News

Hackers Use Cracked Software on GitHub to Spread RisePro Info Stealer

Cybersecurity researchers have uncovered a concerning trend where hackers are utilizing cracked software distributed on GitHub to disseminate a potent information stealer called RisePro. The campaign, known as gitgub, was flagged by G DATA and involved 17 repositories linked to 11 different accounts. These repositories have since been removed by GitHub. The repositories in question …

Hackers Use Cracked Software on GitHub to Spread RisePro Info Stealer Read More »

Hackers Exploit Aiohttp Bug to Target Vulnerable Networks

A ransomware group known as ‘ShadowSyndicate’ has been observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. Aiohttp is an open-source library built on Python’s asynchronous I/O framework, Asyncio, and is widely used for handling concurrent HTTP requests. CVE-2024-23334, a high-severity flaw affecting aiohttp versions prior to 3.9.2, …

Hackers Exploit Aiohttp Bug to Target Vulnerable Networks Read More »

macOS Users Targeted by Hackers Using Malicious Ads to Spread Stealer Malware

Hackers are actively targeting macOS users through malicious advertisements and fake websites, aiming to deliver two different stealer malware, including Atomic Stealer. These ongoing attacks, designed to compromise Macs, are focused on stealing sensitive data. The attackers use various methods to trick macOS users into downloading malware. One such method involves targeting users searching for …

macOS Users Targeted by Hackers Using Malicious Ads to Spread Stealer Malware Read More »

Hackers Exploit ‘WINELOADER’ Malware to Target Political Parties

Recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures have been linked to a hacking group with ties to Russia’s Foreign Intelligence Service (SVR). The attackers used a backdoor called WINELOADER, which was also involved in breaching SolarWinds and Microsoft. The researcher identified Midnight Blizzard (also known as APT29, BlueBravo, or Cozy Bear) as …

Hackers Exploit ‘WINELOADER’ Malware to Target Political Parties Read More »

New ‘Loop DoS’ Attack Affects Numerous Systems

A new form of denial-of-service (DoS) attack, known as a Loop DoS attack, has emerged, posing a significant risk to hundreds of thousands of systems. Researchers have identified this attack vector, which targets application-layer protocols using User Datagram Protocol (UDP). The attack works by pairing servers of these protocols in a way that causes them …

New ‘Loop DoS’ Attack Affects Numerous Systems Read More »

Fresh Wave of StrelaStealer Phishing Attacks Hits 100+ Organizations

A new wave of phishing attacks has been detected, targeting more than 100 organizations in the European Union and the United States. The attacks aim to deliver an information stealer known as StrelaStealer, which is constantly evolving to evade detection. The researchers reported that these campaigns use spam emails with attachments to launch the StrelaStealer’s …

Fresh Wave of StrelaStealer Phishing Attacks Hits 100+ Organizations Read More »

eSIM Attacks: SIM Swappers Hijack Phone Numbers with New Tactics

Cybercriminals known as SIM swappers are employing a new tactic to steal phone numbers by transferring them to a new eSIM card, a digital SIM stored in the chip of modern smartphones. This shift allows attackers to remotely reprogram and provision eSIMs, presenting new challenges for users and security experts alike. eSIMs serve the same …

eSIM Attacks: SIM Swappers Hijack Phone Numbers with New Tactics Read More »

Ande Loader Malware Targets Manufacturing Sector

The threat actor known as Blind Eagle, also identified as APT-C-36, has been observed using a loader malware named Ande Loader to distribute remote access trojans (RATs) like Remcos RAT and NjRAT. These attacks, delivered via phishing emails, specifically targeted Spanish-speaking users in the manufacturing industry based in North America. Blind Eagle, a financially motivated …

Ande Loader Malware Targets Manufacturing Sector Read More »

GhostSec and Stormous Launch Joint Ransomware Attacks in 15+ Countries

GhostSec and Stormous, two notorious cybercrime groups, have teamed up to launch a series of ransomware attacks across more than 15 countries. The attacks, which involve a Golang variant of the GhostLocker ransomware family, are targeting various business sectors worldwide. According to the report, the joint attacks by GhostSec and Stormous are part of a …

GhostSec and Stormous Launch Joint Ransomware Attacks in 15+ Countries Read More »

New Snake Info Stealer Spreading via Facebook Messages

Facebook messages have become a vector for distributing a Python-based information stealer known as Snake, designed to capture sensitive data and credentials. According to the researcher’s report, the stolen credentials are transmitted to various platforms such as Discord, GitHub, and Telegram. The campaign, first noticed on the social media platform X in August 2023, involves …

New Snake Info Stealer Spreading via Facebook Messages Read More »

Beware of Fake Video Conferencing Sites Distributing Malware

Since December 2023, cyber threat actors have been exploiting fake websites that advertise popular video conferencing software like Google Meet, Skype, and Zoom to distribute various types of malware. These malicious sites, designed to look like the legitimate platforms, are primarily targeting Android and Windows users. The researchers have identified that these sites are hosting …

Beware of Fake Video Conferencing Sites Distributing Malware Read More »

New Banking Trojan CHAVECLOAK Targets Users through Phishing Emails

A new banking trojan called CHAVECLOAK is actively targeting users in Brazil through phishing emails containing PDF attachments. The researcher revealed that this sophisticated attack involves the PDF file downloading a ZIP file, which then uses DLL side-loading techniques to execute the final malware. The attack begins with the use of contract-themed DocuSign lures to …

New Banking Trojan CHAVECLOAK Targets Users through Phishing Emails Read More »

Magnet Goblin Exploits One-Day Vulnerabilities to Target Public-Facing Services

A financially motivated threat actor known as Magnet Goblin is rapidly incorporating one-day security vulnerabilities into its tactics to breach edge devices and public-facing services, deploying malware on compromised hosts. According to the report, Magnet Goblin stands out for its ability to quickly exploit newly disclosed vulnerabilities, often within 1 day after a proof-of-concept is …

