News

Rise in 2023: 700+ Dark Web Offers for IoT-Driven DDoS Attacks

In 2023, more than 700 advertisements have surfaced on the dark web, offering Distributed Denial of Service (DDoS) attacks via Internet of Things (IoT) devices. These services are available at different price points, dependent on factors such as DDoS protection and target verification. Prices range from $20 per day to $10,000 per month, with an …

Rise in 2023: 700+ Dark Web Offers for IoT-Driven DDoS Attacks Read More »

Counterfeit WinRAR Vulnerability PoC Exploit Deploys VenomRAT Malware

A hacker has been distributing a fabricated proof-of-concept (PoC) exploit for a recently patched WinRAR vulnerability on GitHub, with the aim of infecting individuals who download it with VenomRAT malware. This deceptive PoC exploit came to the attention of Palo Alto Networks’ Unit 42 research team, who identified that the attacker had uploaded this malicious …

Counterfeit WinRAR Vulnerability PoC Exploit Deploys VenomRAT Malware Read More »

Uncover ShadowSyndicate Hackers’ Ties to Multiple Ransomware Campaigns and 85 Servers

A recent investigation by security researchers has shed light on a threat actor known as ShadowSyndicate, suspected of deploying seven distinct ransomware families in a series of attacks over the past year. Collaborating closely with Bridewell and independent researcher Michael Koczwara, Group-IB analysts have traced ShadowSyndicate’s potential use of the Quantum, Nokoyawa, BlackCat/ALPHV, Clop, Royal, …

Uncover ShadowSyndicate Hackers’ Ties to Multiple Ransomware Campaigns and 85 Servers Read More »

Elusive Gelsemium Hackers Uncovered in Attack on Asian Government

A highly covert and persistent threat group, known as Gelsemium, has come to light following an extensive cyber attack targeting a Southeast Asian government, spanning a six-month period from 2022 to 2023. Gelsemium, which has been active since 2014, specializes in cyber espionage and has historically focused its efforts on government entities, educational institutions, and …

Elusive Gelsemium Hackers Uncovered in Attack on Asian Government Read More »

Air Canada Reveals Data Breach Impacting Employee and Specific Records

Air Canada, the nation’s flag carrier and the largest airline in Canada, has recently disclosed a cybersecurity incident where unauthorized individuals briefly gained limited access to its internal systems. According to the airline, this incident led to the theft of a restricted amount of personal data belonging to select employees and specific records. Importantly, customer …

Air Canada Reveals Data Breach Impacting Employee and Specific Records Read More »

Emergence of New and Advanced Deadglyph Malware in Government Cyber Attacks

In a recent cyberespionage operation targeting a government agency in the Middle East, a highly sophisticated backdoor malware named ‘Deadglyph’ has surfaced, raising concerns among cybersecurity experts. The origins of the Deadglyph malware are traced back to the Stealth Falcon Advanced Persistent Threat (APT) group, also known as Project Raven or FruityArmor. This state-sponsored hacking …

Emergence of New and Advanced Deadglyph Malware in Government Cyber Attacks Read More »

Microsoft Alerts Corporations to New Phishing Campaign via Teams Messages

Microsoft has issued a warning about a fresh phishing campaign orchestrated by an initial access broker, leveraging Teams messages as bait to infiltrate corporate networks. The tech giant’s Threat Intelligence team has identified this threat cluster as Storm-0324, which also goes by the aliases TA543 and Sagrid. Since July 2023, Storm-0324 has been observed using …

Microsoft Alerts Corporations to New Phishing Campaign via Teams Messages Read More »

Iranian Hackers Infiltrate Defense Organizations Through Password Spray Attacks

Microsoft has uncovered a series of password spray attacks carried out by an Iranian-backed threat group targeting thousands of organizations worldwide, with a particular focus on the U.S. The attacks have been ongoing since February 2023 and have had severe implications for security, especially within the defense, satellite, and pharmaceutical sectors. The malicious actors behind …

Iranian Hackers Infiltrate Defense Organizations Through Password Spray Attacks Read More »

New HTTPSnoop and PipeSnoop Malware Compromise Telecom Providers

In a concerning development, a newly discovered malware duo, HTTPSnoop and PipeSnoop, has emerged as a significant threat to telecommunication service providers operating in the Middle East. These malicious tools enable threat actors to gain remote control over infected devices, potentially leading to significant security breaches. HTTPSnoop, one of the malware components, interacts with Windows …

New HTTPSnoop and PipeSnoop Malware Compromise Telecom Providers Read More »

Mirai’ Botnet Variant ‘Pandora’ Takes Control of Android TVs for Cyberattacks

A new strain of the Mirai botnet, dubbed “Pandora,” has emerged, targeting budget-friendly Android-based TV sets and TV boxes, leveraging them in distributed denial-of-service (DDoS) attacks. These breaches typically occur during either malicious firmware updates or when users install applications to access pirated video content. According to a recent analysis by a Russian cybersecurity firm, …

