in Job Interview Scam

A sophisticated social engineering campaign, known as DEV#POPPER, is actively targeting software developers by offering fake job interviews and tricking them into downloading malicious npm packages containing Python backdoors. Security researchers have attributed this campaign to North Korean threat actors, who use the guise of job interviews to deceive developers. During these fraudulent interviews, developers …

Malicious npm Packages Target Software Developers in Job Interview Scam Read More »

New Information Stealer Exploits Lua Bytecode for Enhanced Stealth

The researcher has uncovered a new information stealer that employs Lua bytecode to enhance its stealth and sophistication, as revealed in their recent findings. This malware variant, identified by the cybersecurity firm as a version of the known RedLine Stealer, stands out for its use of Lua bytecode, which provides advantages in obfuscating malicious strings …

New Information Stealer Exploits Lua Bytecode for Enhanced Stealth Read More »

New Android Trojan ‘SoumniBot’ Uses Clever Tactics to Evade Detection

A new Android trojan, SoumniBot, has been discovered targeting users in South Korea by exploiting vulnerabilities in the manifest extraction and parsing procedure. This malware is notable for its unconventional approach to evading analysis and detection, particularly through obfuscation of the Android manifest. The Android manifest XML file (“AndroidManifest.xml”) is crucial for every Android app, …

New Android Trojan ‘SoumniBot’ Uses Clever Tactics to Evade Detection Read More »

BlackTech Expands Cyber Attack Wave Targeting Tech, Research, and Gov Sectors

The Asia-Pacific region has become a focal point for cyber attacks from the threat actor BlackTech, which has targeted technology, research, and government sectors in recent intrusions. This wave of attacks introduces an updated version of the modular backdoor known as Waterbear, along with its advanced successor, Deuterbear. In a recent analysis, Waterbear is known …

BlackTech Expands Cyber Attack Wave Targeting Tech, Research, and Gov Sectors Read More »

Credit Card Skimmer Hidden in Fake Facebook Tracker

A new credit card skimmer has been discovered by cybersecurity researchers, concealed within a counterfeit Meta Pixel tracker script. The skimmer is designed to evade detection and injects malware into websites through tools that allow for custom code, such as certain WordPress plugins and sections of the Magento admin panel. According to the report, the …

Credit Card Skimmer Hidden in Fake Facebook Tracker Read More »

Cybercriminals Target Windows Systems with Advanced Phishing Scheme

A recent phishing campaign has aimed its sights on Latin America, specifically targeting Windows systems with malicious payloads. The phishing email includes a ZIP file attachment that, when extracted, reveals an HTML file. This file leads to a malicious file download disguised as an invoice. The email originates from an address format using the domain …

Cybercriminals Target Windows Systems with Advanced Phishing Scheme Read More »

“CR4T” Backdoor Targets Governments with Evasive Tactics

A previously undocumented campaign has been discovered targeting government entities in the Middle East with a new backdoor known as CR4T. The campaign may have been active for at least a year prior. Codenamed DuneQuixote, the campaign employs sophisticated evasion methods to avoid detection and analysis. The attack begins with a dropper, available in two …

“CR4T” Backdoor Targets Governments with Evasive Tactics Read More »

Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

A popular Rust crate, liblzma-sys, has been found to contain test files associated with the XZ Utils backdoor, according to new findings from Phylum. The crate, downloaded over 21,000 times, provides Rust developers with bindings to the liblzma implementation, a part of the XZ Utils data compression software. The impacted version, 0.3.2, included these malicious …

Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files Read More »

Phishing Attack Targets Firms with Rhadamanthys Stealer

A threat actor known as TA547 has launched a phishing campaign aimed at numerous German organizations, using an information stealer named Rhadamanthys. This marks the first time TA547 has been observed using Rhadamanthys, a tool utilized by multiple cybercriminal groups. The campaign also involved the suspected use of a PowerShell script generated by a large …

Phishing Attack Targets Firms with Rhadamanthys Stealer Read More »

All About: XZ Utilization Backdoor 2024

Chapter 1: XZ Backdoor: Key Trends and Outlook Red Hat Information Risk and Security and Red Hat Product Security learned that the latestversions of the “xz” tools and libraries contain malicious code that appears to be intended toallow unauthorized access. The xz compression library, a widely-used tool for compressing files,found across Linux distributions, community projects, …

All About: XZ Utilization Backdoor 2024 Read More »

LightSpy iOS Spyware Targets South Asian iPhone Users

Cybersecurity researchers have identified a new cyber espionage campaign targeting users in South Asia. This campaign aims to deliver an Apple iOS spyware implant known as LightSpy. The latest version of LightSpy, called ‘F_Warehouse,’ features a modular framework with extensive spying capabilities. Evidence suggests that this campaign may have specifically targeted users in India, based …

LightSpy iOS Spyware Targets South Asian iPhone Users Read More »

