July 17, 2024 at 07:18AM Financially motivated threat actor FIN7 has been observed using multiple pseudonyms to promote AvNeutralizer, a tool used by ransomware groups. Known for sophisticated tactics, FIN7 has adapted its malware arsenal and set up front companies to recruit unwitting engineers. The group’s malvertising tactics and latest tool updates highlight its ongoing … Read more
July 16, 2024 at 05:27PM Microsoft’s Threat Intelligence Team warns of Octo Tempest, also known as Scattered Spider, adding RansomHub and Qilin to its attack arsenal. The threat actor uses sophisticated social engineering, identity compromises, and targets VMware ESXi servers. Notably, it is behind major ransomware attacks on Caesars Palace and MGM Entertainment. The group … Read more
July 16, 2024 at 02:01PM A threat actor exposed 15 million Trello email addresses by exploiting an unsecured API, selling the data for $2.32. Atlassian, Trello’s owner, acknowledged the issue and secured the API. This method of exploiting unsecured APIs is increasingly utilized, posing significant privacy risks. It’s crucial for organizations to prioritize API security … Read more
July 16, 2024 at 06:19AM Iranian threat actor MuddyWater has been using a new backdoor, diverging from its usual method of using legitimate remote monitoring and management (RMM) software. This was discovered by cybersecurity firms Check Point and Sekoia, who dubbed the malware BugSleep and MuddyRot. The attacks have targeted various countries and industries, with … Read more
July 15, 2024 at 12:40PM Rite Aid announced a data breach in which a third-party threat actor gained unauthorized access to certain systems. No sensitive personal information was compromised, but customer data related to retail purchases was accessed. RansomHub gang claims responsibility and has threatened to leak stolen data if a ransom is not paid … Read more
July 15, 2024 at 01:39AM Cybersecurity researchers have uncovered a new version of the ransomware strain HardBit, featuring enhanced obfuscation and passphrase protection to hinder analysis efforts. The financially-motivated threat group, which operates without a data leak site, communicates via Tox messaging service and employs various tactics like credential theft and network discovery. Ransomware activity … Read more
July 12, 2024 at 09:42AM AT&T experienced a major data breach, with threat actors stealing call logs for nearly all mobile customers, involving around 109 million customers. The breach occurred in April 2024, compromising call and text records for a specific period. Although no sensitive personal information was exposed, potential identity correlation is a concern. … Read more
July 11, 2024 at 05:44PM Akira ransomware attackers have shown a significant decrease in the time it takes to steal data, managing to siphon off information from a Latin American airline in just over two hours. Using SSH protocol, the threat actor gained access via an unpatched Veeam backup server and swiftly began exfiltrating data … Read more
July 11, 2024 at 11:10AM The new threat actor, CRYSTALRAY, has expanded its operations, targeting over 1,500 victims with stolen credentials and cryptominers. Utilizing SSH-Snake and various open-source tools, CRYSTALRAY aims to collect and sell credentials, deploy cryptominers, and maintain persistence in victim environments. It exploits vulnerabilities in various software and targets Atlassian Confluence products. … Read more
July 11, 2024 at 10:48AM CrystalRay, a threat actor, has expanded their operations since the February attacks. They utilize SSH-Snake, an automated worm-like tool, for hacking purposes and have added mass scanning, open source software exploitation, and credential theft to their arsenal. Their use of open source and penetration testing tools enables them to maintain … Read more