Mirai’ Botnet Variant ‘Pandora’ Takes Control of Android TVs for Cyberattacks Read More »

Hackers Claim They Shutdown MGM Resorts in Just a 10-Minute Phone Call

The ALPHV ransomware group, known for its adept social engineering tactics, has taken responsibility for the cyber incident that disrupted MGM Resorts, an international hotel chain. According to vx-underground, the ALPHV/BlackCat ransomware group revealed that it employed standard social engineering techniques, such as building trust with employees to gain insider information. The group attempted to …

Hackers Claim They Shutdown MGM Resorts in Just a 10-Minute Phone Call Read More »

Microsoft Discovers Vulnerabilities in ncurses Library Impacting Linux and macOS Systems

A series of memory corruption vulnerabilities have come to light in the ncurses (short for “new curses”) programming library. These vulnerabilities pose a potential risk, as threat actors could leverage them to execute malicious code on susceptible Linux and macOS systems. These security flaws, collectively identified as CVE-2023-29491, carry a CVSS score of 7.8. As …

Microsoft Discovers Vulnerabilities in ncurses Library Impacting Linux and macOS Systems Read More »

New 3AM Ransomware Emerges as LockBit Attack Fallback

A novel ransomware variant known as “3AM” has come to light following an unsuccessful LockBit ransomware attack on a target network. Researchers have disclosed that this malware is still relatively rare and has been used only sparingly. It emerged as a contingency plan for a ransomware affiliate when their attempt to deploy LockBit was thwarted …

New 3AM Ransomware Emerges as LockBit Attack Fallback Read More »

WiKI-Eve Attack: Stealing Numeric Passwords Over WiFi Reveals Alarming Vulnerabilities

A newly identified cyber threat known as the “WiKI-Eve” attack has raised significant concerns by exploiting vulnerabilities in modern WiFi routers, allowing malicious actors to intercept smartphone transmissions and accurately deduce numerical keystrokes, with success rates reaching up to 90%. This security breach hinges on the exploitation of Beamforming Feedback Information (BFI), a feature introduced …

WiKI-Eve Attack: Stealing Numeric Passwords Over WiFi Reveals Alarming Vulnerabilities Read More »

Facebook Messenger Phishing Wave Targets 100K Business Accounts Weekly

In a concerning development, a significant phishing campaign has emerged on Facebook Messenger, posing a grave threat to approximately 100,000 business accounts each week. Malicious actors have strategically employed a vast network of fake and compromised Facebook profiles to disseminate millions of Messenger phishing messages, carrying password-stealing malware with devastating consequences. These cybercriminals employ cunning …

Facebook Messenger Phishing Wave Targets 100K Business Accounts Weekly Read More »

Warning for Mac Users: Malvertising Campaign Distributes Atomic Stealer macOS Malware

A fresh malvertising campaign has emerged, distributing an updated iteration of macOS stealer malware named Atomic Stealer (or AMOS). This development suggests active maintenance by the malware’s author. Atomic Stealer, a readily available Golang malware offered at a monthly rate of $1,000, first came to attention in April 2023. Subsequently, new variants, equipped with an …

Warning for Mac Users: Malvertising Campaign Distributes Atomic Stealer macOS Malware Read More »

Hackers Exploit Windows Container Isolation Framework to Evade Endpoint Security

Recent research has unveiled a cunning method that malicious actors could employ to circumvent endpoint security solutions by manipulating the Windows Container Isolation Framework. Deep Instinct security researcher Daniel Avinoam presented these findings at the DEF CON security conference, which took place earlier this month. Microsoft’s container architecture, including Windows Sandbox, utilizes a dynamically generated …

Hackers Exploit Windows Container Isolation Framework to Evade Endpoint Security Read More »

WinRAR Vulnerability Patched to Prevent Remote Code Execution

A recently disclosed high-severity security flaw in the WinRAR utility has been successfully addressed, reducing the risk of hackers gaining control of Windows systems through remote code execution. Identified as CVE-2023-40477, this vulnerability, carrying a CVSS score of 7.8, was the result of improper validation when processing recovery volumes. The Zero Day Initiative (ZDI) elaborated …

WinRAR Vulnerability Patched to Prevent Remote Code Execution Read More »

New Python Variant of Chaes Malware Targets Banking and Logistics Sectors

The banking and logistics industries are facing a renewed threat from a revamped version of the malware known as Chaes. This evolved variant has undergone significant changes, including a complete rewrite in Python to evade traditional defense systems and a comprehensive redesign with an improved communication protocol. Chaes, which initially surfaced in 2020, is notorious …