Multi-Stage Attack Unveiled: Invoice-Themed Phishing Lures Deliver Venom RAT

A complex multi-stage attack has been uncovered by cybersecurity researchers, utilizing invoice-themed phishing decoys to distribute a variety of malware, including Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer targeting crypto wallets. According to the technical report, the attack involves email messages with Scalable Vector Graphics (SVG) file attachments. Clicking on these attachments …

Multi-Stage Attack Unveiled: Invoice-Themed Phishing Lures Deliver Venom RAT Read More »

New Wave of JSOutProx Malware Targets Financial Institutions in APAC and MENA

Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) regions are facing a new threat in the form of JSOutProx malware, which has been described as an “evolving threat” by cybersecurity firm. JSOutProx is a sophisticated attack framework that combines JavaScript and .NET technologies. It uses .NET (de)serialization to interact with …

New Wave of JSOutProx Malware Targets Financial Institutions in APAC and MENA Read More »

Hackers Use Cracked Software on GitHub to Spread RisePro Info Stealer

Cybersecurity researchers have uncovered a concerning trend where hackers are utilizing cracked software distributed on GitHub to disseminate a potent information stealer called RisePro. The campaign, known as gitgub, was flagged by G DATA and involved 17 repositories linked to 11 different accounts. These repositories have since been removed by GitHub. The repositories in question …

Hackers Use Cracked Software on GitHub to Spread RisePro Info Stealer Read More »

Hackers Exploit Aiohttp Bug to Target Vulnerable Networks

A ransomware group known as ‘ShadowSyndicate’ has been observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. Aiohttp is an open-source library built on Python’s asynchronous I/O framework, Asyncio, and is widely used for handling concurrent HTTP requests. CVE-2024-23334, a high-severity flaw affecting aiohttp versions prior to 3.9.2, …

Hackers Exploit Aiohttp Bug to Target Vulnerable Networks Read More »

macOS Users Targeted by Hackers Using Malicious Ads to Spread Stealer Malware

Hackers are actively targeting macOS users through malicious advertisements and fake websites, aiming to deliver two different stealer malware, including Atomic Stealer. These ongoing attacks, designed to compromise Macs, are focused on stealing sensitive data. The attackers use various methods to trick macOS users into downloading malware. One such method involves targeting users searching for …

macOS Users Targeted by Hackers Using Malicious Ads to Spread Stealer Malware Read More »

Hackers Exploit ‘WINELOADER’ Malware to Target Political Parties

Recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures have been linked to a hacking group with ties to Russia’s Foreign Intelligence Service (SVR). The attackers used a backdoor called WINELOADER, which was also involved in breaching SolarWinds and Microsoft. The researcher identified Midnight Blizzard (also known as APT29, BlueBravo, or Cozy Bear) as …

Hackers Exploit ‘WINELOADER’ Malware to Target Political Parties Read More »

New ‘Loop DoS’ Attack Affects Numerous Systems

A new form of denial-of-service (DoS) attack, known as a Loop DoS attack, has emerged, posing a significant risk to hundreds of thousands of systems. Researchers have identified this attack vector, which targets application-layer protocols using User Datagram Protocol (UDP). The attack works by pairing servers of these protocols in a way that causes them …

New ‘Loop DoS’ Attack Affects Numerous Systems Read More »

Fresh Wave of StrelaStealer Phishing Attacks Hits 100+ Organizations

A new wave of phishing attacks has been detected, targeting more than 100 organizations in the European Union and the United States. The attacks aim to deliver an information stealer known as StrelaStealer, which is constantly evolving to evade detection. The researchers reported that these campaigns use spam emails with attachments to launch the StrelaStealer’s …

Fresh Wave of StrelaStealer Phishing Attacks Hits 100+ Organizations Read More »

eSIM Attacks: SIM Swappers Hijack Phone Numbers with New Tactics

Cybercriminals known as SIM swappers are employing a new tactic to steal phone numbers by transferring them to a new eSIM card, a digital SIM stored in the chip of modern smartphones. This shift allows attackers to remotely reprogram and provision eSIMs, presenting new challenges for users and security experts alike. eSIMs serve the same …

eSIM Attacks: SIM Swappers Hijack Phone Numbers with New Tactics Read More »

Ande Loader Malware Targets Manufacturing Sector

The threat actor known as Blind Eagle, also identified as APT-C-36, has been observed using a loader malware named Ande Loader to distribute remote access trojans (RATs) like Remcos RAT and NjRAT. These attacks, delivered via phishing emails, specifically targeted Spanish-speaking users in the manufacturing industry based in North America. Blind Eagle, a financially motivated …

Ande Loader Malware Targets Manufacturing Sector Read More »

GhostSec and Stormous Launch Joint Ransomware Attacks in 15+ Countries

GhostSec and Stormous, two notorious cybercrime groups, have teamed up to launch a series of ransomware attacks across more than 15 countries. The attacks, which involve a Golang variant of the GhostLocker ransomware family, are targeting various business sectors worldwide. According to the report, the joint attacks by GhostSec and Stormous are part of a …

GhostSec and Stormous Launch Joint Ransomware Attacks in 15+ Countries Read More »

