April 9, 2024 at 11:37AM The RUBYCARP botnet, operated by a Romanian group, is exploiting vulnerabilities and conducting brute force attacks to compromise corporate networks for financial gain. Managed through private IRC channels, the botnet runs over 600 compromised servers, using Perl-based payloads for attacks with low detection rates. It has been active for over … Read more
April 9, 2024 at 07:54AM After paying cybercriminals to prevent the release of stolen data from a ransomware attack, Change Healthcare is being extorted again by a different group, RansomHub. This comes after a previous incident involving the BlackCat ransomware gang. The repeated extortion highlights the risk of paying ransoms and the prevalence of cyber … Read more
April 8, 2024 at 07:33AM Threat hunters discovered a new malware, Latrodectus, distributed through email phishing campaigns since late November 2023. It is associated with IcedID threat actors and has been primarily linked to two initial access brokers. The malware has sophisticated capabilities and is expected to be increasingly used by financially motivated threat actors. … Read more
April 5, 2024 at 01:24PM Magecart attackers have devised a new method of implanting persistent backdoors in e-commerce websites to automatically deploy malware. They exploit a critical command injection vulnerability in the Adobe Magento e-commerce platform to execute arbitrary code, using a layout template to inject malware into compromised sites. Upgrading to specific versions of … Read more
April 5, 2024 at 07:06AM Tech firm Acuity experienced a cybersecurity incident, claimed IntelBroker, a known hacker. The stolen data includes personal information and alleged classified communications from the ‘Five Eyes Intelligence Group’. Majority of the compromised email addresses are associated with the State Department. Acuity deemed the compromised data as non-sensitive and has taken … Read more
April 5, 2024 at 04:33AM Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are facing targeted attacks by a sophisticated threat called JSOutProx, utilizing both JavaScript and .NET. The attacks have been traced back to threat actor Solar Spider and involve leveraging spear-phishing emails and various malicious activities. Cybersecurity company … Read more
April 4, 2024 at 06:56AM Leicester City Council confirms a ransomware attack where data was stolen and leaked, impacting residents with exposed personal information. The council is working with authorities to investigate, while residents are advised to remain vigilant. They have restored many services and shared their efforts to address the situation. Similar attacks have … Read more
April 3, 2024 at 07:27AM Summary: Operation Cronos on Feb. 19, 2024 significantly disrupted LockBit’s ransomware operations, leading to a takeover of its leak site by UK’s NCA. Authorities leveraged the site to cast doubt on LockBit’s promises and distribute information about the group. Fallout from the disruption hinted at the significant impact on the … Read more
April 2, 2024 at 11:43AM Russia’s Prosecutor General’s Office has indicted six men for card skimming crimes, involving using malware to steal payment card information from foreign online stores. The suspects are accused of bypassing website security, accessing databases, and selling the stolen card details on the dark web. Authorities advise using digital payment methods … Read more
April 2, 2024 at 07:22AM The cyber skids at INC Ransom claim responsibility for a cybersecurity incident at Leicester City Council, mentioning the theft of 3 TB of data. INC Ransom used “flashing” tactics to pressure the council. While recovery efforts are ongoing, many online services are back, but the council remains silent on data … Read more