New Python Variant of Chaes Malware Targets Banking and Logistics Sectors Read More »

New Mirai Variant Targets Low-Cost Android TV Boxes for DDoS Attacks

A fresh variant of the Mirai malware botnet has emerged, infecting low-cost Android TV set-top boxes commonly used for media streaming by millions of users. Dr. Web’s antivirus team has identified this trojan as a new iteration of the ‘Pandora’ backdoor, which initially surfaced in 2015. The primary focus of this campaign is on economical …

New Mirai Variant Targets Low-Cost Android TV Boxes for DDoS Attacks Read More »

Hackers Steal Microsoft Signing Key from Windows Crash Dump

Microsoft has confirmed that the Storm-0558 Chinese hacker group successfully obtained a signing key, which they later used to infiltrate government email accounts, by exploiting a Microsoft engineer’s corporate account. The compromised signing key led to unauthorized access to Exchange Online and Azure Active Directory (AD) accounts in approximately two dozen organizations, including prominent U.S. …

Hackers Steal Microsoft Signing Key from Windows Crash Dump Read More »

Cyber Threat Actors Exploiting Vulnerable Microsoft SQL Servers for FreeWorld Ransomware Attacks

In a concerning development, threat actors have been observed targeting inadequately secured Microsoft SQL (MS SQL) servers to execute attacks involving the deployment of Cobalt Strike and a ransomware strain known as FreeWorld. The cybersecurity firm Securonix has labeled this campaign as DB#JAMMER, noting its distinctiveness in terms of the toolset and infrastructure employed. Security …

Cyber Threat Actors Exploiting Vulnerable Microsoft SQL Servers for FreeWorld Ransomware Attacks Read More »

SapphireStealer Malware: Unveiling a Gateway to Espionage and Ransomware Operations

The cyber threat landscape has been recently shaken by the emergence of SapphireStealer, an open-source .NET-based information-stealing malware. This insidious malware is becoming a tool of choice for various malicious entities looking to bolster their capabilities and create customized versions to suit their nefarious purposes. This type of malware specializes in pilfering sensitive information, including …

SapphireStealer Malware: Unveiling a Gateway to Espionage and Ransomware Operations Read More »

Security Vulnerability in Chrome Extensions: Plain Text Passwords at Risk

A group of researchers from the University of Wisconsin-Madison has recently uncovered a potential security risk within Google Chrome extensions. They have developed a proof-of-concept extension, available on the Chrome Web Store, capable of extracting plaintext passwords from a website’s source code. Upon scrutinizing the text input fields in web browsers, the researchers identified that …

Security Vulnerability in Chrome Extensions: Plain Text Passwords at Risk Read More »

New DreamBus Malware Variant Exploits RocketMQ Vulnerability to Infect Servers

A recently emerged iteration of the DreamBus botnet malware is capitalizing on a critical remote code execution vulnerability present in RocketMQ servers, thereby compromising various devices. This exploited vulnerability, identified as CVE-2023-33246, is characterized by a permission verification lapse that affects RocketMQ version 5.1.0 and earlier. The flaw permits attackers to execute remote commands under …

New DreamBus Malware Variant Exploits RocketMQ Vulnerability to Infect Servers Read More »

Sourcegraph Website Breach Traced to Leaked Admin Access Token

Sourcegraph, an AI-powered coding platform, has recently confirmed a breach of its website resulting from the unintended exposure of a site-admin access token. This security lapse occurred on July 14th, but its exploitation by an attacker took place on August 28th, ultimately leading to unauthorized access and the creation of a new site-admin account on …

Sourcegraph Website Breach Traced to Leaked Admin Access Token Read More »

Expansion of “Classiscam” Fraud-as-a-Service: Banks and 251 Brands Targeted

The “Classiscam” fraud-as-a-service operation has significantly expanded its global reach, encompassing a broader range of brands, industries, and countries. This expansion has resulted in heightened financial losses compared to previous instances. In a manner reminiscent of ransomware-as-a-service endeavors, this operation, active on Telegram, collaborates with affiliates who utilize phishing kits to craft counterfeit advertisements and …

Expansion of “Classiscam” Fraud-as-a-Service: Banks and 251 Brands Targeted Read More »

Ransomware Attackers Reduce Dwell Time to 5 Days, RDP Still Prevalent

The period during which ransomware threat actors remain undetected within compromised networks has shortened significantly, with the median dwell time dropping from nine days in 2022 to just five days in the first half of this year. According to data from cybersecurity firm Sophos, the overall median dwell time for all cyberattacks was eight days …

Ransomware Attackers Reduce Dwell Time to 5 Days, RDP Still Prevalent Read More »

Microsoft Identifies Flax Typhoon Hackers Leveraging LOLBins for Stealthy Operations

