July 11, 2024 at 08:40AM APT41, a China-linked APT group, is suspected of using an advanced version of StealthVector to deliver a new backdoor named MoonWalk, utilizing Google Drive for C2 communication. This threat actor has been active since 2007 and has been linked to various cyber intrusions and attacks targeting U.S. and Taiwanese entities. … Read more
July 10, 2024 at 02:07PM CISA and FBI have jointly urged software companies to address OS command injection vulnerabilities in their products, following recent attacks by the Chinese state-sponsored threat actor, Velvet Ant. The advisory recommends implementing mitigations to prevent these vulnerabilities, such as separating user input from commands and conducting rigorous product testing. CEOs … Read more
July 10, 2024 at 01:16AM A threat actor linked to Houthi rebels in Yemen has been using a custom Android surveillanceware called “GuardZoo” to spy on military targets in the Middle East for five years. The malware is distributed through fake apps on WhatsApp and WhatsApp Business and has targeted military-related organizations. The majority of … Read more
July 9, 2024 at 07:21AM The US, UK, Canada, Germany, Japan, New Zealand, and South Korea support Australia’s accusation of Chinese state-sponsored hacking into government networks. APT40, also known as Bronze Mohawk, is highlighted for targeting Australian and regional networks with advanced tradecraft, exploiting vulnerabilities in widely used software and leveraging tactics shared by other … Read more
July 8, 2024 at 11:48AM A threat actor hacked into Ethereum Foundation’s account on a mailing list platform, using it to send phishing emails to over 35,794 addresses. The emails, appearing to be from a legitimate source, promoted a Lido scam and contained a link to a malicious site. The Foundation took immediate action to … Read more
July 7, 2024 at 11:29AM Shopify denies data breach following a threat actor’s sale of alleged customer data stolen from its network. The company attributes the data loss to a third-party app and expects the app developer to notify affected customers. The threat actor, ‘888,’ has a history of selling or leaking data from various … Read more
July 5, 2024 at 01:11PM Threat actors have leaked alleged Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, threatening to release more if a $2 million extortion demand isn’t met. The data breach occurred via Snowflake, impacting multiple organizations including Neiman Marcus and the Los Angeles Unified School District. Ticketmaster has not confirmed … Read more
July 5, 2024 at 05:56AM Cybereason reported that the GootLoader malware, linked to threat actor Hive0127, continues to evolve, with the latest version being GootLoader 3. It is distributed via SEO poisoning and serves as a conduit for delivering various payloads. The attackers have also unleashed their own command-and-control tool, expanding their market for financial … Read more
July 3, 2024 at 12:52PM A new ransomware player, Volcano Demon, has emerged with innovative locker malware, LukaLocker, and sophisticated evasion tactics, hampering forensic analysis. It employs double extortion, exfiltrates data, and demands ransom via qTox messaging. The malware terminates various security and monitoring services, posing a significant threat. vigilance and IoC monitoring are crucial. … Read more
July 3, 2024 at 06:05AM Unknown threat actors exploited a patched Microsoft MSHTML security flaw to distribute the surveillance tool MerkSpy, targeting users in Canada, India, Poland, and the U.S. The attack used a Microsoft Word document to trigger the exploitation, enabling the download and execution of malicious payloads to collect sensitive information and establish … Read more