New Snake Info Stealer Spreading via Facebook Messages

Facebook messages have become a vector for distributing a Python-based information stealer known as Snake, designed to capture sensitive data and credentials. According to the researcher’s report, the stolen credentials are transmitted to various platforms such as Discord, GitHub, and Telegram. The campaign, first noticed on the social media platform X in August 2023, involves …

New Snake Info Stealer Spreading via Facebook Messages Read More »

Beware of Fake Video Conferencing Sites Distributing Malware

Since December 2023, cyber threat actors have been exploiting fake websites that advertise popular video conferencing software like Google Meet, Skype, and Zoom to distribute various types of malware. These malicious sites, designed to look like the legitimate platforms, are primarily targeting Android and Windows users. The researchers have identified that these sites are hosting …

Beware of Fake Video Conferencing Sites Distributing Malware Read More »

New Banking Trojan CHAVECLOAK Targets Users through Phishing Emails

A new banking trojan called CHAVECLOAK is actively targeting users in Brazil through phishing emails containing PDF attachments. The researcher revealed that this sophisticated attack involves the PDF file downloading a ZIP file, which then uses DLL side-loading techniques to execute the final malware. The attack begins with the use of contract-themed DocuSign lures to …

New Banking Trojan CHAVECLOAK Targets Users through Phishing Emails Read More »

Magnet Goblin Exploits One-Day Vulnerabilities to Target Public-Facing Services

A financially motivated threat actor known as Magnet Goblin is rapidly incorporating one-day security vulnerabilities into its tactics to breach edge devices and public-facing services, deploying malware on compromised hosts. According to the report, Magnet Goblin stands out for its ability to quickly exploit newly disclosed vulnerabilities, often within 1 day after a proof-of-concept is …

Magnet Goblin Exploits One-Day Vulnerabilities to Target Public-Facing Services Read More »

WogRAT Malware Exploits Online Notepad Service for Covert Operations

A new malware strain, named ‘WogRAT,’ has emerged, targeting both Windows and Linux systems by leveraging an online notepad platform called ‘aNotepad’ as a covert channel for storing and retrieving malicious code. According to researchers, who named the malware ‘WingOfGod,’ it has been active since late 2022, with a focus on countries like Japan, Singapore, …

WogRAT Malware Exploits Online Notepad Service for Covert Operations Read More »

New Malware Campaign Exploits Popup Builder Plugin Vulnerability in WordPress

A recent malware campaign has been identified, taking advantage of a critical security flaw in the Popup Builder plugin for WordPress. According to the report, this campaign has affected over 3,900 websites in the past three weeks. Security researcher noted that these attacks are linked to domains registered less than a month ago, with registrations …

New Malware Campaign Exploits Popup Builder Plugin Vulnerability in WordPress Read More »

New Linux Variant of BIFROSE RAT Mimics VMware Domain to Evade Detection

Cybersecurity researchers have uncovered a new Linux variant of the BIFROSE remote access trojan (RAT) that disguises itself using a deceptive domain name resembling VMware. The researchers noted that this latest version of BIFROSE is designed to bypass security measures and compromise targeted systems. BIFROSE, a threat that has been active since 2004, has been …

New Linux Variant of BIFROSE RAT Mimics VMware Domain to Evade Detection Read More »

Phobos Ransomware Targets U.S. Critical Infrastructure

U.S. cybersecurity and intelligence agencies have issued a warning regarding the aggressive targeting of government and critical infrastructure entities by the Phobos ransomware. The ransomware-as-a-service (RaaS) model used by Phobos actors has successfully targeted municipal and county governments, emergency services, education, public healthcare, and critical infrastructure, resulting in several million dollars in ransom payments. Since …

Phobos Ransomware Targets U.S. Critical Infrastructure Read More »

TimbreStealer Malware Targets IT Users via Tax-themed Phishing Scam

A new Windows malware named TimbreStealer has been discovered spreading through tax-themed phishing lures targeting IT users in Mexico since November 2023. The researcher, which identified the malware, noted that the threat actors behind it are skilled, having previously used similar tactics to distribute the Mispadu banking trojan in September 2023. The phishing campaign utilizes …

TimbreStealer Malware Targets IT Users via Tax-themed Phishing Scam Read More »

LockBit Ransomware Developers Crafting Next-Gen Encryptor Before Takedown

LockBit ransomware operators were in the midst of developing a new iteration of their file encrypting malware, tentatively named LockBit-NG-Dev, possibly set to become LockBit 4.0, when law enforcement dismantled their infrastructure recently. Following a collaborative effort with the UK’s National Crime Agency, cybersecurity firm analyzed a sample of the latest LockBit development, revealing plans …

LockBit Ransomware Developers Crafting Next-Gen Encryptor Before Takedown Read More »

