July 23, 2024 at 01:36PM The FrostyGoop malware, linked to Russian threat groups, was used in a cyberattack in January 2024 to disrupt the heating in over 600 apartment buildings in Lviv, Ukraine. The attackers breached the network a year earlier and exploited vulnerabilities in industrial control systems. Organizations are advised to implement specific cybersecurity … Read more
July 11, 2024 at 03:37AM EstateRansomware exploits unpatched Veeam vulnerabilities to drop LockBit variant ransomware and extort payments from victims. The gang gains initial access through brute force attacks against FortiGate firewalls and exploits a Veeam flaw to establish persistence and execute ransomware. Veeam issued a patch in March 2023, emphasizing the importance of timely … Read more
July 9, 2024 at 03:35PM Fujitsu confirmed a data breach compromising individuals’ and customers’ business information, revealing that the attack involved sophisticated malware infecting 49 computers. This incident led to the potential exfiltration of personal and customer data, prompting Fujitsu to enhance security measures and monitor all business computers to prevent future breaches. Based on … Read more
July 3, 2024 at 12:15AM Cybersecurity researchers have uncovered a highly targeted attack campaign, named Supposed Grasshopper, targeting Israeli entities using open-source malware such as Donut and Sliver. The attackers use custom WordPress websites to deliver the malware, and the campaign could be the work of a small team. The end goal of the campaign … Read more
July 1, 2024 at 09:06AM On June 18, 2024, cybersecurity firm Rapid7 discovered trojanized installers for three software products from Indian company Conceptworld, distributing information-stealing malware. The compromise was remediated by Conceptworld within 12 hours of disclosure. The malware is capable of stealing browser credentials, cryptocurrency wallet information, logging keystrokes, and establishing connections with command-and-control … Read more
June 28, 2024 at 09:33AM SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that may have gone unnoticed. This week’s stories include Microsoft patching a critical Dataverse vulnerability, a credential stuffing attack on Levi Strauss, a data breach at Ventura County Credit Union, malware delivery by a South Korean ISP, and various … Read more
June 26, 2024 at 09:35AM Snowblind, a new Android malware, bypasses app anti-tampering protections by abusing the seccomp security feature. It targets apps handling sensitive data, intercepts system calls, and manipulates processes to avoid detection and modify app behavior. Google Play Protect offers automatic protection, but the malware’s techniques could pose a threat to Android … Read more
June 25, 2024 at 07:58PM The polyfill.io domain, previously used to add JavaScript polyfills to websites, has been found serving malicious code, infecting over 100,000 sites. Security firms warn website owners to remove any embedded code from the domain. Google is blocking affected websites’ ads, and affected site owners are being notified. The domain’s sale … Read more
June 19, 2024 at 07:00AM Cybersecurity firm Trend Micro discovered a new threat group targeting Chinese-speaking users with a campaign dubbed Void Arachne. The attack employs malicious Windows Installer files for VPNs to distribute the Winos 4.0 command-and-control framework. The campaign involves social media and messaging platforms and promotes compromised files with deepfake and AI … Read more
June 4, 2024 at 12:06PM Russian organizations have been targeted in cyber attacks delivering a Windows version of the Decoy Dog malware by the HellHounds group. The advanced persistent threat (APT) group compromises organizations, remaining undetected for years. The malware includes a custom variant of the open-source Pupy RAT and is designed to maintain covert … Read more