A new malware threat, identified as BunnyLoader, is being sold in the cyber underground market.
This Malware-as-a-Service (MaaS) threat has various capabilities, including stealing browser credentials, and system information as well as executing a second-stage payload.
Crypto firms have been warned about the new Lazarus malware payload, called ‘LightlessCan’, which easily evades detection. The malware variant has since been used in fake job scams.
The ‘LightlessCan’ malware was discovered on 29 September, while researchers were investigating a fake employment scam attack leveled against a Spanish aerospace firm.
Chinese hacker group Budworm has been using cyber-espionage malware to target a telecommunications company in the Middle East and an Asian government organization.
Reports say attacks have been orchestrated through a new variant of the group’s SysUpdate backdoor malware, and that telecommunication companies have become a common target for hacking groups.
Travel itineraries and diplomatic deliberations were among the data within seized emails in a recent hacker breach of the US State Department systems. As many as 60,000 emails were compromised in the attack.
Allegedly, this attack had been done by threat actors linked with the Chinese government and reports say the incident is likely to raise concerns on Capitol Hill concerning the ramped-up efforts by Chinese hackers.
Cryptocurrency is being increasingly targeted by hackers, with $7.9 million recently stolen in a hack targeting cryptocurrency exchange HTX. The hack attack was identified as soon as it occurred, with HTX authorities stepping up promptly in an innovative way to recover losses.
Following the attack, HTX offered a ‘white hat’ ethical hacker a 5% bonus to return the stolen cryptocurrency, amounting to a total bonus of $400,000.
Dubbed the ‘biggest hack of the year’, the recent attack on Hong Kong-based digital wallet company, Mixin Network has cost the company $200 million worth of crypto assets.
Network authorities have announced that deposits and withdrawals on the site will only recommence once all vulnerabilities have been confirmed and fixed.
It seems that no one and no business is immune to hacker activity. Recent reports say that Pizza Hut Australia has again been the victim of threat actors a year after its newsmaking Optus cyber attack.
Reports allege customers’ data has been compromised by the incident, which occurred in early September, with the fast food outlet having contacted clients to notify them of the data breach.
ORBCOMM, the US trucking and fleet management software provider, has linked recent service outages across freight transportation firms throughout the US to a ransomware attack.
These outages prevented the Blue Tree Electronic Logging Device usage and inventory tracking capabilities of the fleet management software. Investigations continue into the identity of the threat actors.
A new phishing attack campaign using DarkGate Loader malware has been identified, with Microsoft Teams users being urged to exercise caution.
This malware is specifically a ‘loader malware’ meaning that it is able to download and execute other malware programs on the infected device. The additional malware then downloads in the infected device’s memory structure, making it hard to detect since it isn’t in the device’s file system.
Hackers have seized $53 million worth of cryptocurrency from CoinEx.
Hackers violated the site’s hot wallets, taking the cryptocurrency, with CoinEx reassuring that user assets had not been impacted by the incident.
In today’s roundup; Addresses forged via email forwarding, the Sri Lankan attack causes government data loss, and Pune reports a spike in cybercrime cases.
Dunghill Leak group claims responsibility for Sabre attack The Dunghill Leak group has claimed responsibility for the cyberattack on travel booking giant Sabre which left its files exposed on a dark web leak site. The company is investigating the claims by the threat actors. New scholarship launched in response to increasing cyber threats The SANS […]
New RAT variant gives control over Android devices The Indian government has warned of a malware attacking Android users through social media. Called DogeRAT, the new malware is able to access sensitive data, such as contacts, messages, and bank credentials, and grant hackers control over infected Android devices. New Chaes malware variant displays ‘significant transformations’ […]
In today’s roundup; Russian threat actors target the Ukranian Military, browser-hacking malware found on the phones of Xiaomi users, and a LockBit data leak.
In this roundup; experts warn of new ‘polyglot’ malware, AI neutralizes trillions of IT events, and Northern Ireland data breach suspects have been arrested.
In this roundup; Trojan apps found on the Google Play Store, LogicMonitor customers are targeted in attacks, and the latest trend of celebrity account hacks.
In today’s roundup; a Chinese cyberespionage group deploys malware, new Android malware, MMRat, unlocks phones, and DreamBus malware targets RocketMS servers.
In today’s roundup; FIN8 threat actors exploit gateway risk, the University of Michigan’s cyber attack, and the FBI taking down the Qakbot offender.