Magnet Goblin Exploits One-Day Vulnerabilities to Target Public-Facing Services Read More »

WogRAT Malware Exploits Online Notepad Service for Covert Operations

A new malware strain, named ‘WogRAT,’ has emerged, targeting both Windows and Linux systems by leveraging an online notepad platform called ‘aNotepad’ as a covert channel for storing and retrieving malicious code. According to researchers, who named the malware ‘WingOfGod,’ it has been active since late 2022, with a focus on countries like Japan, Singapore, …

WogRAT Malware Exploits Online Notepad Service for Covert Operations Read More »

New Malware Campaign Exploits Popup Builder Plugin Vulnerability in WordPress

A recent malware campaign has been identified, taking advantage of a critical security flaw in the Popup Builder plugin for WordPress. According to the report, this campaign has affected over 3,900 websites in the past three weeks. Security researcher noted that these attacks are linked to domains registered less than a month ago, with registrations …

New Malware Campaign Exploits Popup Builder Plugin Vulnerability in WordPress Read More »

New Linux Variant of BIFROSE RAT Mimics VMware Domain to Evade Detection

Cybersecurity researchers have uncovered a new Linux variant of the BIFROSE remote access trojan (RAT) that disguises itself using a deceptive domain name resembling VMware. The researchers noted that this latest version of BIFROSE is designed to bypass security measures and compromise targeted systems. BIFROSE, a threat that has been active since 2004, has been …

New Linux Variant of BIFROSE RAT Mimics VMware Domain to Evade Detection Read More »

Phobos Ransomware Targets U.S. Critical Infrastructure

U.S. cybersecurity and intelligence agencies have issued a warning regarding the aggressive targeting of government and critical infrastructure entities by the Phobos ransomware. The ransomware-as-a-service (RaaS) model used by Phobos actors has successfully targeted municipal and county governments, emergency services, education, public healthcare, and critical infrastructure, resulting in several million dollars in ransom payments. Since …

Phobos Ransomware Targets U.S. Critical Infrastructure Read More »

TimbreStealer Malware Targets IT Users via Tax-themed Phishing Scam

A new Windows malware named TimbreStealer has been discovered spreading through tax-themed phishing lures targeting IT users in Mexico since November 2023. The researcher, which identified the malware, noted that the threat actors behind it are skilled, having previously used similar tactics to distribute the Mispadu banking trojan in September 2023. The phishing campaign utilizes …

TimbreStealer Malware Targets IT Users via Tax-themed Phishing Scam Read More »

LockBit Ransomware Developers Crafting Next-Gen Encryptor Before Takedown

LockBit ransomware operators were in the midst of developing a new iteration of their file encrypting malware, tentatively named LockBit-NG-Dev, possibly set to become LockBit 4.0, when law enforcement dismantled their infrastructure recently. Following a collaborative effort with the UK’s National Crime Agency, cybersecurity firm analyzed a sample of the latest LockBit development, revealing plans …

LockBit Ransomware Developers Crafting Next-Gen Encryptor Before Takedown Read More »

LabHost Cybercrime Service Facilitates Phishing Attacks on Banks

The Phishing as a Service (PhaaS) platform known as ‘LabHost’ has emerged as a significant threat to North American banks, particularly those in Canada, contributing to a notable increase in phishing activities. PhaaS platforms like LabHost offer cybercriminals turnkey phishing kits, infrastructure for hosting phishing pages, email content generation, and campaign overview services in exchange …

LabHost Cybercrime Service Facilitates Phishing Attacks on Banks Read More »

FBI, CISA, and HHS Alert Hospitals of BlackCat Ransomware Threat

Today, the FBI, CISA, and the Department of Health and Human Services (HHS) issued a joint warning to healthcare organizations in the United States about the targeted ALPHV/BlackCat ransomware attacks. These attacks have been specifically directed at the healthcare sector, according to the advisory. This alert comes after a previous FBI flash alert in April …

FBI, CISA, and HHS Alert Hospitals of BlackCat Ransomware Threat Read More »

Python Script ‘SNS Sender’ Bulk Smishing Attacks

A new Python script, dubbed SNS Sender, is being used by threat actors to conduct bulk smishing attacks, exploiting the Amazon Web Services (AWS) Simple Notification Service (SNS). The script enables attackers to send SMS phishing messages, primarily impersonating messages from the United States Postal Service (USPS) regarding missed package deliveries. These messages contain malicious …

Python Script ‘SNS Sender’ Bulk Smishing Attacks Read More »

Black Basta and Bl00dy Ransomware Groups Exploit Vulnerability in Widespread Attacks

The Black Basta and Bl00dy ransomware gangs have joined a series of attacks targeting unpatched ScreenConnect servers vulnerable to a critical authentication bypass vulnerability (CVE-2024-1709). This flaw allows attackers to create admin accounts on exposed servers, delete other users, and take control of vulnerable instances. CVE-2024-1709 has been actively exploited since the day after security …

Black Basta and Bl00dy Ransomware Groups Exploit Vulnerability in Widespread Attacks Read More »

Bumblebee Malware Resurfaces in New Phishing Campaign

The Bumblebee malware, known for its role as a loader and initial access broker, has reappeared in a new phishing campaign targeting U.S. businesses. The campaign, observed in February 2024, utilizes voicemail-themed lures containing links to OneDrive URLs. According to enterprise security firm, the URLs lead to Word files that spoof the consumer electronics company …

Bumblebee Malware Resurfaces in New Phishing Campaign Read More »

Anatsa Android Trojan Bypass Google Play Security

Anatsa, a notorious Android banking trojan also known as TeaBot and Toddler, has expanded its reach to include Slovakia, Slovenia, and Czechia in a recent campaign observed in November 2023. This campaign involved five droppers with over 100,000 total installations. Despite Google Play’s enhanced detection and protection mechanisms, some droppers in the campaign successfully exploited …

Anatsa Android Trojan Bypass Google Play Security Read More »

