September 28, 2023   02:14 PM   0 The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims' networks to encrypt systems in under two days. FBI's warning comes in the form of a Private Industry Notification prompted by trends observed starting July 2023. The federal law enforcement agency explains that ransomware affiliates and operators have been observed using two distinct variants when targeting victim...

September 29, 2023   10:59 AM   0 Sebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit wire fraud and aggravated identity theft as part of his activities in the ShinyHunters hacking group. Raoult, also known as 'Sezyo Kaizen,' was apprehended last year in Morocco for being suspected of being a co-conspirator of the notorious data broker and hacking group and was extradited to the U.S. in...

September 27, 2023   05:48 PM   1 A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms. The campaign started on September 12, 2023, and was first discovered by Sonatype, whose analysts unearthed 14 malicious packages on npm. Phylum reports that after a brief operational hiatus on September 16 and 17, the attack has resumed and expanded to the PyPI ecosystem. Since...

September 27, 2023   05:07 PM   0 Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT. The malware is distributed to Windows users through websites that imitate the legitimate Bitwarden site and rely on typosquatting to fool potential victims. Focused on Windows users The purpose of ZenRAT is to collect browser data and credentials along...

September 18, 2023   06:06 PM   0 The APT36 hacking group, aka 'Transparent Tribe,' has been observed using at least three Android apps that mimic YouTube to infect devices with their signature remote access trojan (RAT), 'CapraRAT.' Once the malware is installed on a victim's device, it can harvest data, record audio and video, or access sensitive communication information, essentially operating like a spyware tool. APT36 is a Pakistan-aligned threat...

September 19, 2023   11:14 AM   0 New malware named HTTPSnoop and PipeSnoop are used in cyberattacks on telecommunication service providers in the Middle East, allowing threat actors to remotely execute commands on infected devices. The HTTPSnoop malware interfaces with Windows HTTP kernel drivers and devices to execute content on the infected endpoint based on specific HTTP(S) URLs, and the PipeSnoop accepts and executes arbitrary shellcode from a named pipe....

September 14, 2023   12:30 PM   0 Image: Midjourney Microsoft says an Iranian-backed threat group has targeted thousands of organizations in the U.S. and worldwide in password spray attacks since February 2023. The state hackers also stole sensitive information from a limited number of victims in the defense, satellite, and pharmaceutical sectors. Tracked as APT33 (aka Peach Sandstorm, HOLMIUM, or Refined Kitten), the cyber-espionage group has been active...

September 12, 2023   03:14 PM   1 Image: Midjourney Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. The financially motivated threat group behind this campaign is tracked as Storm-0324, a malicious actor known to have deployed Sage and GandCrab ransomware in the past. Storm-0324 has also provided the notorious FIN7 cybercrime gang...

September 13, 2023   08:29 AM   0 A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network. Researchers say in a report today that the new malware “has only been used in a limited fashion” and it was a ransomware affiliate’s fallback when defense mechanisms blocked LockBit. Rare occurrence Symantec’s Threat Hunter Team, part of Broadcom,...

September 13, 2023   10:11 AM   3 Global cryptocurrency exchange CoinEX announced that someone hacked its hot wallets and stole large amounts of digital assets that were used to support the platform's operations. The incident occurred on September 12 and preliminary results of the investigation show that the unauthorized transactions involved Ethereum ($ETH), Tron ($TRON), and Polygon ($MATIC) cryptocurrency. CoinEx has not provided any info...

March 27, 2023   10:55 AM   2 Twitter has taken down internal source code for its platform and tools that was leaked on GitHub for months. Now it's using a subpoena to search for those who leaked and downloaded its code. On Friday, GitHub complied with a DMCA infringement notice issued by Twitter because the leak exposed proprietary source code and internal tools, which could pose a security risk to Twitter. According to the DMCA notice, the leak came...

March 24, 2023   06:54 PM   0 On the third day of the Pwn2Own hacking contest, security researchers were awarded $185,000 after demonstrating 5 zero-day exploits targeting Windows 11, Ubuntu Desktop, and the VMware Workstation virtualization software. The highlight of the day was the Ubuntu Desktop operating system getting hacked three times by three different teams, although one of them was a collision with the exploit being previously known. The three...

March 25, 2023   12:29 PM   0 A new ransomware operation named 'Dark Power' has appeared, and it has already listed its first victims on a dark web data leak site, threatening to publish the data if a ransom is not paid. The ransomware gang's encryptor has a compilation date of January 29, 2023, when the attacks started. Furthermore, the operation has not been promoted on any hacker forums or dark web spaces yet; hence it's likely a private project. According...

March 13, 2023   06:38 PM   0 Unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss. Fortinet released security updates on March 7, 2023, to address this high-severity security vulnerability (CVE-2022-41328) that allowed threat actors to execute unauthorized code or commands. "A improper limitation of a pathname to a...