January 12, 2024 at 03:09AM Cybersecurity researchers have discovered a new attack using misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners and conceal them with rootkits. The attackers exploit flaws to run remote code on targeted systems and hide mining processes. Mitigations include deploying agent-based security solutions to detect and prevent such attacks. … Read more
January 12, 2024 at 12:11AM Pikabot malware, associated with the Water Curupira intrusion set, was used in phishing campaigns through 2023. Similar to Qakbot, it consists of a loader and core module enabling unauthorized access. The campaigns targeted victims via spam emails with malicious attachments, evolving to include a PDF file delivery method. Organizations are … Read more
January 10, 2024 at 11:35AM The emerging threat actor, Water Curupira, is using a new, sophisticated loader in thread-jacking phishing campaigns, signaling a precursor to ransomware attacks. Based on the meeting notes, it seems that an emerging threat actor named Water Curupira is using a new and sophisticated loader in thread-jacking phishing campaigns that are … Read more
January 5, 2024 at 04:53PM The source code and builder for the Zeppelin ransomware strain, previously considered defunct, were sold for $500 on a Russian cybercrime forum, prompting concerns about its potential revival. The buyer’s intent to reuse the code in a similar manner to previous cases is uncertain. The sale’s motive remains unclear, as … Read more
January 5, 2024 at 03:08PM BreathForums admin Conor Fitzpatrick was re-arrested for violating pretrial conditions, including using an unmonitored computer and a VPN. He openly admitted to being the threat actor “Pompourin” and creating BreachForums to leak stolen data. Fitzpatrick was charged with theft and sale of sensitive personal information and will remain in custody. … Read more
January 4, 2024 at 08:37PM Threat actor UNC-0050, known for targeting Ukrainian organizations with RemcosRAT, is back with a new tactic using anonymous pipes to transfer data covertly. The group’s latest campaign aims at Ukrainian government entities, posing a significant risk to Windows-reliant sectors. Uptycs researchers highlighted the group’s politically motivated activities and state the … Read more
December 27, 2023 at 04:11AM Yakult Australia and New Zealand have confirmed a “cyber incident,” currently under investigation with cyber experts. The incident, detected in mid-December, has led to data leaks. A group named ‘DragonForce’ claims responsibility for the attack, leaking 95 GB of data, including company information and employee records. The offices remain operational … Read more
December 22, 2023 at 01:18PM French video game publisher Ubisoft is investigating a potential breach after images of its internal software and developer tools were leaked online. Security research collective VX-Underground shared screenshots suggesting unauthorized access to Ubisoft’s internal services. The threat actor claimed to have accessed various platforms and attempted to steal user data … Read more
December 22, 2023 at 01:11PM Ubisoft is investigating a potential breach after images of internal software and developer tools surfaced online. VX-Underground claims an unknown threat actor breached Ubisoft and intended to exfiltrate around 900GB of data. This alleged breach involves access to various services, including MongoDB Atlas. Ubisoft is currently investigating the incident. Based … Read more
December 21, 2023 at 05:04PM An unidentified threat actor conducted numerous social engineering campaigns targeting American and Canadian organizations, aiming to infect them with the multifaceted DarkGate malware. Named “BattleRoyal,” the actor utilized a variety of techniques including phishing emails, fake browser updates, and exploit of Windows Defender vulnerability. The actor later switched to using … Read more