November 14, 2023 at 07:33AM Threat actors are targeting publicly-accessible Docker Engine API instances to create a DDoS botnet called OracleIV. Attackers exploit the misconfiguration to install a malicious Docker container, which contains Python malware. The container also retrieves a shell script from a command-and-control (C&C) server. Cloud security firm Cado observed no evidence of … Read more
November 14, 2023 at 03:27AM Vietnamese threat actors behind the Ducktail stealer malware targeted marketing professionals in India between March and October 2023, aiming to hijack Facebook business accounts. Unlike previous campaigns, this one used Delphi as the programming language. The attackers used sponsored ads on Facebook to propagate malicious ads and deploy malware, gaining … Read more
November 13, 2023 at 10:03AM The RansomedVC group, operating under a ransomware-as-a-service (RaaS) model, has announced its shutdown and plans to sell its infrastructure. The group targeted organizations in Europe and was responsible for attacks on Sony and the District of Columbia Board of Elections. The shutdown is unlikely to have a significant impact on … Read more
November 13, 2023 at 07:48AM Hunters International, a new ransomware group, has acquired the source code and infrastructure from the now-dismantled Hive operation to jumpstart its own efforts. Despite similarities, Hunters International claims to have purchased the Hive source code and website. The group focuses on data exfiltration rather than encryption, targeting victims for data … Read more
November 13, 2023 at 01:32AM The UK’s Royal Mail has been found to have an open redirect flaw on one of its websites, which potentially exposes customers to malware infections and phishing attacks. The vulnerability allows attackers to use the legitimate website to redirect users to malicious sites. The Royal Mail has been notified of … Read more
November 13, 2023 at 12:12AM Cybersecurity researchers have identified a new version of a wiper malware called BiBi-Windows Wiper, which targets Windows systems. This variant is an expansion of the previous BiBi-Linux wiper used in cyber attacks against Israel during the recent Israel-Hamas war. The malware overwrites data in the C:\Users directory with junk data … Read more
November 10, 2023 at 03:06AM China’s largest bank, ICBC, experienced a ransomware attack that disrupted its financial services systems. The incident has impacted US Treasury markets and prevented the settling of trades on behalf of other market players. The attack exploited an unpatched Citrix Netscaler box. The ransomware gang LockBit is suspected to be behind … Read more
November 9, 2023 at 09:09AM A malvertising campaign is targeting users searching for CPU-Z by serving malicious ads that redirect them to a fake Windows news portal. The campaign also cloaks itself by showing innocuous content to those not targeted. The rogue website contains a malicious script that deploys RedLine Stealer. Similar deceptive Google Ads … Read more
November 9, 2023 at 07:40AM Cybercriminals associated with the Cl0p ransomware gang, known as Lace Tempest, have exploited a zero-day vulnerability in on-prem versions of IT service and help desk software SysAid. Microsoft’s Threat Intelligence discovered the exploits and reported them to SysAid, who promptly released patches. The attackers used a new path traversal vulnerability … Read more
November 9, 2023 at 06:39AM Iranian state-sponsored hacking group MuddyWater is using a new command-and-control framework called MuddyC2Go in attacks targeting Israel. The framework, written in Go programming language, is believed to have been in use since early 2020. MuddyC2Go generates PowerShell payloads for post-exploitation activities, and experts recommend close monitoring of PowerShell activity. Key … Read more