July 12, 2024 at 11:21AM Palo Alto Networks Unit 42 has uncovered a brief DarkGate malware campaign utilizing Samba file shares to spread infections in North America, Europe, and parts of Asia. DarkGate, an evolved malware-as-a-service offering, can perform remote control, code execution, cryptocurrency mining, and more. The campaign highlights the importance of strong cybersecurity … Read more
July 12, 2024 at 08:15AM Ransomware groups have been exploiting a year-old vulnerability in Veeam Backup & Replication, tracked as CVE-2023-27532 with a CVSS score of 7.5. Exploitation allows extraction of encrypted credentials and cleartext credentials, leading to data exfiltration and unauthorized access. Patched versions 12 and 11a address the vulnerability – organizations should update. … Read more
July 11, 2024 at 10:48AM CrystalRay, a threat actor, has expanded their operations since the February attacks. They utilize SSH-Snake, an automated worm-like tool, for hacking purposes and have added mass scanning, open source software exploitation, and credential theft to their arsenal. Their use of open source and penetration testing tools enables them to maintain … Read more
July 11, 2024 at 01:54AM Multiple threat actors are exploiting a recently disclosed security flaw in PHP (CVE-2024-4577) to deliver remote access trojans, cryptocurrency miners, and DDoS botnets. Users are advised to update their PHP installations. Additionally, DDoS attacks increased 20% year-over-year, with China being the most targeted country. Follow for more exclusive content. Based … Read more
July 9, 2024 at 12:13PM Cyberattackers are targeting JavaScript developers with a supply chain attack distributing Trojanized jQuery packages across GitHub, npm, and jsDelivr repositories. The attackers exhibit an unusual lack of nomenclature and attribution, with a manual assembly and publication of each package. The attack, requiring specific user actions to trigger, emphasizes the need … Read more
July 9, 2024 at 09:33AM Ransomware group RansomHub leaked allegedly stolen Florida Department of Health data, including over 100GB of PII and PHI. Florida DOH missed a ransomware payment deadline due to state law. Potentially compromised data includes names, addresses, and health information. The cyber incident disrupted department services. RansomHub is a major ransomware group. … Read more
July 5, 2024 at 01:03PM The aftermath of Qilin’s ransomware attack on Synnovis caused widespread disruptions in medical procedures across London hospitals. One of the most affected individuals was Johanna Groothuizen, who had to undergo a last-minute change in her surgery, ultimately resulting in a simple mastectomy instead of the planned skin-sparing mastectomy. The cyberattack’s … Read more
July 5, 2024 at 05:56AM Cybereason reported that the GootLoader malware, linked to threat actor Hive0127, continues to evolve, with the latest version being GootLoader 3. It is distributed via SEO poisoning and serves as a conduit for delivering various payloads. The attackers have also unleashed their own command-and-control tool, expanding their market for financial … Read more
July 5, 2024 at 12:26AM Cybersecurity researchers discovered a new botnet, Zergeca, capable of DDoS attacks. It supports six attack methods, proxying, scanning, self-upgrading, reverse shell, and more. Notably, it uses DNS-over-HTTPS for C2 communications and continuous development. Linked to previous botnet activity, it targeted Canada, Germany, and the U.S. with ACK flood DDoS attacks. … Read more
July 3, 2024 at 08:41AM Patelco Credit Union, serving 500,000 customers, faced a ransomware attack, impacting its online banking, mobile app, and call center. Electronic transactions are unavailable and restoration efforts are ongoing. Patelco emphasized secure system restoration, cooperation with cybersecurity experts, regulators, and law enforcement. Customer reimbursement for late payment fees is assured. Based … Read more