October 17, 2024 at 10:15AM Cybersecurity researchers have investigated Cicada3301, a new ransomware-as-a-service (RaaS), revealing its affiliate program on the dark web. With advanced features and capabilities, it has compromised over 30 organizations, primarily in the U.S. and U.K. Its sophisticated operation poses a significant threat to network security. ### Meeting Takeaways – Oct 17, … Read more
July 31, 2024 at 12:27PM A new Android malware called ‘BingoMod’ can steal money from victims’ bank accounts using on-device fraud techniques, leading to the wiping of their devices. Based on the meeting notes, the key takeaways are that there is a new Android malware called ‘BingoMod’ which is capable of stealing money from victims’ … Read more
July 18, 2024 at 01:54PM Researchers discovered a fake ad blocker in China targeting Internet cafés that conceals sophisticated malware. “HotPage.exe,” approved by Microsoft, appears as adware but can intercept web traffic, introduce more ads, and drop a system-level driver. ESET reported it to Microsoft, who removed it on May 1. The malware is developed … Read more
March 6, 2024 at 11:27AM BlackCat ransomware operators have shut down their darknet website in an apparent exit scam, following a fake law enforcement seizure banner. The group allegedly received a $22 million ransom payment, refused to share proceeds, and may rebrand in the future. Cybersecurity experts speculate the motives, citing possible internal concerns and … Read more
February 20, 2024 at 12:39AM An international law enforcement operation, codenamed Operation Cronos, led to the seizure of darknet domains operated by LockBit ransomware group, involving 11 countries. Exploiting a security flaw, authorities gained control of sites, revealing extensive data on victims and operations. This blow follows the dismantling of BlackCat ransomware, impacting LockBit’s operations. … Read more
January 25, 2024 at 02:30AM CherryLoader, a new Go-based malware loader, has been discovered by threat hunters. It masquerades as the legitimate CherryTree note-taking application to trick victims. The loader delivers privilege escalation tools and can swap out exploits without recompiling code. Its distribution method is unknown, but it is contained in a RAR archive … Read more
December 7, 2023 at 01:57PM A new version of HeadCrab malware targets Redis servers for cryptomining and further attacks, with over 1,100 additional infections reported by Aqua Security. The malware now has enhanced ability to hide its presence, and its sole user, Ice9, has interacted with researchers via a built-in “mini blog.” Security enhancements in … Read more
November 20, 2023 at 05:34PM LittleDrifter is a recently discovered worm that spreads through USB drives and has infected systems in multiple countries. It is believed to be part of a campaign by the Gamaredon state-sponsored espionage group. The malware establishes communication with the group’s command and control server and spreads through USB drives using … Read more