LabHost Cybercrime Service Facilitates Phishing Attacks on Banks

The Phishing as a Service (PhaaS) platform known as ‘LabHost’ has emerged as a significant threat to North American banks, particularly those in Canada, contributing to a notable increase in phishing activities. PhaaS platforms like LabHost offer cybercriminals turnkey phishing kits, infrastructure for hosting phishing pages, email content generation, and campaign overview services in exchange …

LabHost Cybercrime Service Facilitates Phishing Attacks on Banks Read More »

FBI, CISA, and HHS Alert Hospitals of BlackCat Ransomware Threat

Today, the FBI, CISA, and the Department of Health and Human Services (HHS) issued a joint warning to healthcare organizations in the United States about the targeted ALPHV/BlackCat ransomware attacks. These attacks have been specifically directed at the healthcare sector, according to the advisory. This alert comes after a previous FBI flash alert in April …

FBI, CISA, and HHS Alert Hospitals of BlackCat Ransomware Threat Read More »

Python Script ‘SNS Sender’ Bulk Smishing Attacks

A new Python script, dubbed SNS Sender, is being used by threat actors to conduct bulk smishing attacks, exploiting the Amazon Web Services (AWS) Simple Notification Service (SNS). The script enables attackers to send SMS phishing messages, primarily impersonating messages from the United States Postal Service (USPS) regarding missed package deliveries. These messages contain malicious …

Python Script ‘SNS Sender’ Bulk Smishing Attacks Read More »

Black Basta and Bl00dy Ransomware Groups Exploit Vulnerability in Widespread Attacks

The Black Basta and Bl00dy ransomware gangs have joined a series of attacks targeting unpatched ScreenConnect servers vulnerable to a critical authentication bypass vulnerability (CVE-2024-1709). This flaw allows attackers to create admin accounts on exposed servers, delete other users, and take control of vulnerable instances. CVE-2024-1709 has been actively exploited since the day after security …

Black Basta and Bl00dy Ransomware Groups Exploit Vulnerability in Widespread Attacks Read More »

Bumblebee Malware Resurfaces in New Phishing Campaign

The Bumblebee malware, known for its role as a loader and initial access broker, has reappeared in a new phishing campaign targeting U.S. businesses. The campaign, observed in February 2024, utilizes voicemail-themed lures containing links to OneDrive URLs. According to enterprise security firm, the URLs lead to Word files that spoof the consumer electronics company …

Bumblebee Malware Resurfaces in New Phishing Campaign Read More »

Anatsa Android Trojan Bypass Google Play Security

Anatsa, a notorious Android banking trojan also known as TeaBot and Toddler, has expanded its reach to include Slovakia, Slovenia, and Czechia in a recent campaign observed in November 2023. This campaign involved five droppers with over 100,000 total installations. Despite Google Play’s enhanced detection and protection mechanisms, some droppers in the campaign successfully exploited …

Anatsa Android Trojan Bypass Google Play Security Read More »

PikaBot Malware Returns with Simplified Code and New Tactics

The PikaBot malware has resurfaced with significant changes, described as a “devolution” by researchers due to the reduction in complexity of its code and changes in network communications. First documented in May 2023, PikaBot is a malware loader and backdoor that allows attackers to execute commands and inject payloads from a command-and-control (C2) server, giving …

PikaBot Malware Returns with Simplified Code and New Tactics Read More »

Ransomware Attack Paralyzes 21 Hospitals, Critical Systems Offline

A devastating ransomware assault has crippled 21 hospitals across Romania, plunging vital healthcare services into chaos as their healthcare management system succumbed to a malicious cyberattack. The targeted system, known as the Hospital Information System (HIS), serves as the backbone for managing medical operations and patient data within these healthcare facilities. However, over the weekend, …

Ransomware Attack Paralyzes 21 Hospitals, Critical Systems Offline Read More »

CISA Alert: Akira Ransomware Targets Cisco ASA/FTD Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the Akira ransomware exploiting a vulnerability in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability, known as CVE-2020-3259, allows attackers to retrieve memory contents, and although it was patched in May 2020, reports indicate it’s being actively exploited. …

CISA Alert: Akira Ransomware Targets Cisco ASA/FTD Vulnerability Read More »

FTC Issues Warning: Americans Lose Record $10 Billion to Fraud in 2023

The U.S. Federal Trade Commission (FTC) has sounded the alarm, revealing that Americans collectively lost a staggering $10 billion to fraudsters in 2023, marking a concerning 14% surge in reported losses compared to the previous year. This stark reality is underscored by the researcher, which report a record year for ransomware gangs, with payments reaching …

FTC Issues Warning: Americans Lose Record $10 Billion to Fraud in 2023 Read More »

Deceptive Facebook Job Ads Distributing Malware to Steal Credentials

A concerning trend has emerged in the cyber threat landscape, with threat actors exploiting fake job postings on Facebook as a guise to propagate a new Windows-based stealer malware known as Ov3r_Stealer. Trustwave SpiderLabs has sounded the alarm, revealing that this malicious software is engineered to pilfer sensitive information, including credentials and cryptocurrency wallets, funneling …

Deceptive Facebook Job Ads Distributing Malware to Steal Credentials Read More »

