March 12, 2024 at 03:37PM Acer Philippines confirmed a data breach by a third-party vendor, leading to leaked employee data on a hacking forum. The company stated no direct breach of its systems and reassured no customer data was affected. Acer is working with cybersecurity experts and law enforcement in response to the incident. Multiple … Read more
March 11, 2024 at 04:17PM Okta denies leaked company data from October 2023 cyberattack. The breach impacted customer support system users, including stolen credentials allowing attackers to access cookies and authentication. A threat actor claimed to release an Okta Database containing 3,800 customer records. Okta confirms the data does not belong to them, likely from … Read more
March 11, 2024 at 08:09AM Check Point reports that the financially motivated threat actor, Magnet Goblin, has been exploiting one-day vulnerabilities in public-facing services to deploy Linux backdoors. The actor targeted various vulnerabilities, including in Ivanti VPNs, Magento, and Qlik Sense. Check Point warns of ongoing trends for threat actors to target under-protected areas. Based … Read more
March 11, 2024 at 06:51AM Threat actors using BianLian ransomware exploit security flaws in JetBrains TeamCity software for extortion-only attacks. The cyberattack involves exploiting TeamCity vulnerabilities to gain initial access, deploying the BianLian backdoor, and using PowerShell for remote communication. VulnCheck also detailed PoC exploits for a critical flaw in Atlassian Confluence, indicating widespread exploitation. … Read more
March 7, 2024 at 01:33AM Threat actors are using fake websites promoting popular video conferencing apps like Google Meet, Skype, and Zoom to distribute malware targeting Android and Windows users. The attackers are using typosquatting tricks to deceive users into downloading Remote Access Trojans. Additionally, a new malware called WogRAT is targeting Windows and Linux … Read more
March 1, 2024 at 08:57AM Five Eyes agencies warn of ongoing exploitation of Ivanti VPN flaws and encourage organizations to assume credentials have been compromised, hunt for malicious activity, use Ivanti’s Integrity Checker Tool, and apply patches. Ivanti releases enhanced ICT to detect new/changed files on affected appliances. Agencies offer IoCs, Yara rules, and incident … Read more
February 28, 2024 at 11:21AM Epic Games denies cyberattack claim by Mogilevich extortion group, citing lack of evidence. The group purports to have breached several organizations and is allegedly selling data, requiring proof of funds to share samples. Security researchers suspect a scam due to lack of evidence. Mogilevich also claims to be a Ransomware-as-a-Service … Read more
February 27, 2024 at 12:23PM The Economist and 8,000 other entities were compromised in Operation SubdoMailing, part of a larger single threat actor operation. Trusted brands, such as The Economist, were affected. It appears that Trusted brands like The Economist are among 8,000 entities compromised by Operation SubdoMailing, which is part of a larger operation … Read more
February 26, 2024 at 01:39AM Earth Lusca, a China-linked threat actor, launched a campaign targeting Taiwan before the national elections, using geopolitical relations as a lure to infect selected targets. The attacks involved spear phishing and a multi-stage infection chain, ultimately deploying a stageless Cobalt Strike payload. There are significant overlaps between the tools used … Read more
February 23, 2024 at 07:15AM Sophos reported that recent ransomware attacks used the leaked LockBit ransomware builder, dropped on 30 customer networks and created by a different threat actor. The attacks exploit an authentication bypass vulnerability in unpatched ScreenConnect servers, prompting CISA to issue a security directive. Despite a law enforcement operation, LockBit attacks continue … Read more