January 4, 2024 at 08:37PM Threat actor UNC-0050, known for targeting Ukrainian organizations with RemcosRAT, is back with a new tactic using anonymous pipes to transfer data covertly. The group’s latest campaign aims at Ukrainian government entities, posing a significant risk to Windows-reliant sectors. Uptycs researchers highlighted the group’s politically motivated activities and state the … Read more
December 27, 2023 at 04:11AM Yakult Australia and New Zealand have confirmed a “cyber incident,” currently under investigation with cyber experts. The incident, detected in mid-December, has led to data leaks. A group named ‘DragonForce’ claims responsibility for the attack, leaking 95 GB of data, including company information and employee records. The offices remain operational … Read more
December 22, 2023 at 01:18PM French video game publisher Ubisoft is investigating a potential breach after images of its internal software and developer tools were leaked online. Security research collective VX-Underground shared screenshots suggesting unauthorized access to Ubisoft’s internal services. The threat actor claimed to have accessed various platforms and attempted to steal user data … Read more
December 22, 2023 at 01:11PM Ubisoft is investigating a potential breach after images of internal software and developer tools surfaced online. VX-Underground claims an unknown threat actor breached Ubisoft and intended to exfiltrate around 900GB of data. This alleged breach involves access to various services, including MongoDB Atlas. Ubisoft is currently investigating the incident. Based … Read more
December 21, 2023 at 05:04PM An unidentified threat actor conducted numerous social engineering campaigns targeting American and Canadian organizations, aiming to infect them with the multifaceted DarkGate malware. Named “BattleRoyal,” the actor utilized a variety of techniques including phishing emails, fake browser updates, and exploit of Windows Defender vulnerability. The actor later switched to using … Read more
December 19, 2023 at 01:22PM The FBI and CISA released a joint Cybersecurity Advisory (CSA) to share known IOCs and TTPs linked to the ALPHV Blackcat ransomware. The advisory warns organizations of evolving tactics used by the threat actors, including advanced social engineering and remote access software deployment. It also provides mitigations and incident response … Read more
December 18, 2023 at 09:39AM Developers continue to enhance Rhadamanthys malware, broadening its capabilities and incorporating a plugin system for customization. Deployed through malicious sites, the malware harvests sensitive information from compromised hosts. Check Point’s analysis reveals its evolution into a potent threat, with a new plugin system allowing customized deployment. Similar to Rhadamanthys, AsyncRAT … Read more
December 15, 2023 at 02:37AM The blog discusses CVE-2023-50164, a critical vulnerability in Apache Struts 2 that enables unauthorized path traversal and remote code execution. It advises users to upgrade to Struts 2.5.33, 6.3.0.2, or higher to mitigate the risk. The vulnerability is exploited by various threat actors and can be mitigated using security solutions … Read more
December 14, 2023 at 05:20PM Group-IB has detected a new threat group, “GambleForce,” engaged in SQL injection attacks on organizations in the Asia-Pacific region. This group has targeted various sectors, including gambling, government, retail, travel, and job websites, using publicly available penetration-testing tools. The threat actor’s activities have led to data breaches in multiple organizations, … Read more
December 14, 2023 at 11:18AM Group-IB reports a new hacking group, GambleForce, targeting 24 organizations in Asia-Pacific using SQL injections and CMS vulnerabilities to steal sensitive information. The group relies on open source tools and has successfully exfiltrated data from organizations in Australia, Indonesia, the Philippines, and South Korea. GambleForce’s C&C has been taken down … Read more