PikaBot Malware Returns with Simplified Code and New Tactics

The PikaBot malware has resurfaced with significant changes, described as a “devolution” by researchers due to the reduction in complexity of its code and changes in network communications. First documented in May 2023, PikaBot is a malware loader and backdoor that allows attackers to execute commands and inject payloads from a command-and-control (C2) server, giving …

PikaBot Malware Returns with Simplified Code and New Tactics Read More »

Ransomware Attack Paralyzes 21 Hospitals, Critical Systems Offline

A devastating ransomware assault has crippled 21 hospitals across Romania, plunging vital healthcare services into chaos as their healthcare management system succumbed to a malicious cyberattack. The targeted system, known as the Hospital Information System (HIS), serves as the backbone for managing medical operations and patient data within these healthcare facilities. However, over the weekend, …

Ransomware Attack Paralyzes 21 Hospitals, Critical Systems Offline Read More »

CISA Alert: Akira Ransomware Targets Cisco ASA/FTD Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the Akira ransomware exploiting a vulnerability in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability, known as CVE-2020-3259, allows attackers to retrieve memory contents, and although it was patched in May 2020, reports indicate it’s being actively exploited. …

CISA Alert: Akira Ransomware Targets Cisco ASA/FTD Vulnerability Read More »

FTC Issues Warning: Americans Lose Record $10 Billion to Fraud in 2023

The U.S. Federal Trade Commission (FTC) has sounded the alarm, revealing that Americans collectively lost a staggering $10 billion to fraudsters in 2023, marking a concerning 14% surge in reported losses compared to the previous year. This stark reality is underscored by the researcher, which report a record year for ransomware gangs, with payments reaching …

FTC Issues Warning: Americans Lose Record $10 Billion to Fraud in 2023 Read More »

Deceptive Facebook Job Ads Distributing Malware to Steal Credentials

A concerning trend has emerged in the cyber threat landscape, with threat actors exploiting fake job postings on Facebook as a guise to propagate a new Windows-based stealer malware known as Ov3r_Stealer. Trustwave SpiderLabs has sounded the alarm, revealing that this malicious software is engineered to pilfer sensitive information, including credentials and cryptocurrency wallets, funneling …

Deceptive Facebook Job Ads Distributing Malware to Steal Credentials Read More »

FBI Busts Warzone RAT Operation, Arrests Malware Vendor

In a significant blow to cybercrime, the FBI has dismantled the Warzone RAT malware operation, culminating in the seizure of critical infrastructure and the apprehension of two individuals linked to the illicit enterprise. Daniel Meli, a 27-year-old resident of Malta, was apprehended last week for his involvement in proliferating Warzone RAT, also known as ‘AveMaria,’ …

FBI Busts Warzone RAT Operation, Arrests Malware Vendor Read More »

ResumeLooters Breach Millions of Resumes and Personal Data from Job Boards

A newly identified threat actor, ResumeLooters, has been orchestrating a series of targeted attacks against employment agencies and retail companies across the Asia-Pacific (APAC) region since early 2023, with the primary objective of pilfering sensitive data. According to the findings, ResumeLooters have focused their efforts on job search platforms, compromising a staggering 65 websites between …

ResumeLooters Breach Millions of Resumes and Personal Data from Job Boards Read More »

Raspberry Robin Malware Evolves with Discord Distribution and New Exploits

The notorious Raspberry Robin malware has undergone significant enhancements, introducing novel propagation methods and exploiting new vulnerabilities to escalate privileges. Recent reports indicate that its operators have integrated two new one-day exploits, indicating a swift adaptation to contemporary security measures. In the latest findings, the researcher underscored the utilization of undisclosed exploits by Raspberry Robin, …

Raspberry Robin Malware Evolves with Discord Distribution and New Exploits Read More »

New “RustDoor” Backdoor Threatens Apple macOS Devices

A recent discovery has unveiled a new threat to Apple macOS users in the form of a stealthy backdoor known as RustDoor. This malicious software, which has been active since November 2023, poses as an update for Microsoft Visual Studio, targeting both Intel and Arm architectures. RustDoor operates by infiltrating systems through initially unknown pathways, …

New “RustDoor” Backdoor Threatens Apple macOS Devices Read More »

MoqHao Android Malware Adapts with Auto-Execution Feature

In the ever-evolving landscape of mobile threats, a new variant of Android malware dubbed MoqHao has emerged, showcasing advanced capabilities that bypass traditional user interaction requirements. Security researchers have detected this updated version, which autonomously activates upon installation on infected devices, eliminating the need for user interaction. The researcher sheds light on this alarming development, …

MoqHao Android Malware Adapts with Auto-Execution Feature Read More »

Analysis Reveals Intricate Tactics of SystemBC Malware’s Command-and-Control Server

Cybersecurity researchers have uncovered crucial insights into the operations of the SystemBC malware’s command-and-control (C2) servers, shedding light on the modus operandi of this well-known malware family. In an analysis released last week, Kroll, a risk and financial advisory solutions provider, detailed the functionality of SystemBC, emphasizing its prevalence in cyber threats throughout Q2 and …

Analysis Reveals Intricate Tactics of SystemBC Malware’s Command-and-Control Server Read More »

CISA Issues Warning on Actively Exploited Vulnerability in Apple iOS and macOS

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised an alert regarding a high-severity vulnerability affecting iOS, iPadOS, macOS, tvOS, and watchOS. This flaw, identified as CVE-2022-48618 with a CVSS score of 7.8, specifically targets the kernel component and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active …

CISA Issues Warning on Actively Exploited Vulnerability in Apple iOS and macOS Read More »

Exploitation of Windows SmartScreen Flaw by New Mispadu Banking Trojan

In the latest cybersecurity development, threat actors associated with the Mispadu banking Trojan have capitalized on a recently patched Windows SmartScreen security bypass flaw to compromise users in Mexico. This new variant of Mispadu, initially identified in 2019. The attacks involve the use of phishing emails to distribute the Delphi-based Mispadu, an information stealer designed …

