October 29, 2024 at 05:11PM The China-sponsored hacking group Evasive Panda has launched CloudScout, a sophisticated toolset to exploit stolen Web session cookies and access data from cloud services like Google Drive and Gmail. This post-compromise tool evades authentication checks and illustrates the group’s advanced cyberespionage skills targeting civil society and political entities. ### Meeting … Read more
October 29, 2024 at 02:00PM Free, France’s second-largest ISP, reported a cyberattack that compromised internal management tools and customer data, affecting over 19 million accounts. The hacker attempted to sell stolen data on the Dark Web. Free confirmed no sensitive information was compromised and has notified affected customers while filing a criminal complaint. **Meeting Takeaways: … Read more
October 28, 2024 at 01:45PM Evasive Panda, a China-linked cyber espionage group, launched a new toolset, CloudScout, targeting Taiwanese government and religious organizations. This .NET-based malware extracts data from cloud services by hijacking authenticated sessions using stolen cookies. ESET noted the malware’s modular design includes specific functions for accessing Google Drive, Gmail, and Outlook. ### … Read more
October 23, 2024 at 06:36AM Threat actors are exploiting Amazon S3’s Transfer Acceleration feature for ransomware attacks to exfiltrate data. They use disguised Golang ransomware and hard-coded AWS credentials, affecting both Windows and macOS. Recent reports show a rise in ransomware incidents, with notable groups adapting their tactics amidst ongoing threats and vulnerabilities. ### Meeting … Read more
October 22, 2024 at 06:22AM The Bumblebee malware loader may be reemerging after a law enforcement operation in May 2024. This malicious campaign highlights the potential revival of this threat. The information is reported by SecurityWeek. **Meeting Takeaways:** 1. **Resurgence of Bumblebee Malware Loader**: There is a new malicious campaign indicating that the Bumblebee malware … Read more
October 14, 2024 at 06:13PM Gryphon Healthcare reported a data breach affecting up to 400,000 individuals, compromising sensitive patient information including personal and medical data. The incident was detected on August 13, with notifications sent to victims shortly after. Legal actions are underway, as class-action lawsuits emerge following similar healthcare data breaches. ### Meeting Notes … Read more
October 14, 2024 at 09:15AM Casio has confirmed a data breach linked to a recent cyberattack, with a ransomware group now claiming responsibility. The group has leaked files related to the incident, revealing further details about the security breach. **Meeting Takeaways:** 1. **Cyberattack Update**: Casio has confirmed that they were recently targeted by a cyberattack. … Read more
October 8, 2024 at 11:35AM American Water, the largest publicly traded water utility in the US, experienced a cyberattack on Oct. 3, causing outages in its online systems and telecom services. Although its water facilities were not immediately impacted, the incident prompted concern about cybersecurity in critical infrastructure. Efforts to enhance cybersecurity measures at water … Read more
October 8, 2024 at 06:07AM GoldenJackal, a little-known threat actor, has been linked to cyber attacks on embassies and governmental organizations. They aim to infiltrate air-gapped systems using bespoke toolsets. The attacks targeted a South Asian embassy in Belarus and a European Union government organization. The group has displayed advanced capabilities, using multiple malware families … Read more
October 8, 2024 at 02:36AM Ukrainian hackers disrupted Russian state news agency VGTRK’s online services on Putin’s birthday. Kremlin officials condemned the “unprecedented” cyber attack and vowed to bring the perpetrators to justice. VGTRK reported no significant damage, while Russian officials blamed the “collective West” and promised to raise the issue at international venues. “sudo … Read more