Microsoft has uncovered a novel hacking group, dubbed Flax Typhoon, which appears to be targeting government agencies, education institutions, critical manufacturing facilities, and information technology organizations, presumably for espionage purposes. In a distinct approach, this threat actor relies minimally on malware to infiltrate and maintain control over victim networks. Instead, they harness existing components within …

Microsoft Identifies Flax Typhoon Hackers Leveraging LOLBins for Stealthy Operations Read More »

Rhysida Claims Responsibility for Ransomware Attack on Prospect Medical and Threatens Data Sale

The Rhysida ransomware group has asserted its involvement in a significant cyberattack on Prospect Medical Holdings, purporting to have acquired 500,000 social security numbers, confidential corporate materials, and patient records. The attack, believed to have transpired on August 3rd, led to the emergence of ransom notes on employee screens, disclosing that their network had been …

Rhysida Claims Responsibility for Ransomware Attack on Prospect Medical and Threatens Data Sale Read More »

Vulnerable Openfire Servers: A Threat to Over 3,000 Instances

A significant security lapse has come to light involving thousands of Openfire servers, leaving them exposed to a takeover threat via CVE-2023-32315. This actively exploited path traversal vulnerability enables unauthorized users to establish new admin accounts, posing a severe risk. Openfire, a widely utilized Java-based open-source chat (XMPP) server boasting 9 million downloads, has become …

Vulnerable Openfire Servers: A Threat to Over 3,000 Instances Read More »

Whiffy Recon Malware: Exploiting WiFi for Location Triangulation

The operators behind the Smoke Loader botnet have unleashed a new strain of malware known as Whiffy Recon, leveraging WiFi scanning and Google’s geolocation API to pinpoint the whereabouts of infected devices. Google’s geolocation API is a service that processes HTTPS requests containing WiFi access point data, returning precise latitude and longitude coordinates even for …

Whiffy Recon Malware: Exploiting WiFi for Location Triangulation Read More »

FBI Alert: Barracuda ESG Appliances Remain Vulnerable Despite Patch Efforts

The Federal Bureau of Investigation (FBI) has issued a warning regarding the ongoing vulnerability of Barracuda Email Security Gateway (ESG) appliances, even after patches were released to address a critical remote command injection flaw. The agency stated that the patches provided by Barracuda have proven to be ‘ineffective,’ as attackers continue to compromise patched appliances. …

FBI Alert: Barracuda ESG Appliances Remain Vulnerable Despite Patch Efforts Read More »

Discord.io Confirms Breach after Hacker Steals Data of 760K Users

The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members. Discord.io is not an official Discord site but a third-party service allowing server owners to create custom invites to their channels. Most of the community was built around the service’s Discord server, with over 14,000 …

Discord.io Confirms Breach after Hacker Steals Data of 760K Users Read More »

Raccoon Stealer Malware Returns with New Stealthier Version

The developers of Raccoon Stealer information-stealing malware have ended their 6-month hiatus from hacker forums to promote a new 2.3.0 version of the malware to cyber criminals. Raccoon is one of the most well-known and widely used information-stealing malware families, having been around since 2019, sold via a subscription model for $200/month to threat actors. …

Raccoon Stealer Malware Returns with New Stealthier Version Read More »

CISA Warns of Critical Citrix ShareFile Flaw Exploited in The Wild

CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild. Citrix ShareFile (also known as Citrix Content Collaboration) is a managed file transfer SaaS cloud storage solution that …

CISA Warns of Critical Citrix ShareFile Flaw Exploited in The Wild Read More »

Clop Ransomware now Uses Torrents to Leak Data and Evade Takedowns

The Clop ransomware gang has once again altered extortion tactics and is now using torrents to leak data stolen in MOVEit attacks. Starting on May 27th, the Clop ransomware gang launched a wave of data-theft attacks exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform. Exploiting this zero-day allowed the threat actors …

Clop Ransomware now Uses Torrents to Leak Data and Evade Takedowns Read More »

Knight Ransomware Distributed in Fake Tripadvisor Complaint Emails

The Knight ransomware is being distributed in an ongoing spam campaign that pretends to be TripAdvisor complaints. Knight ransomware is a recent rebrand of the Cyclop Ransomware-as-a-Service, which switched its name at the end of July 2023. The Cyclops ransomware operation launched in May 2023 when the operators began recruiting affiliates for the new ransomware-as-a-service …

Knight Ransomware Distributed in Fake Tripadvisor Complaint Emails Read More »

Rhysida Ransomware Behind Recent Attacks on Healthcare

The Rhysida ransomware operation is making a name for itself after a wave of attacks on healthcare organizations has forced government agencies and cybersecurity companies to pay closer attention to its operations. Following a security bulletin by the U.S. Department of Health and Human Services (HHS), CheckPoint, Cisco Talos, and Trend Micro have all released …

