July 5, 2024 at 05:56AM Cybereason reported that the GootLoader malware, linked to threat actor Hive0127, continues to evolve, with the latest version being GootLoader 3. It is distributed via SEO poisoning and serves as a conduit for delivering various payloads. The attackers have also unleashed their own command-and-control tool, expanding their market for financial … Read more
July 5, 2024 at 01:06AM A supply chain attack on the widely-used Polyfill[.]io JavaScript library has affected over 380,000 hosts, including prominent companies like WarnerBros, Hulu, Mercedes-Benz, and Pearson. The attack involved code modifications redirecting users to adult and gambling websites. The incident led to domain suspensions, content delivery network actions, and warnings of broader … Read more
July 2, 2024 at 08:28PM Summary: Over 500 credentials were stolen from Snowflake environments, impacting at least 165 customers. The cybersecurity investigation labeled it an information-stealing malware incident, urging enhanced security measures. Experts advise collecting and analyzing account data, using a single sign-on provider, and limiting the blast radius of a breach to enhance security. … Read more
July 1, 2024 at 09:06AM Transparent Tribe, a threat actor, has been targeting individuals with malware-laced Android apps as part of a social engineering campaign. Their latest campaign, dubbed CapraTube, expanded to target mobile gamers, weapons enthusiasts, and TikTok fans. The group has a history of targeting the Indian government and military, using spear-phishing and … Read more
July 1, 2024 at 06:42AM Code libraries are essential for adding standardized functionality to a project, but they can also be vulnerable to supply chain attacks. Polyfill.io, a JavaScript enhancement service, was accused of distributing malware, raising concerns about the security of third-party libraries and the potential impact on user security. The incident highlights the … Read more
June 27, 2024 at 10:39AM P2PInfect, a peer-to-peer botnet, has shifted from being dormant to a financially motivated operation, targeting misconfigured Redis servers with ransomware and cryptocurrency miners. It spreads by transforming victim systems into follower nodes and has been updated to target MIPS and ARM architectures. The malware uses a mesh network to push … Read more
June 26, 2024 at 08:08AM The P2Pinfect worm, originally targeting Redis servers, has been modified to include ransomware and cryptocurrency mining payloads. This new update poses a heightened threat to Redis servers. This update was reported by SecurityWeek. Based on the meeting notes, the key takeaways are: – The P2Pinfect worm, previously targeting Redis servers, … Read more
June 25, 2024 at 06:08AM P2PInfect, initially a dormant malware botnet, has become active, deploying ransomware and a cryptominer on Redis servers. Cado Security reports conflicting evidence about its motives and identifies new features such as cron-based persistence mechanisms and SSH lockout. The malware also targets 32-bit MIPS processors. It now poses a genuine threat … Read more
June 22, 2024 at 07:54AM A new phishing attack targets Meta Quest (formerly Oculus) app seekers, tricking them into downloading an adware called AdsExhaust. This adware can capture screenshots, interact with browsers, and generate revenue for operators by clicking on ads. The attack also includes social engineering tactics and the use of YouTube videos to … Read more
June 22, 2024 at 04:22AM The US government banned Kaspersky Lab from selling its products and issuing updates in America, and sanctioned some of its top executives on Friday. A 12-minute video discussion on this topic, “Kettle,” features cybersecurity editor Jessica Lyons, journalists Tom Claburn, Chris Williams, and Iain Thomson. The video is available as … Read more