October 3, 2024 at 02:53PM The FIN7 threat group is using artificial intelligence and social engineering in a provocative campaign, advertising a “DeepNude Generator” to trick users into downloading infostealing malware. It also targets corporate users with malvertising. FIN7’s sophisticated tactics demonstrate a persistent and evolving threat, requiring organizations to develop indicators of attack and … Read more
July 25, 2024 at 07:31AM Meta Platforms removed around 63,000 Instagram accounts in Nigeria targeting individuals with financial sextortion scams, including a coordinated network of 2,500 accounts linked to around 20 individuals. The company also removed 7,200 assets, attributing some to a cybercrime group and reported such accounts to NCMEC. INTERPOL conducted a global law … Read more
July 15, 2024 at 04:42PM The SEXi ransomware group, now operating as APT Inc., uses leaked Babuk and LockBit 3 encryptors to target VMware ESXi and Windows servers. They demand ransom varying from thousands to millions and have no known weaknesses in their encryption methods. Victims have publicly shared their experiences, including ransom notes with … Read more
May 29, 2024 at 09:07AM A new cybercrime group named “Moonstone Sleet,” associated with North Korea and tracked by Microsoft, deceives targets with fake job offers to distribute malware and ransomware for financial gain. The group deployed trojanized software via LinkedIn, Telegram, and freelancing platforms, and has been linked to the deployment of a new … Read more
April 19, 2024 at 08:04AM Telecom giant Frontier Communications reported to the SEC a cyberattack resulting in certain system shutdowns. The incident was identified on April 14, with unauthorized access gained by a cybercrime group. Frontier initiated response protocols, contained the incident, restored its IT environment, and notified law enforcement. It’s believed that the attack … Read more
March 27, 2024 at 04:09AM A new phishing campaign discovered by Trustwave SpiderLabs involves a novel loader malware delivering Agent Tesla via a deceptive bank payment notification email. The malware evades detection and antivirus defenses, retrieves its payload using unique URLs, and exfiltrates data via legitimate email accounts. This tactic poses challenges for detection and … Read more
February 14, 2024 at 12:33PM Prudential Financial, a major global insurance and financial services company, experienced a digital breach leading to unauthorized access to internal and customer data by a criminal group. The company has $1.4 trillion in assets under management and serves over 50 million customers, making it an attractive target for cybercriminals. The … Read more
January 10, 2024 at 10:37AM ShinyHunters group member Sebastien Raoult, 22, was sentenced to three years and must return $5 million in proceeds after developing fake websites to steal victims’ credentials, leading to data theft and financial harm. The French national caused substantial losses to companies, and his extradition from Morocco resulted in a 36-month … Read more
December 19, 2023 at 06:03AM CISA, FBI, and ACSC have issued an advisory on Play ransomware, detailing its tactics, targets, and impact. The ransomware gang uses double-extortion tactics, exploits various vulnerabilities for access, and encrypts victim data. The advisory includes indicators of compromise, mitigation steps, and recommends testing security controls against the threat behaviors outlined … Read more
November 27, 2023 at 10:24AM Healthcare solutions company Henry Schein is in the process of restoring its systems after a ransomware group re-encrypted files during negotiations. The group, known as Alphv and BlackCat, claimed responsibility for the attack, saying they encrypted files and stole sensitive data. Henry Schein confirmed a data breach and potential theft … Read more