FBI Busts Warzone RAT Operation, Arrests Malware Vendor

In a significant blow to cybercrime, the FBI has dismantled the Warzone RAT malware operation, culminating in the seizure of critical infrastructure and the apprehension of two individuals linked to the illicit enterprise. Daniel Meli, a 27-year-old resident of Malta, was apprehended last week for his involvement in proliferating Warzone RAT, also known as ‘AveMaria,’ …

FBI Busts Warzone RAT Operation, Arrests Malware Vendor Read More »

ResumeLooters Breach Millions of Resumes and Personal Data from Job Boards

A newly identified threat actor, ResumeLooters, has been orchestrating a series of targeted attacks against employment agencies and retail companies across the Asia-Pacific (APAC) region since early 2023, with the primary objective of pilfering sensitive data. According to the findings, ResumeLooters have focused their efforts on job search platforms, compromising a staggering 65 websites between …

ResumeLooters Breach Millions of Resumes and Personal Data from Job Boards Read More »

Raspberry Robin Malware Evolves with Discord Distribution and New Exploits

The notorious Raspberry Robin malware has undergone significant enhancements, introducing novel propagation methods and exploiting new vulnerabilities to escalate privileges. Recent reports indicate that its operators have integrated two new one-day exploits, indicating a swift adaptation to contemporary security measures. In the latest findings, the researcher underscored the utilization of undisclosed exploits by Raspberry Robin, …

Raspberry Robin Malware Evolves with Discord Distribution and New Exploits Read More »

New “RustDoor” Backdoor Threatens Apple macOS Devices

A recent discovery has unveiled a new threat to Apple macOS users in the form of a stealthy backdoor known as RustDoor. This malicious software, which has been active since November 2023, poses as an update for Microsoft Visual Studio, targeting both Intel and Arm architectures. RustDoor operates by infiltrating systems through initially unknown pathways, …

New “RustDoor” Backdoor Threatens Apple macOS Devices Read More »

MoqHao Android Malware Adapts with Auto-Execution Feature

In the ever-evolving landscape of mobile threats, a new variant of Android malware dubbed MoqHao has emerged, showcasing advanced capabilities that bypass traditional user interaction requirements. Security researchers have detected this updated version, which autonomously activates upon installation on infected devices, eliminating the need for user interaction. The researcher sheds light on this alarming development, …

MoqHao Android Malware Adapts with Auto-Execution Feature Read More »

Analysis Reveals Intricate Tactics of SystemBC Malware’s Command-and-Control Server

Cybersecurity researchers have uncovered crucial insights into the operations of the SystemBC malware’s command-and-control (C2) servers, shedding light on the modus operandi of this well-known malware family. In an analysis released last week, Kroll, a risk and financial advisory solutions provider, detailed the functionality of SystemBC, emphasizing its prevalence in cyber threats throughout Q2 and …

Analysis Reveals Intricate Tactics of SystemBC Malware’s Command-and-Control Server Read More »

CISA Issues Warning on Actively Exploited Vulnerability in Apple iOS and macOS

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised an alert regarding a high-severity vulnerability affecting iOS, iPadOS, macOS, tvOS, and watchOS. This flaw, identified as CVE-2022-48618 with a CVSS score of 7.8, specifically targets the kernel component and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active …

CISA Issues Warning on Actively Exploited Vulnerability in Apple iOS and macOS Read More »

Exploitation of Windows SmartScreen Flaw by New Mispadu Banking Trojan

In the latest cybersecurity development, threat actors associated with the Mispadu banking Trojan have capitalized on a recently patched Windows SmartScreen security bypass flaw to compromise users in Mexico. This new variant of Mispadu, initially identified in 2019. The attacks involve the use of phishing emails to distribute the Delphi-based Mispadu, an information stealer designed …

Exploitation of Windows SmartScreen Flaw by New Mispadu Banking Trojan Read More »

USB Malware Threat: Hackers Exploit News and Media Hosting Sites

A financially motivated threat actor, UNC4990, has been utilizing USB devices for initial infections and leveraging reputable online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded malware payloads. This novel approach involves embedding malicious content in seemingly benign places such as forum user profiles on tech news sites or video descriptions on media …

USB Malware Threat: Hackers Exploit News and Media Hosting Sites Read More »

Kasseika Ransomware Utilizes BYOVD to Neutralize Security Defenses Pre-Encryption

The ransomware group Kasseika has adopted the Bring Your Own Vulnerable Driver (BYOVD) attack strategy to disarm security-related processes on compromised Windows systems, aligning itself with similar tactics employed by groups like Akira, AvosLocker, BlackByte, and RobbinHood. This tactic enables threat actors to terminate antivirus processes and services, creating an environment conducive to deploying ransomware, …

Kasseika Ransomware Utilizes BYOVD to Neutralize Security Defenses Pre-Encryption Read More »