Exploitation of Windows SmartScreen Flaw by New Mispadu Banking Trojan Read More »

USB Malware Threat: Hackers Exploit News and Media Hosting Sites

A financially motivated threat actor, UNC4990, has been utilizing USB devices for initial infections and leveraging reputable online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded malware payloads. This novel approach involves embedding malicious content in seemingly benign places such as forum user profiles on tech news sites or video descriptions on media …

USB Malware Threat: Hackers Exploit News and Media Hosting Sites Read More »

Kasseika Ransomware Utilizes BYOVD to Neutralize Security Defenses Pre-Encryption

The ransomware group Kasseika has adopted the Bring Your Own Vulnerable Driver (BYOVD) attack strategy to disarm security-related processes on compromised Windows systems, aligning itself with similar tactics employed by groups like Akira, AvosLocker, BlackByte, and RobbinHood. This tactic enables threat actors to terminate antivirus processes and services, creating an environment conducive to deploying ransomware, …

Kasseika Ransomware Utilizes BYOVD to Neutralize Security Defenses Pre-Encryption Read More »

MavenGate: New Threat Allows Hijacking of Java and Android

A recent analysis has uncovered a potential security threat known as MavenGate, which exploits abandoned but still utilized libraries in Java and Android applications. The attack method allows hackers to compromise the software supply chain by exploiting vulnerabilities in default build configurations. According to the report, access to projects can be hijacked through domain name …

MavenGate: New Threat Allows Hijacking of Java and Android Read More »

Python Repository Infiltrated: Malicious Packages Install on Windows

In a recent discovery, cybersecurity researchers have unearthed malevolent packages within the Python Package Index (PyPI), an open-source repository, distributing an information-stealing malware named WhiteSnake Stealer on Windows operating systems. The identified malware-infested packages, including nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111, were uploaded by a threat actor known as “WS.” The …

Python Repository Infiltrated: Malicious Packages Install on Windows Read More »

CherryLoader Malware Disguised as CherryTree Unleashes Escalation Exploits

In a recent discovery, threat hunters have identified a new Go-based malware loader named CherryLoader, designed to deploy additional payloads for subsequent exploitation on compromised hosts. During two recent intrusions, CherryLoader cleverly camouflages itself by adopting the icon and name of the legitimate CherryTree note-taking application, aiming to deceive potential victims into unwittingly installing the …

CherryLoader Malware Disguised as CherryTree Unleashes Escalation Exploits Read More »

Malicious Google Ads Target Users with Fake Messaging Apps

A persistent malvertising campaign dubbed FakeAPP has resurfaced, targeting Chinese-speaking users through deceptive Google ads promoting restricted messaging apps like Telegram. The researcher revealed in a recent report that threat actors are exploiting Google advertiser accounts to create and disseminate malicious ads, directing unsuspecting users to download Remote Administration Trojans (RATs). These malicious programs grant …

Malicious Google Ads Target Users with Fake Messaging Apps Read More »

Mustang Panda Hackers Suspected in Targeting Ministries with Backdoor Attacks

A threat actor known as Mustang Panda is believed to have carried out dual campaigns aimed at infiltrating Myanmar’s Ministry of Defence and Foreign Affairs, utilizing backdoors and remote access trojans. The activities occurred in November 2023 and January 2024, with artifacts related to the attacks. The researcher highlighted key tactics, techniques, and procedures (TTPs) …

Mustang Panda Hackers Suspected in Targeting Ministries with Backdoor Attacks Read More »

Financial Institutions Targeted by AllaKore RAT Malware in Phishing Campaign

Mexican financial institutions are facing a new wave of cyber threats as an unknown Latin America-based financially motivated threat actor launches a spear-phishing campaign utilizing a modified version of the AllaKore RAT (Remote Access Trojan). The researcher have been tracking this campaign since at least 2021, identifying specific tactics aimed at large companies with gross …

Financial Institutions Targeted by AllaKore RAT Malware in Phishing Campaign Read More »

Warning: macOS Backdoor Discovered in Pirated Versions of Popular Software

Security experts have issued a cautionary alert regarding pirated applications specifically targeting Apple macOS users, containing a concealed backdoor that can grant remote control to malicious actors. Researchers revealed that these nefarious applications are hosted on Chinese pirating websites, strategically targeting potential victims. Upon activation, the malware initiates the download and execution of multiple payloads …

Warning: macOS Backdoor Discovered in Pirated Versions of Popular Software Read More »

TA866 Resurfaces with New Large-Scale Invoice Phishing Campaign

After a hiatus of nine months, the threat actor known as TA866 has returned, launching an extensive phishing campaign aimed at delivering well-known malware strains such as WasabiSeed and Screenshotter. The campaign, which was observed in early January and thwarted on January 11, 2024, involved the dissemination of thousands of invoice-themed emails across North America, …

TA866 Resurfaces with New Large-Scale Invoice Phishing Campaign Read More »

FBI Warning: Androxgh0st Malware Botnet Targets Cloud Credential Theft

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint warning about the Androxgh0st malware botnet, which is actively engaged in cloud credential theft. Threat actors leveraging this malware are not only pilfering credentials for cloud services like Amazon Web Services (AWS) and Microsoft Office 365 but are also utilizing the …

FBI Warning: Androxgh0st Malware Botnet Targets Cloud Credential Theft Read More »

Tietoevry Ransomware Attack Causes Disruptions Across Firms

Finnish IT services and enterprise cloud hosting provider Tietoevry is grappling with the aftermath of a ransomware attack, causing widespread outages for multiple customers and cities in Sweden. The attack, reportedly orchestrated by the Akira ransomware gang, targeted one of Tietoevry’s data centers in Sweden, impacting the company’s managed cloud hosting services. Tietoevry, a major …

Tietoevry Ransomware Attack Causes Disruptions Across Firms Read More »

