February 13, 2024 at 02:37PM A threat actor leaked 200,000 records of Facebook Marketplace users’ personal information, including phone numbers and email addresses. Meta, the parent company of Facebook, has not yet commented. The leak, attributed to ‘algoatson’ on Discord, could lead to phishing and SIM swap attacks. IntelBroker is known for previous breaches, and … Read more
February 12, 2024 at 09:03AM A cyberespionage campaign, possibly linked to China, has been using a custom backdoor since at least 2021. The campaign remained undiscovered for two years, highlighting its stealthy nature. Source: SecurityWeek. Based on the meeting notes, it seems that there is a discussion about a cyberespionage campaign linked to China, utilizing … Read more
February 9, 2024 at 12:27PM The malware Raspberry Robin has evolved to utilize new one-day exploits for local privilege escalation, making it harder to detect and analyze. It serves as an initial access facilitator for other malicious payloads and has ties to various e-crime groups. The threat actors behind it purchase exploits from the dark … Read more
February 6, 2024 at 05:38AM A Singapore-based cybersecurity firm, Group-IB, uncovered a new threat actor, ResumeLooters, targeting employment agencies and retail companies in the Asia-Pacific region. The group aims to steal sensitive data from job search platforms, compromising over 65 websites and collecting millions of user data records. The stolen information is then sold on … Read more
February 5, 2024 at 08:45AM Patchwork used romance scam lures to distribute VajraSpy trojan in India and Pakistan. ESET uncovered 12 espionage apps, including some on Google Play, infecting over 1,400 devices. The malware steals various data and was spread through fake messaging apps. This isn’t the first time for Patchwork, which has targeted similar … Read more
February 4, 2024 at 12:19PM On Feb 3, 2024, AnyDesk reported a cyber attack, compromising its production systems. The German company revoked security certificates, urged password changes, and recommended downloading new software versions. No evidence of end-user system effects was found. Cybersecurity firm Resecurity discovered threat actors selling customer credentials for potential scams, prompting concerns … Read more
February 4, 2024 at 12:19PM Russian state-sponsored APT28 group has been actively conducting NTLM v2 hash relay attacks since April 2022, targeting various industries worldwide. Managed by Russia’s GRU military intelligence, the group employs multiple aliases and has a history of spear-phishing and using router vulnerabilities to carry out attacks. Their tactics continue to evolve … Read more
February 4, 2024 at 12:19PM Cloudflare disclosed a likely nation-state cyber attack involving unauthorized access to its Atlassian server, leading to exposure of documentation and source code. The breach led to rotating production credentials, system triages, and termination of malicious connections. The attacker exploited stolen credentials from other hacks, prompting increased security measures and engaging … Read more
February 4, 2024 at 10:42AM A suspected state-sponsored threat actor gained unauthorized access to internal Cloudflare systems using credentials stolen in the Okta hack, posing a significant security risk. This breach highlights the escalating challenges posed by nation-state cyber threats. Full details are available on SecurityWeek. Based on the meeting notes, it seems that a … Read more
February 2, 2024 at 03:09PM Security researchers have identified a new cyberattack using cracked copies of popular macOS software to distribute a backdoor. The campaign is notable for its sheer scale and novel payload delivery. It targets business users with titles of likely interest, potentially leading to a significant number of infections. The attack aims … Read more