July 5, 2024 at 01:11PM Threat actors have leaked alleged Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, threatening to release more if a $2 million extortion demand isn’t met. The data breach occurred via Snowflake, impacting multiple organizations including Neiman Marcus and the Los Angeles Unified School District. Ticketmaster has not confirmed … Read more
July 5, 2024 at 05:56AM Cybereason reported that the GootLoader malware, linked to threat actor Hive0127, continues to evolve, with the latest version being GootLoader 3. It is distributed via SEO poisoning and serves as a conduit for delivering various payloads. The attackers have also unleashed their own command-and-control tool, expanding their market for financial … Read more
July 3, 2024 at 12:52PM A new ransomware player, Volcano Demon, has emerged with innovative locker malware, LukaLocker, and sophisticated evasion tactics, hampering forensic analysis. It employs double extortion, exfiltrates data, and demands ransom via qTox messaging. The malware terminates various security and monitoring services, posing a significant threat. vigilance and IoC monitoring are crucial. … Read more
July 3, 2024 at 06:05AM Unknown threat actors exploited a patched Microsoft MSHTML security flaw to distribute the surveillance tool MerkSpy, targeting users in Canada, India, Poland, and the U.S. The attack used a Microsoft Word document to trigger the exploitation, enabling the download and execution of malicious payloads to collect sensitive information and establish … Read more
July 2, 2024 at 01:41AM A South Korean ERP vendor’s product update server was breached, resulting in the delivery of malware instead of legitimate updates. The attack, potentially linked to the North Korea-associated Andariel group, targeted ERP systems with backdoors named HotCroissant and Riffdoor. This incident, detected by AhnLab, highlights the threat posed by such … Read more
July 1, 2024 at 02:34PM Juniper Networks released an emergency patch for a critical authentication bypass vulnerability, tracked as CVE-2024-2973, affecting Session Smart Router, Conductor, and WAN Assurance Router. The flaw, found internally, has the highest CVSS score of 10. Immediate updates for affected devices are recommended to prevent exploitation. Automatic updates will not disrupt … Read more
June 28, 2024 at 08:10AM Security researchers have uncovered details about the 8220 Gang’s cryptocurrency mining operation, exploiting known vulnerabilities in Oracle WebLogic Server. The threat actor uses fileless execution techniques and a multi-stage loading technique, including dropping a miner payload via PowerShell script. Additionally, a new installer tool called k4spreader has been detailed, used … Read more
June 27, 2024 at 01:57PM Becky Bracken, Senior Editor, Dark Reading, hosts a podcast featuring guests discussing the complexities of ransomware negotiations. The episode highlights the importance of professional expertise and emotional control when facing cyber threats. The guests, Ed Dubrovsky and Joe Tarraf, stress the need for international cooperation and a proactive approach to … Read more
June 26, 2024 at 06:10AM A China-backed APT group, ChamelGang, has been using ransomware to hide its cyberespionage operations for three years. Recently targeting critical infrastructure in East Asia and India, the group’s tactic aims to provide deniability and cover tracks while exfiltrating data. ChamelGang’s focus on data theft and cyberespionage is attributed to geopolitical … Read more
June 25, 2024 at 04:05PM A threat actor may have accessed critical data on US chemical facilities by exploiting vulnerabilities in the CISA’s Chemical Security Assessment Tool. The compromised information includes chemical inventories, security assessments, and personnel details. This breach poses potential safety risks, and affected organizations are advised to review and enhance their cybersecurity … Read more