New Malware Targets Vulnerable Application for Fake Website Traffic

A new and sophisticated malware campaign is targeting vulnerable Docker services, employing a multi-pronged strategy to monetize compromised hosts. In this unique attack, threat actors deploy both the XMRig cryptocurrency miner and the 9Hits Viewer software, marking the first documented case of the 9Hits application being utilized as a payload. The 9Hits service positions itself …

New Malware Targets Vulnerable Application for Fake Website Traffic Read More »

Nation-State Attack on Microsoft’s Corporate Systems

Microsoft disclosed on Friday that it had fallen prey to a nation-state attack on its corporate systems, resulting in the theft of emails and attachments belonging to senior executives and individuals within the company’s cybersecurity and legal departments. The attack has been attributed to a Russian advanced persistent threat (APT) group known as Midnight Blizzard …

Nation-State Attack on Microsoft’s Corporate Systems Read More »

LockBit Claims Attack on Capital Health with Data Leak Ultimatum

The LockBit ransomware operation has asserted its involvement in a cyberattack on the Capital Health hospital network, placing the New Jersey-based healthcare service provider at risk of a data leak. Capital Health, which manages two major hospitals and multiple satellite clinics in New Jersey and parts of Pennsylvania, experienced an IT systems outage following the …

LockBit Claims Attack on Capital Health with Data Leak Ultimatum Read More »

Cybercriminals Exploit Fake 401(k) Statements in Theft Campaign

A rising cybersecurity threat involves threat actors leveraging deceptive communication centered around personal pension accounts, specifically targeting 401(k) plans in the United States. The researcher has issued a warning about the increasing frequency of attacks, noting that even organizations with robust email security practices are finding it challenging to defend against these sophisticated schemes. 401(k) …

Cybercriminals Exploit Fake 401(k) Statements in Theft Campaign Read More »

Bigpanzi Botnet Infects 170,000 Android TV Boxes with Malware

A previously unknown cybercriminal group, dubbed ‘Bigpanzi,’ has been conducting a highly profitable operation by infecting Android TV and eCos set-top boxes on a global scale since at least 2015. According to a report, this cyber threat syndicate manages an expansive botnet with around 170,000 active bots daily. Notably, the researchers have identified 1.3 million …

Bigpanzi Botnet Infects 170,000 Android TV Boxes with Malware Read More »

Cybercriminals Exploit Windows Flaw to Unleash Phemedrone Stealer

In a concerning development, cyber threat actors are capitalizing on a recently-patched security flaw in Microsoft Windows to deploy the Phemedrone Stealer, an open-source information-stealing tool. The researchers discovered that Phemedrone specifically targets web browsers and extracts data from cryptocurrency wallets and messaging platforms like Telegram, Steam, and Discord. The malware goes beyond data theft …

Cybercriminals Exploit Windows Flaw to Unleash Phemedrone Stealer Read More »

Balada Injector Exploits Popup Plugin Vulnerability over 7,100 WordPress Sites

In a sweeping cyber onslaught, over 7,100 WordPress sites have fallen victim to the Balada Injector malware, exploiting a critical vulnerability in the widely used Popup Builder plugin. The campaign, initially documented in January 2023, employs periodic attack waves targeting WordPress plugins’ security flaws. This results in the injection of a backdoor designed to redirect …

Balada Injector Exploits Popup Plugin Vulnerability over 7,100 WordPress Sites Read More »

Environmental Services Industry Faces 61,839% Surge in DDoS Attacks in 2023

The environmental services sector experienced an extraordinary rise in distributed denial-of-service (DDoS) attacks during 2023, witnessing a staggering 61,839% increase in attack traffic compared to the previous year. According to Cloudflare’s DDoS threat report for the fourth quarter of 2023, these attacks, predominantly HTTP-based, accounted for half of all HTTP traffic in the industry. Security …

Environmental Services Industry Faces 61,839% Surge in DDoS Attacks in 2023 Read More »

Anonymous Hackers Unleash Silver RAT a C#-Based Trojan

In a recent cyber threat development, the nefarious group known as Anonymous Arabic has unleashed a sophisticated remote access trojan (RAT) named Silver RAT. This C#-based malware is designed to circumvent security measures, allowing threat actors to discreetly launch concealed applications. A detailed report by cybersecurity firm, sheds light on the active and sophisticated presence …

Anonymous Hackers Unleash Silver RAT a C#-Based Trojan Read More »

GitHub Exploited by Threat Actors for Malicious Deployment

The widespread use of GitHub in information technology (IT) environments has become an enticing avenue for threat actors to deploy and facilitate malicious activities, functioning as repositories for malicious payloads, dead drop resolvers, command-and-control centers, and data exfiltration points. In a report shared, highlights the emergence of what it terms “living-off-trusted-sites” (LOTS) – a strategic …

GitHub Exploited by Threat Actors for Malicious Deployment Read More »

Severe Bluetooth Vulnerability Puts Android, Linux, macOS, and iOS Devices at Risk

A critical security flaw in Bluetooth has emerged, posing a significant threat to Android, Linux, macOS, and iOS devices, potentially allowing malicious actors to seize control. Tracked as CVE-2023-45866, this vulnerability revolves around an authentication bypass, enabling attackers to connect to susceptible devices and inject keystrokes to achieve code execution on the victim’s device. Security …

Severe Bluetooth Vulnerability Puts Android, Linux, macOS, and iOS Devices at Risk Read More »

Alert: Meet JinxLoader, a Growing Malware Threat

Security experts have uncovered a new threat in the cyber landscape—JinxLoader. This Go-based malware loader, named after the popular League of Legends character Jinx, has gained notoriety for its role in delivering subsequent payloads, including Formbook and its successor, XLoader. The researcher shed light on the intricate attack vectors employed by threat actors to propagate …

Alert: Meet JinxLoader, a Growing Malware Threat Read More »