New updated KmsdBot now targets Internet of Things (IoT) An updated version of KmsdBot now includes support for Telnet scanning and more CPU architectures, making it more destructive than before. As a result of its increased capabilities, the updated botnet malware is now targeting the Internet of Things (IoT). Main 2023 malware culprits identified Malware […]
Hackers hold Prospect Medical’s data ‘hostage’ Hacker group Rhysida has been identified as the mastermind behind the recent ransomware attack on Prospect Medical Holdings, where 500,000 social security numbers, patient records, and corporate documents were stolen. The group identified themselves in ransom notes on employee screens after the August 3 attack. GhostSec exposes Iran’s surveillance […]
A new malware strain that gives the location of an infected device has been identified.
The Hacker News explains that the malware has one operation: ‘Every minute it triangulates the infected systems’ positions by scanning nearby Wi-Fi Access points as a data point for Google’s geolocation API.’ Cyber experts aren’t yet clear ‘who or what’ is interested in the location of an infected device or the motives behind why this specific form of malware was produced.
The malicious threat actor behind CypherRAT and CraxsRAT malware has been unmasked as the Syrian threat actor, EVLF. These RATS allow an attacker to control a victim’s device’s location, camera, and microphone.
In today’s roundup; XLoader, OfficeNote copycat hides malicious code, hosting firm refuses to pay ransom, and Cybersmart announces $15 million series B funding.
Popular language learning app Duolingo saw a bug exploited that resulted in a compilation of account information from over 2.6 million users. According to VX-Underground, the largest collection of malware source code, samples, and papers on the internet, “sending a valid email to the API returns generic account information on the user (name, email, languages studied).” The data collected will be used for Doxxing.
Crunchbase News reported that “The first seven months of the year saw only 34 cyber startups get acquired,” compared to a high of 123 in 2021 and a significantly reduced 82 last year. Rising interest rates and geopolitical tensions that have already hit the tech sector hard are now clearly putting a damper on M&A activity in cyber.
Discord.io data leak Discord.io exposes the personal data of more than 760,000 users. The invite service for the popular messaging app Discord was allegedly due to a flaw in the site’s code. The information is being offered up by a hacker on the dark web. Joint Interpol-Afripol opp nets cybercriminals across Africa Interpol and Afripol […]
According to the Wall Street Journal, a trio of major cyber companies announced layoffs, further highlighting a slowdown in the sector, which though resilient, is starting to feel the impact of a wider downturn. Rapid 7, a Boston-based company, announced layoffs affecting 400 people, while Atlanta’s Secureworks cut 300, and Dragos let go of 50.
The attack allowed bad actors to lock LinkedIn users out of their accounts and resulted in ransom demands to allow users to access their accounts again. The ongoing attacks caused LinkedIn account inquiries to spike by 5000%. The full report is available on Cyberint’s website.
The Jordan News Agency has announced that Jordan will hold its first-ever cybersecurity summit this September. The conference will be held on September 25 under the patronage of His Royal Highness Crown Prince Al Hussein bin Abdullah II.
Barracuda Email Security Gateway devices have again been violated, this time through a novel backdoor malware named ‘Whirlpool.’ The US Cybersecurity and Infrastructure Security Agency (CISA) has identified the breach to be the work of a pro-China group of hackers. The threat actors have targeted a zero-day remote command injection vulnerability through the malware. Reports say this vulnerability was used to plant malware payloads of Seapsy and Whirlpool backdoors on compromised devices.
Hackers impersonate city’s COO The city of New Haven, Connecticut, reportedly lost more than $ 6 million during a recent spate of multiple cyberattacks. These attacks were targeted at its public school district, with hackers impersonating private vendors and the city’s Chief Operating Officer in emails. Panasonic commits to strengthening device security Manufacturer Panasonic has […]
Interpol forces unite to bring phishing platform down A phishing-as-a-service (PaaS) platform called 16shop, responsible for over 150,000 phishing domains, has been identified and taken offline. The successful dismantling of the platform followed an Interpol-led operation, using investigators from Indonesia, Japan, and the US, together with the Cyber Defense Institute, Group-IB, Palo Alto Networks Unit […]
Rhysida’s Link to Infamous Ransomware Group Check Point Incident Response Team (CPIRT), in collaboration with Check Point Research (CPR), published a report linking the Rhysida ransomware group to another infamous actor, Vice Society. Rhysida was responsible for the attack against Prospect Medical Holdings, affecting 17 hospitals and 166 clinics across the United States. UK Electoral […]
Tesla’s Unpatchable “Jailbreak” Unlocks Premoum Features Pay-as-you-go premium features are offered by Tesla for self-driving features, heated seats, and more. However, a group of researchers from TU Berlin claim they discovered a “jailbreak” that allows for free access to premium features and that it can only be stopped by replacing vehicles’ hardware. Israel’s Mayanei HaYeshua […]
admin