Ransomware victims targeted by fake hack-back offers

January 9, 2024 at 04:13PM Threat actors impersonating security researchers targeted ransomware victims, offering to hack back attackers and delete stolen data for a fee. Arctic Wolf found instances of this scam targeting organizations hit by Royal and Akira ransomware. The scammers used consistent communication methods, indicating a single actor behind both attempts. This adds … Read more

Beware Weaponized YouTube Channels Spreading Lumma Stealer

January 9, 2024 at 10:41AM Attackers are distributing Lumma Stealer through YouTube channels featuring cracked application tutorials, using open source platforms to bypass web filters. The malware targets sensitive user information and is spread through malicious URLs in YouTube descriptions. Fortinet researchers outlined the attack process and advised caution regarding application downloads to avoid malware … Read more

‘Swatting’ Becomes Latest Extortion Tactic in Ransomware Attacks

January 8, 2024 at 01:29PM Threat actors are targeting medical institutions through “swatting,” a form of pressure tactic involving fake bomb threats to force hospitals to pay ransom demands. Intrusions at Fred Hutchinson Cancer Center and Integris Health illustrate the escalation in cyber-extortion tactics. It remains to be seen whether these measures will yield ransom … Read more

The Week in Ransomware – January 5th 2024 – Secret decryptors

January 5, 2024 at 05:23PM Summary: – BleepingComputer tested a new decryptor for Black Basta ransomware. – Xerox Business Solutions suffered a cyberattack, possibly exposing personal information. – Australia’s Court Services Victoria suffered a ransomware attack, potentially exposing sensitive recordings. – The Zeppelin2 ransomware source code and builder were sold on a hacking forum. – … Read more

Fire Sale: Zeppelin Ransomware Source Code Sells for $500 on Dark Web

January 5, 2024 at 04:53PM The source code and builder for the Zeppelin ransomware strain, previously considered defunct, were sold for $500 on a Russian cybercrime forum, prompting concerns about its potential revival. The buyer’s intent to reuse the code in a similar manner to previous cases is uncertain. The sale’s motive remains unclear, as … Read more

Web3 security firm CertiK’s X account hacked to push crypto drainer

January 5, 2024 at 12:24PM CertiK’s Twitter/X account was hijacked, redirecting 343,000 followers to a malicious website promoting a cryptocurrency wallet drainer. An investigation is underway following a social engineering attack, with rogue posts warning of vulnerabilities and leading to phishing and scams. Other high-profile accounts have faced similar breaches, underscoring the threat of cryptocurrency-related … Read more

Russian hackers wiped thousands of systems in KyivStar attack

January 4, 2024 at 02:39PM Russian hackers targeted Ukraine’s largest telecom provider, Kyivstar, in December 2023. They wiped thousands of servers and computers, causing a massive internet outage for its 25 million subscribers. Ukrainian authorities suspect the involvement of the Russian military-linked group, Solntsepek, known for attacking Ukrainian telecom targets since May 2023. Military communications … Read more

Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners

January 4, 2024 at 06:24AM Three new malicious packages discovered in the Python Package Index (PyPI) repository can deploy a cryptocurrency miner on affected Linux devices. The packages, modularseven, driftme, and catme, attracted 431 downloads before being removed. They conceal their payload, deploy a CoinMiner executable, and persistently exploit devices, evading detection and security software. … Read more

Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts

December 29, 2023 at 11:16AM Multiple malware families are exploiting an undocumented Google OAuth endpoint called “MultiLogin” to revive expired authentication cookies and infiltrate users’ accounts. This technique allows cybercriminals to gain unauthorized access to Google accounts, even after password resets or logouts. Despite being notified, Google has not responded to inquiries about this issue. … Read more

Millions of Xfinity customers’ info, hashed passwords stolen in cyberattack

December 19, 2023 at 03:47PM Millions of Comcast Xfinity customers’ personal data was likely stolen by exploiting Citrix Bleed in October. The breach was discovered during a cybersecurity exercise on October 25, and 35.9 million people were affected. Stolen data includes usernames, hashed passwords, contact details, and secret security question-answers. Xfinity is urging customers to … Read more