CISA Warning on Vulnerability Linked to Triangulation Spyware Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has heightened its vigilance against cyber threats by incorporating six additional vulnerabilities into its Known Exploited Vulnerabilities (KEV) catalog. This comprehensive catalog serves as a crucial resource for organizations globally, aiding in the identification and prioritization of vulnerabilities in their systems. In response to the escalating threat …

CISA Warning on Vulnerability Linked to Triangulation Spyware Attacks Read More »

Water Curupira Hackers Actively Disseminating PikaBot Malware

A notable cybersecurity threat has emerged with the identification of a threat actor named Water Curupira engaging in the active distribution of the PikaBot loader malware through targeted spam campaigns in 2023. Detailed in a report, PikaBot’s modus operandi involves phishing campaigns, leveraging a two-component structure comprising a loader and a core module. This enables …

Water Curupira Hackers Actively Disseminating PikaBot Malware Read More »

Arrest of Hacker for $7.5 Million Charity Fraud

Recent developments have brought to light the arrest of Olusegun Samson Adejorin, a Nigerian national apprehended in Ghana on charges linked to intricate business email compromise (BEC) schemes. Adejorin faces an eight-count federal indictment in the United States, primarily for wire fraud, aggravated identity theft, and unauthorized access to protected computer systems, leading to a …

Arrest of Hacker for $7.5 Million Charity Fraud Read More »

Sale of Zeppelin Ransomware Source Code at a Bargain

Recent activity in the cybercrime sphere highlights an alarming development as a threat actor, under the pseudonym ‘RET,’ boasted the sale of Zeppelin ransomware’s source code and a cracked builder version on a hacking forum for a mere $500. While the authenticity of the offer remains unverified, observations from threat intelligence company KELA suggest credibility …

Sale of Zeppelin Ransomware Source Code at a Bargain Read More »

Terrapin Attack: Vulnerability in SSH Servers and Potential Ramifications

A recent report from the threat monitoring platform has raised alarm bells by revealing a significant vulnerability affecting nearly 11 million SSH servers worldwide. The vulnerability, known as CVE-2023-48795 or the Terrapin attack, poses a serious threat as it facilitates a man-in-the-middle (MiTM) attack, compromising the integrity of SSH secure channels. The report highlights that …

Terrapin Attack: Vulnerability in SSH Servers and Potential Ramifications Read More »

New DLL Search Order Hijacking Variant Exploits in Windows 10 and 11

Recent findings by security researchers have unearthed an innovative variant of DLL search order hijacking, posing a serious threat to systems running Windows 10 and Windows 11. This technique utilizes files within the esteemed WinSxS folder, circumventing security measures and potentially allowing malicious code execution on compromised systems. The method that capitalizes on executables commonly …

New DLL Search Order Hijacking Variant Exploits in Windows 10 and 11 Read More »

Cloud Atlas Strikes Spear-Phishing Strikes

A cyber threat Cloud Atlas has been implicated in a series of targeted spear-phishing attacks directed at enterprises within Russia, specifically aimed at a prominent agro-industrial enterprise and a state-owned research institution. F.A.C.C.T., an independent cybersecurity entity established post Group-IB’s withdrawal from Russia, revealed these attacks, shedding light on Cloud Atlas, an enigmatic cyber espionage …

Cloud Atlas Strikes Spear-Phishing Strikes Read More »

Rugmi Malware Loader’s Rapid Surge in Infiltration and Distribution Tactics

A novel malware loader, recognized as Win/TrojanDownloader.Rugmi by ESET, has become a tool of choice for cyber threat actors aiming to disseminate various information stealers like Lumma Stealer, Vidar, RecordBreaker, and Rescoms. ESET’s findings reveal Rugmi as a multi-component loader, employing diverse methods to download encrypted payloads, run them from internal or external sources, and …

Rugmi Malware Loader’s Rapid Surge in Infiltration and Distribution Tactics Read More »

Microsoft’s Warning ‘FalseFont’ Backdoor Threat Revealed

In a concerning development, Microsoft has issued a warning targeted at organizations within the Defense Industrial Base (DIB) sector. A new campaign orchestrated by an Iranian threat actor has unveiled a never-before-seen backdoor dubbed ‘FalseFont,’ posing a significant risk to targeted entities. The activity, monitored under Microsoft’s weather-themed designation Peach Sandstorm (formerly known as Holmium, …

Microsoft’s Warning ‘FalseFont’ Backdoor Threat Revealed Read More »

Carbanak Malware Grows: Now Includes Ransomware in Recent Attacks

Recent analyses have unveiled a concerning evolution of the notorious Carbanak banking malware. This malware, known for its historical infiltration into financial systems, has resurfaced with a new strategy: incorporating ransomware tactics into its arsenal. The shift is evident in recent ransomware attacks, occurring in November 2023. Carbanak’s resurgence utilizes updated techniques, now disseminating through …

Carbanak Malware Grows: Now Includes Ransomware in Recent Attacks Read More »

327,000 Devices Affected by the Xamalicious Android Backdoor

A recent discovery has revealed a menacing Android backdoor dubbed “Xamalicious.” This sophisticated malware, constructed using the Xamarin open-source mobile app framework, leverages device accessibility permissions to execute a range of nefarious actions. Xamalicious doesn’t stop at merely gathering device metadata; it communicates with a command-and-control server to fetch a secondary payload, strategically assessing compatibility …

327,000 Devices Affected by the Xamalicious Android Backdoor Read More »

Malicious Ads Spread Malware and Chrome Extension Threat

A concerning malvertising campaign has surfaced, masquerading PikaBot as sought-after software like AnyDesk, marking a significant shift in its distribution tactics. PikaBot previously associated with malspam campaigns akin to QakBot, has now become a preferred payload for the infamous threat actor TA577. PikaBot, an evolving malware family introduced in early 2023, showcases a loader and …

Malicious Ads Spread Malware and Chrome Extension Threat Read More »

