July 5, 2024 at 09:07AM OVHcloud recently thwarted a record-breaking DDoS attack, reaching a packet rate of 840 million packets per second. The attack utilized a TCP ACK flood from 5,000 source IPs and a DNS reflection attack from 15,000 DNS servers. Such attacks, including those leveraging compromised MikroTik routers, are becoming more frequent and … Read more
July 5, 2024 at 09:07AM Cybercriminal activity has increased around the Euro 2024 football tournament, with over 15,000 UEFA credentials exposed on underground forums. Threat intelligence firm Cyberint warns of potential risks for fans and their employers due to stolen corporate credentials. The tournament has already been targeted by DDoS attacks and is expected to … Read more
July 5, 2024 at 07:52AM OVHcloud announced its mitigation of the largest ever packet rate DDoS attack, reaching 840 Mpps, revealing a surge in such attacks with over 100 Mpps. The attacks aim to disrupt infrastructure leading to an increase in bandwidth and resources. The company attributes the attacks to the misuse of MikroTik routers … Read more
July 5, 2024 at 05:56AM Cybereason reported that the GootLoader malware, linked to threat actor Hive0127, continues to evolve, with the latest version being GootLoader 3. It is distributed via SEO poisoning and serves as a conduit for delivering various payloads. The attackers have also unleashed their own command-and-control tool, expanding their market for financial … Read more
July 5, 2024 at 05:04AM Summary: The blog entry discusses how attackers can use the Jenkins Script Console for cryptomining by executing malicious Groovy scripts if the console is not properly configured. Misconfigurations and vulnerable Jenkins servers can enable remote code execution and the deployment of cryptocurrency miners. The entry also provides mitigations and indicators … Read more
July 4, 2024 at 05:14AM The Mekotio banking trojan is a significant threat to financial systems in Latin America, targeting countries such as Brazil, Chile, Mexico, Spain, and Peru. It infiltrates systems through phishing emails, aiming to steal sensitive information, particularly banking credentials. Users can protect themselves by being cautious with emails, avoiding clicking on … Read more
July 3, 2024 at 12:13PM In 2024, ransomware demands have soared, with an average extortion demand per attack surpassing $5.2 million in the first half of the year. The largest demand was $100 million following an attack on India’s RCC, followed by demands of $50 million and $25 million for other organizations. Despite a decrease … Read more
July 3, 2024 at 03:16AM FakeBat, a widely distributed loader malware, mainly aims to download and execute next-stage payload, using methods like SEO poisoning. Offered as a service on underground forums, it’s designed to bypass security mechanisms. Different activity clusters disseminate FakeBat and it’s being used in various malware campaigns. The malware is sold under … Read more
July 1, 2024 at 12:24PM HubSpot is actively investigating and blocking attempts to hack into customer accounts. They have reported at least 50 targets have been breached, with unauthorized access to less than 50 accounts. The company has taken necessary steps to revoke the attacker’s access and believes the impact will be isolated to a … Read more
July 1, 2024 at 09:06AM Transparent Tribe, a threat actor, has been targeting individuals with malware-laced Android apps as part of a social engineering campaign. Their latest campaign, dubbed CapraTube, expanded to target mobile gamers, weapons enthusiasts, and TikTok fans. The group has a history of targeting the Indian government and military, using spear-phishing and … Read more