July 4, 2024 at 12:18PM A threat actor compromised Ethereum’s mailing list provider and sent a phishing email to over 35,000 addresses, luring recipients to a malicious site offering investment returns. Ethereum disclosed the incident, stating it had no material impact. The internal security team launched an investigation, blocked the attacker, and warned the community. … Read more
July 3, 2024 at 09:57AM Censys reports over 380,000 internet-exposed hosts with JavaScript scripts referencing the suspended polyfill.io domain. Following its suspension for malicious activities, over 100,000 websites were affected, prompting industry responses. Censys now identifies 384,773 hosts still referencing the domain. Further concerns arise about other potentially compromised domains controlled by the same threat … Read more
June 26, 2024 at 03:11PM The domain polyfill[.]io, used by over 100,000 websites for JavaScript code, has been compromised, serving malicious code like dynamic payloads and leading users to porn and betting sites. The sale of the domain to a Chinese organization has raised security concerns. Website owners are urged to remove references to the … Read more
June 26, 2024 at 02:21PM The LockBit ransomware group made a bold claim, stating they breached the US Federal Reserve and stole 33 terabytes of banking data. However, it was revealed that they targeted an individual bank, not the Fed. This baseless claim is seen as a desperate attempt by LockBit to stay relevant after … Read more
June 6, 2024 at 11:18AM Pandabuy, a Chinese shopping platform, revealed to BleepingComputer that it paid a ransom to prevent stolen data from being leaked. The threat actor, known as ‘Sanggiero’, attempted to extort the company again, claiming to have 17 million rows of data. Pandabuy confirmed fixing previous vulnerabilities and ceased cooperation with the … Read more
June 5, 2024 at 05:06AM Northern Minerals, an Australian rare-earth metals producer, fell victim to a data breach by the BianLian ransomware gang. Exfiltrated data, including operational, financial, and personal information, was released on the dark web. Despite the breach, the company’s operations and systems were not materially impacted. The incident coincided with political developments, … Read more
May 31, 2024 at 11:51AM ShinyHunters, a notorious threat actor, is allegedly selling a massive trove of Santander Bank’s data, impacting 30 million customers and employees. This follows a recent data breach affecting the bank. ShinyHunters is known for similar activities and has a history of selling stolen data from various companies. The legitimacy of … Read more
May 10, 2024 at 05:15PM China is the top cyber threat to the US government, critical infrastructure, and private-sector networks, according to the nation’s intelligence community. However, cybersecurity strategist Crystal Morin believes a destructive cyber-attack against the US would come from Iran before any other source. She concurs with US spy agencies that China remains … Read more
April 29, 2024 at 04:27PM A new cluster of activity known as “Muddling Meerkat” is linked to a Chinese state-sponsored threat actor manipulating global DNS systems since October 2019. Notable for its manipulation of MX records through China’s Great Firewall, the activity exhibits advanced capabilities to provoke false responses and prompt fake DNS queries. The … Read more
April 25, 2024 at 01:51PM The Lazarus Group utilized job lures to distribute the Kaolin RAT, enabling deployment of the FudModule rootkit. This advanced operation, deemed overkill by Avast, involves a multi-stage sequence to ultimately establish communications with the RAT’s C2 server. The malware is capable of various operations including file manipulation and process execution, … Read more