Malware Spreading Through Oracle WebLogic Server Flaw Used by 8220 Gang

The notorious 8220 Gang continues to exploit a critical vulnerability within Oracle WebLogic Server, leveraging it as a gateway to spread their sophisticated malware. This persistent threat actor group has been observed utilizing the security loophole identified as CVE-2020-14883 (with a CVSS score of 7.2), a high-severity flaw capable of enabling remote code execution and …

Malware Spreading Through Oracle WebLogic Server Flaw Used by 8220 Gang Read More »

New Cross-Platform JaskaGO Malware Poses Threat

A recent and concerning development in the cybersecurity landscape has emerged in the form of JaskaGO, an insidious malware utilizing the capabilities of the Go programming language to infiltrate and compromise both Windows and macOS operating systems. This new breed of malware represents a sophisticated and versatile threat, capable of stealthily infiltrating systems and conducting …

New Cross-Platform JaskaGO Malware Poses Threat Read More »

Discovery of 116 Malicious Packages on PyPI Repository

Recent cybersecurity findings have unearthed a cluster of 116 corrupted software packages residing within the Python Package Index (PyPI) repository. This group of malicious software is engineered to infiltrate both Windows and Linux operating systems, intending to implant a personalized backdoor. The researchers detailed that these nefarious packages, downloaded over 10,000 times since May 2023, …

Discovery of 116 Malicious Packages on PyPI Repository Read More »

MrAnon Stealer Malware Targets Users via Booking Scam

A newly identified phishing campaign has surfaced, deploying the MrAnon Stealer malware via innocent-looking booking-themed PDFs, notably targeting German users in a calculated cyber assault. The capabilities of this Python-based information stealer, compressed with cx-Freeze to slip past detection measures. MrAnon Stealer’s arsenal includes pilfering victim credentials, system data, browser sessions, and cryptocurrency extensions. The …

MrAnon Stealer Malware Targets Users via Booking Scam Read More »

Google Forms Become New Tool for BazaCall Phishing Scams

The notorious BazaCall phishing attacks, known for their deceitful tactics, have taken on a new guise, leveraging Google Forms to add a layer of credibility to their schemes. Cybersecurity experts unveiled this latest move by the threat actors behind BazaCall, highlighting their attempt to enhance the legitimacy of their initial malicious emails. These attacks, which …

Google Forms Become New Tool for BazaCall Phishing Scams Read More »

Covert Cyber Assault: Agent Racoon Backdoor Targeting Global Organizations

A surreptitious cyber onslaught has recently emerged, shaking organizations across the Middle East, Africa, and the United States. Operating under the cloak of anonymity, an elusive threat actor has orchestrated a strategic campaign employing a newly discovered backdoor named “Agent Racoon,” unleashing a wave of concern and scrutiny within cybersecurity circles. According to researcher, this …

Covert Cyber Assault: Agent Racoon Backdoor Targeting Global Organizations Read More »

Microsoft Alert CACTUS Ransomware Rides Malvertising Wave

In a stark warning, Microsoft has raised alarm bells about a fresh surge of CACTUS ransomware assaults, masterminded through malvertising ploys, with DanaBot serving as the initial gateway for these attacks. The Microsoft Threat Intelligence team has uncovered that DanaBot infections pave the way for intrusive activities by ransomware operator Storm-0216, also known as Twisted …

Microsoft Alert CACTUS Ransomware Rides Malvertising Wave Read More »

Healthcare Breach Reveals Data of 2.5 Million People

In a distressing revelation, Norton Healthcare disclosed that a ransomware attack in May exposed sensitive information belonging to a staggering 2.5 million individuals. The healthcare group’s admission, shared in a data breach notification with Maine’s attorney general, illuminates the far-reaching impact of the cyber intrusion. Although the threat actors accessed certain network storage devices, Norton …

Healthcare Breach Reveals Data of 2.5 Million People Read More »

Adobe ColdFusion Exploit Breaches U.S. Government Agencies

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently raised an alarm regarding a critical vulnerability within Adobe ColdFusion, known as CVE-2023-26360, being actively exploited by hackers to infiltrate government servers. This security loophole enabled threat actors to execute arbitrary code on servers running older versions of Adobe ColdFusion—specifically, ColdFusion 2018 Update 15 and earlier, …

Adobe ColdFusion Exploit Breaches U.S. Government Agencies Read More »

Linux Malware Alert: Krasue RAT Embedded in Rootkits

Security researchers recently unearthed a disturbing cybersecurity threat named Krasue, a remote access trojan (RAT) silently infiltrating Linux systems within telecommunications companies, maintaining undetected activity since 2021. Distinctive to Krasue is its binary structure housing seven variants of a rootkit adept at supporting various Linux kernel versions. Crafted from code borrowed from three open-source projects, …

Linux Malware Alert: Krasue RAT Embedded in Rootkits Read More »

Threat of AutoSpill Attack on Password Managers Vulnerable

Security researchers recently unveiled a concerning security loophole at the Black Hat Europe security conference. Dubbed the “AutoSpill” attack, this exploit targets Android’s password managers, allowing for the theft of account credentials during autofill processes. The vulnerability, presented by the researchers, sheds light on the inherent weaknesses within Android’s WebView controls, extensively used by apps …

Threat of AutoSpill Attack on Password Managers Vulnerable Read More »

FjordPhantom Android Malware Uses Virtualization for Hidden Attacks

FjordPhantom, a newly discovered Android malware, has set a disturbing precedent by employing virtualization techniques to execute malicious operations within a secluded container, effectively evading detection. This malware spreads through email, SMS, and messaging platforms, specifically targeting banking apps across Indonesia, Thailand, Vietnam, Singapore, and Malaysia. The deceptive tactic involves presenting seemingly authentic banking applications …

FjordPhantom Android Malware Uses Virtualization for Hidden Attacks Read More »