MavenGate: New Threat Allows Hijacking of Java and Android

A recent analysis has uncovered a potential security threat known as MavenGate, which exploits abandoned but still utilized libraries in Java and Android applications. The attack method allows hackers to compromise the software supply chain by exploiting vulnerabilities in default build configurations. According to the report, access to projects can be hijacked through domain name …

MavenGate: New Threat Allows Hijacking of Java and Android Read More »

Python Repository Infiltrated: Malicious Packages Install on Windows

In a recent discovery, cybersecurity researchers have unearthed malevolent packages within the Python Package Index (PyPI), an open-source repository, distributing an information-stealing malware named WhiteSnake Stealer on Windows operating systems. The identified malware-infested packages, including nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111, were uploaded by a threat actor known as “WS.” The …

Python Repository Infiltrated: Malicious Packages Install on Windows Read More »

CherryLoader Malware Disguised as CherryTree Unleashes Escalation Exploits

In a recent discovery, threat hunters have identified a new Go-based malware loader named CherryLoader, designed to deploy additional payloads for subsequent exploitation on compromised hosts. During two recent intrusions, CherryLoader cleverly camouflages itself by adopting the icon and name of the legitimate CherryTree note-taking application, aiming to deceive potential victims into unwittingly installing the …

CherryLoader Malware Disguised as CherryTree Unleashes Escalation Exploits Read More »

Malicious Google Ads Target Users with Fake Messaging Apps

A persistent malvertising campaign dubbed FakeAPP has resurfaced, targeting Chinese-speaking users through deceptive Google ads promoting restricted messaging apps like Telegram. The researcher revealed in a recent report that threat actors are exploiting Google advertiser accounts to create and disseminate malicious ads, directing unsuspecting users to download Remote Administration Trojans (RATs). These malicious programs grant …

Malicious Google Ads Target Users with Fake Messaging Apps Read More »

Mustang Panda Hackers Suspected in Targeting Ministries with Backdoor Attacks

A threat actor known as Mustang Panda is believed to have carried out dual campaigns aimed at infiltrating Myanmar’s Ministry of Defence and Foreign Affairs, utilizing backdoors and remote access trojans. The activities occurred in November 2023 and January 2024, with artifacts related to the attacks. The researcher highlighted key tactics, techniques, and procedures (TTPs) …

Mustang Panda Hackers Suspected in Targeting Ministries with Backdoor Attacks Read More »

Financial Institutions Targeted by AllaKore RAT Malware in Phishing Campaign

Mexican financial institutions are facing a new wave of cyber threats as an unknown Latin America-based financially motivated threat actor launches a spear-phishing campaign utilizing a modified version of the AllaKore RAT (Remote Access Trojan). The researcher have been tracking this campaign since at least 2021, identifying specific tactics aimed at large companies with gross …

Financial Institutions Targeted by AllaKore RAT Malware in Phishing Campaign Read More »

Warning: macOS Backdoor Discovered in Pirated Versions of Popular Software

Security experts have issued a cautionary alert regarding pirated applications specifically targeting Apple macOS users, containing a concealed backdoor that can grant remote control to malicious actors. Researchers revealed that these nefarious applications are hosted on Chinese pirating websites, strategically targeting potential victims. Upon activation, the malware initiates the download and execution of multiple payloads …

Warning: macOS Backdoor Discovered in Pirated Versions of Popular Software Read More »

TA866 Resurfaces with New Large-Scale Invoice Phishing Campaign

After a hiatus of nine months, the threat actor known as TA866 has returned, launching an extensive phishing campaign aimed at delivering well-known malware strains such as WasabiSeed and Screenshotter. The campaign, which was observed in early January and thwarted on January 11, 2024, involved the dissemination of thousands of invoice-themed emails across North America, …

TA866 Resurfaces with New Large-Scale Invoice Phishing Campaign Read More »

FBI Warning: Androxgh0st Malware Botnet Targets Cloud Credential Theft

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint warning about the Androxgh0st malware botnet, which is actively engaged in cloud credential theft. Threat actors leveraging this malware are not only pilfering credentials for cloud services like Amazon Web Services (AWS) and Microsoft Office 365 but are also utilizing the …

FBI Warning: Androxgh0st Malware Botnet Targets Cloud Credential Theft Read More »

Tietoevry Ransomware Attack Causes Disruptions Across Firms

Finnish IT services and enterprise cloud hosting provider Tietoevry is grappling with the aftermath of a ransomware attack, causing widespread outages for multiple customers and cities in Sweden. The attack, reportedly orchestrated by the Akira ransomware gang, targeted one of Tietoevry’s data centers in Sweden, impacting the company’s managed cloud hosting services. Tietoevry, a major …

Tietoevry Ransomware Attack Causes Disruptions Across Firms Read More »

New Malware Targets Vulnerable Application for Fake Website Traffic

A new and sophisticated malware campaign is targeting vulnerable Docker services, employing a multi-pronged strategy to monetize compromised hosts. In this unique attack, threat actors deploy both the XMRig cryptocurrency miner and the 9Hits Viewer software, marking the first documented case of the 9Hits application being utilized as a payload. The 9Hits service positions itself …