Rhysida Ransomware Behind Recent Attacks on Healthcare Read More »

Hackers use new malware to breach air-gapped devices in Eastern Europe

Chinese state-sponsored hackers have been targeting industrial organizations with new malware that can steal data from air-gapped systems. Air-gapped systems typically fulfill critical roles and are isolated from the enterprise network and the public internet either physically or through software and network devices. Researchers at cybersecurity company Kaspersky discovered the new malware and attributed it …

Hackers use new malware to breach air-gapped devices in Eastern Europe Read More »

Canon warns of Wi-Fi Security Risks when Discarding Inkjet Printers

Canon is warning users of home, office, and large format inkjet printers that their Wi-Fi connection settings stored in the devices’ memories are not wiped, as they should, during initialization, allowing others to gain access to the data. This flaw could introduce a security and privacy risk for impacted users if the printer memory is …

Canon warns of Wi-Fi Security Risks when Discarding Inkjet Printers Read More »

FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022

In collaboration with CISA, the NSA, and the FBI, Five Eyes cybersecurity authorities have issued today a list of the 12 most exploited vulnerabilities throughout 2022. Cybersecurity agencies in the United States, Australia, Canada, New Zealand, and the United Kingdom called on organizations worldwide to address these security flaws and deploy patch management systems to …

FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022 Read More »

8 Million People Hit by Data Breach at US Govt Contractor Maximus

U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks. Maximus is a contractor that manages and administers US government-sponsored programs, including federal and local healthcare programs and student loan servicing. The company employs 34,300 …

8 Million People Hit by Data Breach at US Govt Contractor Maximus Read More »

New Android Malware Uses OCR to Steal Credentials from Images

Two new Android malware families named ‘CherryBlos’ and ‘FakeTrade’ were discovered on Google Play, aiming to steal cryptocurrency credentials and funds or conduct scams. The new malware strains were discovered by Trend Micro, which observed both using the same network infrastructure and certificates, indicating the same threat actors created them. The malicious apps use various …

New Android Malware Uses OCR to Steal Credentials from Images Read More »

BreachForums Database and Private Chats for Sale in Hacker Data Breach

While consumers are usually the ones worried about their information being exposed in data breaches, it’s now the hacker’s turn, as the notorious Breached cybercrime forum’s database is up for sale and member data shared with Have I Been Pwned. Yesterday, the Have I Been Pwned data breach notification service announced that visitors can check …

BreachForums Database and Private Chats for Sale in Hacker Data Breach Read More »

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software

A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. “HotRat malware equips attackers with a wide array of capabilities, such as stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, …

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software Read More »

VirusTotal Apologizes for Data Leak Affecting 5,600 Customers

VirusTotal apologized for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file containing their info to the platform last month. The data leak impacted only Premium account customers, with the uploaded file containing their names and corporate email addresses. Emiliano Martines, the online malware scanning service’s head of product …

VirusTotal Apologizes for Data Leak Affecting 5,600 Customers Read More »

Mallox Ransomware Exploits Weak MS- SQL Servers to Breach Networks

Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. “Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization’s files, and then threatening to publish the stolen data on a …

Mallox Ransomware Exploits Weak MS- SQL Servers to Breach Networks Read More »

Microsoft: Hackers Turn Exchange Servers Into Malware Control Centers

Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry and Microsoft Exchange servers with a new ‘DeliveryCheck’ malware backdoor. Turla, aka Secret Blizzard, KRYPTON, and UAC-0003, is believed to be an advanced persistent threat actor (APT) linked to Russia’s Federal Security Service (FSB) The …

Microsoft: Hackers Turn Exchange Servers Into Malware Control Centers Read More »

OpenAI Credentials Stolen by The Thousands for Sale on The Dark Web

Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for sale on the dark web and access to a malicious alternative for ChatGPT. Both less skilled and seasoned cybercriminals can use the tools to create more convincing phishing emails that are customized for the intended …

OpenAI Credentials Stolen by The Thousands for Sale on The Dark Web Read More »

GitHub Warns of Lazarus Hackers Targeting Devs with Malicious Projects

GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware. The campaign was linked to the North Korean state-sponsored Lazarus hacking group, also known as Jade Sleet (Microsoft Threat Intelligence) and TraderTraitor (CISA). The US government released …

GitHub Warns of Lazarus Hackers Targeting Devs with Malicious Projects Read More »

Gamaredon Hackers Start Stealing Data 30 Minutes After a Breach

Gamaredon attacks commonly start with an email or message sent to targets via Telegram, WhatsApp, Signal, or other IM apps. The initial infection is achieved by tricking the victim into opening malicious attachments such as HTM, HTA, and LNK files disguised as Microsoft Word or Excel documents. Once the victim launches the malicious attachments, PowerShell …