Zyxel Raises Alarm on Critical Security Flaws in NAS Devices

Zyxel has disclosed several security vulnerabilities, among them three critical ones that could potentially enable an unauthorized attacker to execute commands within the operating system of vulnerable NAS devices without authentication. NAS systems by Zyxel serve as centralized data storage solutions within networks, catering to various users such as small to medium-sized businesses seeking efficient …

Zyxel Raises Alarm on Critical Security Flaws in NAS Devices Read More »

CISA Alerts on Breach Using ColdFusion Flaw to Access Federal Servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning concerning the exploitation of a critical Adobe ColdFusion vulnerability by unidentified cyber threat actors. These actors utilized the vulnerability, identified as CVE-2023-26360, to breach the security of a federal agency’s servers, gaining initial access between June and July 2023. The flaw, categorized as …

CISA Alerts on Breach Using ColdFusion Flaw to Access Federal Servers Read More »

Cactus Ransomware Exploits Qlik Sense Vulnerabilities for Intrusion

Cactus ransomware has honed in on critical weaknesses within Qlik Sense, a data analytics solution, exploiting these vulnerabilities to breach corporate networks effectively. Qlik Sense, renowned for its capacity to interactively visualize data and generate custom reports from various data sources, has faced security challenges that Cactus ransomware has aggressively targeted. In a recent development, …

Cactus Ransomware Exploits Qlik Sense Vulnerabilities for Intrusion Read More »

Bluetooth Vulnerabilities Exposed: Risk to Billions of Devices

Recent research has revealed six novel attacks, collectively termed ‘BLUFFS,’ capable of compromising the confidentiality of Bluetooth sessions. These exploits, discovered by Daniele Antonioli, target two previously unidentified vulnerabilities within the Bluetooth standard, fundamentally affecting the derivation of session keys for data decryption. Unlike specific hardware or software weaknesses, these architectural flaws pose a significant …

Bluetooth Vulnerabilities Exposed: Risk to Billions of Devices Read More »

Black Basta Ransomware Accumulates Over $100 Million in Extortion Earnings

In a recent collaborative investigation, it was uncovered that the Russia-linked ransomware syndicate, Black Basta, has amassed more than $100 million through extorting over 90 victims since its emergence in April 2022. The cybercrime outfit, employing a double extortion tactic, targets global entities, extracting sensitive data before deploying ransomware to encrypt their networks. The comprehensive …

Black Basta Ransomware Accumulates Over $100 Million in Extortion Earnings Read More »

DJVU Ransomware’s Stealthy Evolution Masquerading as Cracked Software

A new iteration of the notorious DJVU ransomware, named Xaro, has emerged, showcasing a deceptive distribution tactic through cracked software. This variant, identified by American cybersecurity firm Cybereason, appends the .xaro extension to encrypted files while demanding ransom for a decryption key. According to the security researcher, this strain of DJVU, camouflaged within cracked software, …

DJVU Ransomware’s Stealthy Evolution Masquerading as Cracked Software Read More »

LummaC2 Malware Innovates with Data Exfiltration

In the latest evolution of the LummaC2 malware, a notable enhancement emerges: a sophisticated anti-sandbox technique rooted in trigonometry principles. This advancement aims to dodge detection measures and efficiently extract valuable data from infected systems, evolving the threat landscape for cybersecurity. LummaC2, also known as Lumma Stealer, has introduced a novel evasion tactic. Aecurity researcher …

LummaC2 Malware Innovates with Data Exfiltration Read More »

LockBit Ransomware Leverages Citrix Bleed Vulnerability for Intrusion

Amidst a flurry of threat actors exploiting the critical Citrix NetScaler ADC and Gateway flaw, LockBit ransomware affiliates have aggressively capitalized on the recently exposed Citrix Bleed vulnerability. This loophole allows bypassing password requirements and multifactor authentication (MFA), enabling the hijacking of authentic user sessions, as highlighted by a collaborative warning from major cybersecurity entities. …

LockBit Ransomware Leverages Citrix Bleed Vulnerability for Intrusion Read More »

Expansion of ClearFake Scheme Targeting Mac Systems

The infamous macOS data pilferer, Atomic Stealer, is adopting a new avenue for infiltration known as ClearFake, a scheme that masquerades as web browser updates. This strategic move signifies a shift from traditional Windows-based campaigns to a broader scope, encompassing both geolocation and operating system targets, as highlighted by Malwarebytes’ Jérôme Segura in a recent …

Expansion of ClearFake Scheme Targeting Mac Systems Read More »

Android Users Targeted by Deceptive Apps Mimicking Banks and Government

A sophisticated malware campaign has set its sights on Android users, using cunning social engineering tactics to trick individuals into installing counterfeit applications designed to steal sensitive information. According to insights from Microsoft threat intelligence researchers Abhishek Pustakala, Harshita Tripathi, and Shivang Desai, the attackers are leveraging platforms like WhatsApp and Telegram to distribute messages …

Android Users Targeted by Deceptive Apps Mimicking Banks and Government Read More »

WailingCrab Malware Spreads through Shipping-Themed Emails

A complex malware named WailingCrab is making waves, arriving disguised within emails themed around shipping and delivery. Discovered initially by Proofpoint in August 2023, this malware, also known as WikiLoader, has been orchestrating attacks targeting various Italian organizations. Its ultimate aim is to unleash the Ursnif trojan, proving to be a creation of the threat …

WailingCrab Malware Spreads through Shipping-Themed Emails Read More »

Microsoft Reports CyberLink Breach in Global Supply Chain Attack by Lazarus Hackers

Microsoft recently disclosed a significant supply chain breach involving Taiwanese multimedia software firm CyberLink, orchestrated by the North Korean cyberespionage group, Diamond Sleet (aka ZINC, Labyrinth Chollima, and Lazarus). The attack, utilizing a trojanized CyberLink installer, was identified as early as October 20, 2023, and has affected over 100 devices worldwide, including those in Japan, …

Microsoft Reports CyberLink Breach in Global Supply Chain Attack by Lazarus Hackers Read More »