January 25, 2024 at 11:48AM EquiLend, a Wall Street fintech firm, is working to restore its systems after a cyberattack. The attack resulted in portions of the company’s systems being taken offline, prompting EquiLend to launch an investigation and work with external cybersecurity firms to restore services. The nature and extent of the attack, as … Read more
January 25, 2024 at 02:30AM CherryLoader, a new Go-based malware loader, has been discovered by threat hunters. It masquerades as the legitimate CherryTree note-taking application to trick victims. The loader delivers privilege escalation tools and can swap out exploits without recompiling code. Its distribution method is unknown, but it is contained in a RAR archive … Read more
January 25, 2024 at 01:06AM Hewlett Packard Enterprise’s cloud email environment was compromised by hackers connected to the Kremlin, attributed to the Russian state-sponsored group APT29. The breach lasted over six months and is linked to a previous security event involving unauthorized access to SharePoint files. The incident did not impact the company’s operations, according … Read more
January 23, 2024 at 09:12AM AerCap, an aircraft leasing company, confirmed being targeted by ransomware on January 17. The company asserted control of its IT systems and reported no financial loss. It notified law enforcement and is investigating potential data compromise. ‘Slug’ claimed responsibility, threatening to leak stolen data unless a ransom is paid. AerCap … Read more
January 22, 2024 at 03:51PM AerCap, the world’s largest aircraft leasing company, reported a ransomware infection on January 17. Despite the intrusion by the Slug ransomware crew, the company claims to have not incurred financial losses. LoanDepot also disclosed a ransomware attack, affecting about 16.6 million individuals, prompting an ongoing investigation and restoration efforts. From … Read more
January 22, 2024 at 03:46PM ScarCruft, a North Korea-sponsored APT group, is preparing for targeted cyberattacks on threat intelligence professionals. They aim to steal nonpublic threat intel and enhance their offensive tactics. The innovative campaign involves using lure related to the Kimsuky APT group to target cybersecurity professionals, and the group is refining their malicious … Read more
January 22, 2024 at 12:06PM In December 2023, media organizations and North Korea experts were targeted by a cyber campaign orchestrated by the threat actor ScarCruft. This North Korea-linked group, also known as APT37, targeted individuals with malicious files, displaying a sophisticated and evolving approach. The attack is indicative of the group’s ongoing efforts to … Read more
January 19, 2024 at 04:05PM Apparel conglomerate VF Corporation experienced a data breach in December, compromising personal data of 35.5 million customers. The breach caused disruptions to its operations and led to website slowdowns and order cancellations. The company confirmed minor residual impacts and ongoing investigations but assured that sensitive information like Social Security numbers … Read more
January 18, 2024 at 01:50PM Kansas State University is managing a cybersecurity incident disrupting VPN, K-State Today emails, and Canvas and Mediasite videos. Its prompt response includes engaging third-party IT forensic experts, providing guidance to maintain educational continuity, and ongoing updates. Email services will resume with limitations on January 18. No data breach has been … Read more
January 16, 2024 at 12:41PM CISA and the FBI warn about Androxgh0st malware, which is being used to create a botnet targeting cloud credential theft. The botnet exploits vulnerabilities in frameworks and servers. Additionally, it steals sensitive information, deploys malicious tools, and conducts spam campaigns. The agencies advise on mitigation measures to limit the impact … Read more