Gamaredon Hackers Start Stealing Data 30 Minutes After a Breach Read More »

Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys

Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface. Docker Hub is a cloud-based repository for the Docker community to store, share, and distribute Docker images. These …

Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Read More »

Beware of Big Head Ransomware: Spreading Through Fake Windows

A developing piece of ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers. Big Head was first documented by Fortinet FortiGuard Labs last month, when it discovered multiple variants of the ransomware that are designed to encrypt files on …

Beware of Big Head Ransomware: Spreading Through Fake Windows Read More »

Fake Linux vulnerability exploit drops data-stealing malware

Cybersecurity researchers and threat actors are targeted by a fake proof of concept (POC) CVE-2023-35829 exploit that installs a Linux password-stealing malware. Uptycs analysts discovered the malicious PoC during their routine scans when detection systems flagged irregularities such as unexpected network connections, unauthorized system access attempts, and atypical data transfers. Three repositories were found hosting …

Fake Linux vulnerability exploit drops data-stealing malware Read More »

USB drive malware attacks spiking again in first half of 2023

What’s old is new again, with researchers seeing a threefold increase in malware distributed through USB drives in the first half of 2023 A new report by Mandiant outlines how two USB-delivered malware campaigns have been observed this year; one named ‘Sogu,’ attributed to a Chinese espionage threat group ‘TEMP.HEX,’ and another named ‘Snowydrive,’ attributed …

USB drive malware attacks spiking again in first half of 2023 Read More »

Ransomware payments on record-breaking trajectory for 2023

Data from the first half of the year indicates that ransomware activity is on track to break previous records, seeing a rise in the number of payments, both big and small. According to a report by blockchain analysis firm Chainalysis, ransomware is the only cryptocurrency crime category seeing a risethis year, with all others, including …

Ransomware payments on record-breaking trajectory for 2023 Read More »

Iranian Hackers’ Sophisticated Malware Targets Windows and macOS Users

The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware. “TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho,” Proofpoint said in a new …

Iranian Hackers’ Sophisticated Malware Targets Windows and macOS Users Read More »

BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days

Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify. Recently, Microsoft’s Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes’ terrifying velocity and damaging nature. The findings indicate that hackers can complete the entire attack process, from gaining initial access to …

BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days Read More »

New ‘Big Head’ Ransomware Displays Fake Windows Update Alert

Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers. Two samples of the malware have been analyzed before by cybersecurity company Fortinet, who looked at the infection vector and how the malware executes. Today, Trend Micro published …

New ‘Big Head’ Ransomware Displays Fake Windows Update Alert Read More »

How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance

As technology advances and organizations become more reliant on data, the risks associated with data breaches and cyber-attacks also increase. The introduction of data privacy laws, such as the GDPR, has made it mandatory for organizations to disclose breaches of personal data to those affected. As such, it has become essential for businesses to protect …

How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance Read More »

Cisco warns of bug that lets attackers break traffic encryption

Cisco warned customers today of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with encrypted traffic. Tracked as CVE-2023-20185, the flaw was found during internal security testing in the ACI Multi-Site CloudSec encryption feature of data center Cisco Nexus 9000 Series Fabric Switches. The vulnerability only impacts Cisco Nexus …

Cisco warns of bug that lets attackers break traffic encryption Read More »

Over 130,000 solar energy monitoring systems exposed online

Security researchers are warning that tens of thousands of photovoltaic (PV) monitoring and diagnostic systems are reachable over the public web, making them potential targets for hackers. These systems are used for remote performance monitoring, troubleshooting, system optimization, and other functions to allow remote management of renewable energy production units. Cyble’s threat analysts scanned the …

Over 130,000 solar energy monitoring systems exposed online Read More »

Snappy: A tool to detect rogue WiFi access points on open networks

Cybersecurity researchers have released a new tool called ‘Snappy’ that can help detect fake or rogue WiFi access points that attempts to steal data from unsuspecting people. Attackers can create fake access points in supermarkets, coffee shops, and malls that impersonate real ones already established at the location. This is done to trick users into …

Snappy: A tool to detect rogue WiFi access points on open networks Read More »

BlackCat ransomware pushes Cobalt Strike via WinSCP search ads

The BlackCat ransomware group (aka ALPHV) is running malvertizing campaigns to lure people into fake pages that mimic the official website of the WinSCP file-transfer application for Windows but instead push malware-ridden installers. WinSCP (Windows Secure Copy) is a popular free and open-source SFTP, FTP, S3, SCP client, and file manager with SSH file transfer …

BlackCat ransomware pushes Cobalt Strike via WinSCP search ads Read More »

Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts

As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), impacts all versions of the Ultimate Member plugin, including the latest version (2.6.6) that was released on June 29, 2023. Ultimate Member is a …

Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts Read More »

New EarlyRAT malware linked to North Korean Andariel hacking group

Security analysts have discovered a previously undocumented remote access trojan (RAT) named ‘EarlyRAT,’ used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group. Andariel (aka Stonefly) is believed to be part of the Lazarus hacking group known for employing the DTrack modular backdoor to collect information from compromised systems, such as browsing …

New EarlyRAT malware linked to North Korean Andariel hacking group Read More »

Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users’ Personal Data

Android-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. “As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts,” LetMeSpy said in an announcement on its …

Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users’ Personal Data Read More »

Linux version of Akira ransomware targets VMware ESXi servers

The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide. Akira first emerged in March 2023, targeting Windows systems in various industries, including education, finance, real estate, manufacturing, and consulting. Like other enterprise-targeting ransomware gangs, the threat actors steal data from breached networks and encrypt …

Linux version of Akira ransomware targets VMware ESXi servers Read More »

Trojanized Super Mario game used to install Windows malware

A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been infecting unsuspecting players with multiple malware infections. Super Mario 3: Mario Forever is a free-to-play remake of the classic Nintendo game developed by Buziol Games and released for the Windows platform in 2003. The game became very popular, downloaded …

Trojanized Super Mario game used to install Windows malware Read More »

Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam

A U.K. citizen who took part in the massive July 2020 hack of Twitter has been sentenced to five years in prison in the U.S. Joseph James O’Connor (aka PlugwalkJoe), 24, was awarded the sentence on Friday in the Southern District of New York, a little over a month after he pleaded guilty to the …

Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam Read More »

American Airlines, Southwest Airlines disclose data breaches affecting pilots

American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines’ pilot applications and recruitment portals. Both airlines were informed of the Pilot Credentials incident on May 3, which was limited solely to the …

American Airlines, Southwest Airlines disclose data breaches affecting pilots Read More »

Microsoft Teams bug allows malware delivery from external accounts

Security researchers have found a simple way to deliver malware to an organization with Microsoft Teams, despite restrictions in the application for files from external sources. With 280 million monthly active users, Microsoft Teams has been adopted by organizations as a communication and collaboration platform part of the Microsoft 365 cloud-based services. Given the product’s …

Microsoft Teams bug allows malware delivery from external accounts Read More »

NSA shares tips on blocking BlackLotus UEFI malware attacks

The U.S. National Security Agency (NSA) released today guidance on how to defend against BlackLotus UEFI bootkit malware attacks. BlackLotus has been circulating on hacking forums since October 2022, marketed as malware capable of evading detection, withstanding removal efforts, and neutralizing multiple Windows security features such as Defender, HVCI, and BitLocker. In May, Microsoft released …

NSA shares tips on blocking BlackLotus UEFI malware attacks Read More »

MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans

A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. “The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances, such as Warzone RAT and Quasar RAT,” Securonix researchers Den …

MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans Read More »

Reddit hackers threaten to leak data stolen in February breach

The BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen 80GB of data from the company. On February 9th, Reddit disclosed that its systems were hacked on February 5th after an employee fell victim to a phishing attack. This phishing attack allowed the threat actors …

Reddit hackers threaten to leak data stolen in February breach Read More »

US govt offers $10 million bounty for info on Clop ransomware

The U.S. State Department’s Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the Clop ransomware attacks to a foreign government. “Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government? Send us a tip. You could …

US govt offers $10 million bounty for info on Clop ransomware Read More »

From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet

Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. “The Diicot name is significant, as it’s also the name of the Romanian organized crime and anti-terrorism policing unit,” Cado Security said in a technical report. “In addition, artifacts from the …

From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet Read More »

Rhysida ransomware leaks documents stolen from Chilean Army

Threat actors behind a recently surfaced ransomware operation known as Rhysida have leaked online what they claim to be documents stolen from the network of the Chilean Army (Ejército de Chile). The leak comes after the Chilean Army confirmed on May 29 that its systems were impacted in a security incident detected over the weekend …

Rhysida ransomware leaks documents stolen from Chilean Army Read More »

Suspected LockBit ransomware affiliate arrested, charged in US

Russian national Ruslan Magomedovich Astamirov was arrested in Arizona and charged by the U.S. Justice Department for allegedly deploying LockBit ransomware on the networks of victims in the United States and abroad. According to the criminal complaint, the 20-year-old suspect from the Chechen Republic was allegedly involved in LockBit ransomware attacks between August 2020 and …

Suspected LockBit ransomware affiliate arrested, charged in US Read More »

Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency

Ransomware actors and cryptocurrency scammers have joined nation-state actors in abusing cloud mining services to launder digital assets, new findings reveal. “Cryptocurrency mining is a crucial part of our industry, but it also holds special appeal to bad actors, as it provides a means to acquire money with a totally clean on-chain original source,” blockchain …

Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency Read More »

Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now

Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices. The security fixes were released on Friday in FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5. While not mentioned in the release notes, security professionals and admins have hinted that the updates quietly …

Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now Read More »

Strava heatmap feature can be abused to find home addresses

Researchers at the North Carolina State University Raleigh have discovered a privacy risk in the Strava app’s heatmap feature that could lead to identifying users’ home addresses. Strava is a popular running companion and fitness-tracking application with over 100 million users worldwide, helping people track their heart rate, activity details, GPS location, and more. In …

Strava heatmap feature can be abused to find home addresses Read More »

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies

Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER. “SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory manipulation, and token impersonation capabilities,” Elastic Security Labs said in a Friday report. The …

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies Read More »

Clop ransomware likely testing MOVEit zero-day since 2021

The Clop ransomware gang has been looking for ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer (MFT) solution since 2021, according to Kroll security experts. While analyzing logs on some clients’ compromised networks during the investigation of recent Clop data theft attacks targeting vulnerable MOVEit Transfer instances, they found malicious …

Clop ransomware likely testing MOVEit zero-day since 2021 Read More »

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation

Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component. “An attacker who successfully exploited this …

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation Read More »

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve …

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities Read More »

Atomic Wallet hacks lead to over $35 million in crypto stolen

The developers of Atomic Wallet are investigating reports of large-scale theft of cryptocurrency from users’ wallets, with over $35 million in crypto reportedly stolen. Atomic Wallet is a mobile and desktop crypto wallet allowing users to store various cryptocurrencies. The wallet is offered for multiple operating systems, including Windows, Android, iOS, macOS, and Linux. On …

Atomic Wallet hacks lead to over $35 million in crypto stolen Read More »

Online sellers targeted by new information-stealing malware campaign

Online sellers are targeted in a new campaign to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks. The new campaign launched this week, with threat actors sending complaints to online store admins through email and website contact forms. These emails pretend to be from a customer of an …

Online sellers targeted by new information-stealing malware campaign Read More »

New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal

An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal. Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an “extremely high degree of similarity” between Royal and BlackSuit. “In fact, they’re nearly identical, with 98% …

New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal Read More »

New Horabot campaign takes over victim’s Gmail, Outlook accounts

A previously unknown campaign involving the Horabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool. The malware enables the operators to take control of the victim’s Gmail, Outlook, Hotmail, or Yahoo email accounts, steal email data and 2FA codes arriving …

New Horabot campaign takes over victim’s Gmail, Outlook accounts Read More »

New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware

A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. “The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data,” Kaspersky …

New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware Read More »

Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks

An analysis of the “evasive and tenacious” malware known as QBot has revealed that 25% of its command-and-control (C2) servers are merely active for a single day. What’s more, 50% of the servers don’t remain active for more than a week, indicating the use of an adaptable and dynamic C2 infrastructure, Lumen Black Lotus Labs …

Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks Read More »

Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains

A new ‘File Archivers in the Browser’ phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files. Earlier this month, Google began offering the ability to register ZIP TLD domains, such as bleepingcomputer.zip, for hosting websites or email addresses. Since the …

Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains Read More »

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. “It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility,” Trend Micro said in a …

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets Read More »

Microsoft 365 phishing attacks use encrypted RPMSG messages

Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways. RPMSG files (also known as restricted permission message files) are encrypted email message attachments created using Microsoft’s Rights Management Services (RMS) and offer an extra layer …

Microsoft 365 phishing attacks use encrypted RPMSG messages Read More »

Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry

A new botnet called Dark Frost has been observed launching distributed denial-of-service (DDoS) attacks against the gaming industry. “The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices,” Akamai security researcher Allen West said in a new technical analysis shared with The Hacker News. …

Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry Read More »

‘Operation Magalenha’ targets credentials of 30 Portuguese banks

A Brazilian hacking group has been targeting thirty Portuguese government and private financial institutions since 2021 in a malicious campaign called ‘Operation Magalenha.’ Examples of the targeted entities include ActivoBank, Caixa Geral de Depósitos, CaixaBank, Citibanamex, Santander, Millennium BCP, ING, Banco BPI, and Novobanco. This campaign was exposed by a Sentinel Labs report highlighting the …

‘Operation Magalenha’ targets credentials of 30 Portuguese banks Read More »

Android phones are vulnerable to fingerprint brute-force attacks

Researchers at Tencent Labs and Zhejiang University have presented a new attack called ‘BrutePrint,’ which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device. Brute-force attacks rely on many trial-and-error attempts to crack a code, key, or password and gain unauthorized access to accounts, systems, or networks. The Chinese …

Android phones are vulnerable to fingerprint brute-force attacks Read More »