August 23, 2024 at 01:36AM Deniss Zolotarjovs, a Latvian residing in Moscow, has been charged in the U.S. for allegedly engaging in cybercrimes, including data theft, extortion, and money laundering. Zolotarjovs is linked to a cybercriminal organization involved in ransomware attacks and is the first member of the group to be extradited to the U.S. … Read more
August 16, 2024 at 07:45AM Cybercriminals are promoting Banshee Stealer, a new macOS malware capable of stealing various data from compromised systems. Advertised for $3,000/month, it targets macOS passwords, hardware/software info, keychain passwords, browser data, and cryptocurrency wallets. While it evades detection by checking for analysis signs, its evasion methods are basic, leaving it susceptible … Read more
August 15, 2024 at 03:21AM A new threat actor, known as Actor240524, has launched cyber attacks targeting Azerbaijan and Israel to steal sensitive data, using spear-phishing emails and malware like ABCloader and ABCsync. The attacks aim to avoid detection through anti-sandbox and anti-analysis techniques. NSFOCUS attributes the attacks to disrupt the cooperative relationship between the … Read more
August 12, 2024 at 12:27AM Russian government and IT organizations are targets of a spear-phishing campaign, codenamed EastWind. The attack deploys backdoors and trojans through booby-trapped LNK files, leveraging DLL side-loading techniques. Malware variants GrewApacha, CloudSorcerer, and PlugY are used for espionage, exfiltration, and data theft via various platforms including Dropbox and GitHub. Additionally, a … Read more
August 9, 2024 at 11:25AM A widespread malware campaign installed malicious Google Chrome and Microsoft Edge browser extensions, stealing browsing history and data. Malware employed diverse malvertising themes, infecting victims’ web browsers through fake software installers and digitally signed downloaders. The malware evaded antivirus detection, hijacked browser homepages, and persisted in the system, necessitating manual … Read more
August 5, 2024 at 03:25PM A critical RCE security vulnerability (CVE-2024-38856) in Apache OFBiz poses a high risk with a CVSS score of 9.8. Threat actors could exploit this bug to access critical endpoints, potentially leading to data theft and lateral network movement. Admins are advised to upgrade to version 18.12.15 or newer to mitigate … Read more
August 2, 2024 at 04:01PM A Fortune 50 company paid a record-breaking $75 million ransom to the cybercriminal group Dark Angels, exceeding all previous confirmed ransom payments. Dark Angels targets high-value victims and exfiltrates large amounts of sensitive data, operating with subtlety and avoiding business disruption. However, Zscaler predicts that their tactics could inspire other … Read more
July 26, 2024 at 04:55PM Researchers discovered a Python package called “lr-utils-lib” on PyPi, designed to target specific macOS machines and steal Google Cloud Platform credentials. The package conceals malicious code in its setup, posing as a legitimate package, and uses social engineering tactics. The campaign is unique due to its highly targeted nature, posing … Read more
July 24, 2024 at 09:40AM Internal documents stolen from IT services provider Leidos Holdings, contracted with the US Department of Defense and other agencies, have been leaked. The files are said not to contain “sensitive customer data,” but the incident emphasizes the need for stronger security measures. The company, with a workforce of 47,000, and … Read more
July 15, 2024 at 01:48PM A sophisticated criminal network based in Iraq has been uncovered, revolving around a Telegram bot with over 90,000 messages mainly in Arabic. Checkmarx researchers found the bot to be central to a larger cybercriminal ecosystem offering various illicit services. They also discovered malicious Python packages on PyPI facilitating data theft, … Read more