New Malware Targets Vulnerable Application for Fake Website Traffic Read More »

Nation-State Attack on Microsoft’s Corporate Systems

Microsoft disclosed on Friday that it had fallen prey to a nation-state attack on its corporate systems, resulting in the theft of emails and attachments belonging to senior executives and individuals within the company’s cybersecurity and legal departments. The attack has been attributed to a Russian advanced persistent threat (APT) group known as Midnight Blizzard …

Nation-State Attack on Microsoft’s Corporate Systems Read More »

LockBit Claims Attack on Capital Health with Data Leak Ultimatum

The LockBit ransomware operation has asserted its involvement in a cyberattack on the Capital Health hospital network, placing the New Jersey-based healthcare service provider at risk of a data leak. Capital Health, which manages two major hospitals and multiple satellite clinics in New Jersey and parts of Pennsylvania, experienced an IT systems outage following the …

LockBit Claims Attack on Capital Health with Data Leak Ultimatum Read More »

Cybercriminals Exploit Fake 401(k) Statements in Theft Campaign

A rising cybersecurity threat involves threat actors leveraging deceptive communication centered around personal pension accounts, specifically targeting 401(k) plans in the United States. The researcher has issued a warning about the increasing frequency of attacks, noting that even organizations with robust email security practices are finding it challenging to defend against these sophisticated schemes. 401(k) …

Cybercriminals Exploit Fake 401(k) Statements in Theft Campaign Read More »

Bigpanzi Botnet Infects 170,000 Android TV Boxes with Malware

A previously unknown cybercriminal group, dubbed ‘Bigpanzi,’ has been conducting a highly profitable operation by infecting Android TV and eCos set-top boxes on a global scale since at least 2015. According to a report, this cyber threat syndicate manages an expansive botnet with around 170,000 active bots daily. Notably, the researchers have identified 1.3 million …

Bigpanzi Botnet Infects 170,000 Android TV Boxes with Malware Read More »

Cybercriminals Exploit Windows Flaw to Unleash Phemedrone Stealer

In a concerning development, cyber threat actors are capitalizing on a recently-patched security flaw in Microsoft Windows to deploy the Phemedrone Stealer, an open-source information-stealing tool. The researchers discovered that Phemedrone specifically targets web browsers and extracts data from cryptocurrency wallets and messaging platforms like Telegram, Steam, and Discord. The malware goes beyond data theft …

Cybercriminals Exploit Windows Flaw to Unleash Phemedrone Stealer Read More »

Balada Injector Exploits Popup Plugin Vulnerability over 7,100 WordPress Sites

In a sweeping cyber onslaught, over 7,100 WordPress sites have fallen victim to the Balada Injector malware, exploiting a critical vulnerability in the widely used Popup Builder plugin. The campaign, initially documented in January 2023, employs periodic attack waves targeting WordPress plugins’ security flaws. This results in the injection of a backdoor designed to redirect …

Balada Injector Exploits Popup Plugin Vulnerability over 7,100 WordPress Sites Read More »

Environmental Services Industry Faces 61,839% Surge in DDoS Attacks in 2023

The environmental services sector experienced an extraordinary rise in distributed denial-of-service (DDoS) attacks during 2023, witnessing a staggering 61,839% increase in attack traffic compared to the previous year. According to Cloudflare’s DDoS threat report for the fourth quarter of 2023, these attacks, predominantly HTTP-based, accounted for half of all HTTP traffic in the industry. Security …

Environmental Services Industry Faces 61,839% Surge in DDoS Attacks in 2023 Read More »

Anonymous Hackers Unleash Silver RAT a C#-Based Trojan

In a recent cyber threat development, the nefarious group known as Anonymous Arabic has unleashed a sophisticated remote access trojan (RAT) named Silver RAT. This C#-based malware is designed to circumvent security measures, allowing threat actors to discreetly launch concealed applications. A detailed report by cybersecurity firm, sheds light on the active and sophisticated presence …

Anonymous Hackers Unleash Silver RAT a C#-Based Trojan Read More »

GitHub Exploited by Threat Actors for Malicious Deployment

The widespread use of GitHub in information technology (IT) environments has become an enticing avenue for threat actors to deploy and facilitate malicious activities, functioning as repositories for malicious payloads, dead drop resolvers, command-and-control centers, and data exfiltration points. In a report shared, highlights the emergence of what it terms “living-off-trusted-sites” (LOTS) – a strategic …

GitHub Exploited by Threat Actors for Malicious Deployment Read More »

Severe Bluetooth Vulnerability Puts Android, Linux, macOS, and iOS Devices at Risk

A critical security flaw in Bluetooth has emerged, posing a significant threat to Android, Linux, macOS, and iOS devices, potentially allowing malicious actors to seize control. Tracked as CVE-2023-45866, this vulnerability revolves around an authentication bypass, enabling attackers to connect to susceptible devices and inject keystrokes to achieve code execution on the victim’s device. Security …

Severe Bluetooth Vulnerability Puts Android, Linux, macOS, and iOS Devices at Risk Read More »

Alert: Meet JinxLoader, a Growing Malware Threat

Security experts have uncovered a new threat in the cyber landscape—JinxLoader. This Go-based malware loader, named after the popular League of Legends character Jinx, has gained notoriety for its role in delivering subsequent payloads, including Formbook and its successor, XLoader. The researcher shed light on the intricate attack vectors employed by threat actors to propagate …

Alert: Meet JinxLoader, a Growing Malware Threat Read More »

CISA Warning on Vulnerability Linked to Triangulation Spyware Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has heightened its vigilance against cyber threats by incorporating six additional vulnerabilities into its Known Exploited Vulnerabilities (KEV) catalog. This comprehensive catalog serves as a crucial resource for organizations globally, aiding in the identification and prioritization of vulnerabilities in their systems. In response to the escalating threat …

CISA Warning on Vulnerability Linked to Triangulation Spyware Attacks Read More »

Water Curupira Hackers Actively Disseminating PikaBot Malware

A notable cybersecurity threat has emerged with the identification of a threat actor named Water Curupira engaging in the active distribution of the PikaBot loader malware through targeted spam campaigns in 2023. Detailed in a report, PikaBot’s modus operandi involves phishing campaigns, leveraging a two-component structure comprising a loader and a core module. This enables …

Water Curupira Hackers Actively Disseminating PikaBot Malware Read More »

Arrest of Hacker for $7.5 Million Charity Fraud

Recent developments have brought to light the arrest of Olusegun Samson Adejorin, a Nigerian national apprehended in Ghana on charges linked to intricate business email compromise (BEC) schemes. Adejorin faces an eight-count federal indictment in the United States, primarily for wire fraud, aggravated identity theft, and unauthorized access to protected computer systems, leading to a …

Arrest of Hacker for $7.5 Million Charity Fraud Read More »

Sale of Zeppelin Ransomware Source Code at a Bargain

Recent activity in the cybercrime sphere highlights an alarming development as a threat actor, under the pseudonym ‘RET,’ boasted the sale of Zeppelin ransomware’s source code and a cracked builder version on a hacking forum for a mere $500. While the authenticity of the offer remains unverified, observations from threat intelligence company KELA suggest credibility …

Sale of Zeppelin Ransomware Source Code at a Bargain Read More »

Terrapin Attack: Vulnerability in SSH Servers and Potential Ramifications

A recent report from the threat monitoring platform has raised alarm bells by revealing a significant vulnerability affecting nearly 11 million SSH servers worldwide. The vulnerability, known as CVE-2023-48795 or the Terrapin attack, poses a serious threat as it facilitates a man-in-the-middle (MiTM) attack, compromising the integrity of SSH secure channels. The report highlights that …

Terrapin Attack: Vulnerability in SSH Servers and Potential Ramifications Read More »

New DLL Search Order Hijacking Variant Exploits in Windows 10 and 11

Recent findings by security researchers have unearthed an innovative variant of DLL search order hijacking, posing a serious threat to systems running Windows 10 and Windows 11. This technique utilizes files within the esteemed WinSxS folder, circumventing security measures and potentially allowing malicious code execution on compromised systems. The method that capitalizes on executables commonly …

New DLL Search Order Hijacking Variant Exploits in Windows 10 and 11 Read More »

Cloud Atlas Strikes Spear-Phishing Strikes

A cyber threat Cloud Atlas has been implicated in a series of targeted spear-phishing attacks directed at enterprises within Russia, specifically aimed at a prominent agro-industrial enterprise and a state-owned research institution. F.A.C.C.T., an independent cybersecurity entity established post Group-IB’s withdrawal from Russia, revealed these attacks, shedding light on Cloud Atlas, an enigmatic cyber espionage …

Cloud Atlas Strikes Spear-Phishing Strikes Read More »

Rugmi Malware Loader’s Rapid Surge in Infiltration and Distribution Tactics

A novel malware loader, recognized as Win/TrojanDownloader.Rugmi by ESET, has become a tool of choice for cyber threat actors aiming to disseminate various information stealers like Lumma Stealer, Vidar, RecordBreaker, and Rescoms. ESET’s findings reveal Rugmi as a multi-component loader, employing diverse methods to download encrypted payloads, run them from internal or external sources, and …

Rugmi Malware Loader’s Rapid Surge in Infiltration and Distribution Tactics Read More »

Microsoft’s Warning ‘FalseFont’ Backdoor Threat Revealed

In a concerning development, Microsoft has issued a warning targeted at organizations within the Defense Industrial Base (DIB) sector. A new campaign orchestrated by an Iranian threat actor has unveiled a never-before-seen backdoor dubbed ‘FalseFont,’ posing a significant risk to targeted entities. The activity, monitored under Microsoft’s weather-themed designation Peach Sandstorm (formerly known as Holmium, …

Microsoft’s Warning ‘FalseFont’ Backdoor Threat Revealed Read More »