Category: Malware

April 26, 2024

Skanlog, a critical distributor for Systembolaget, the Swedish government-owned retail chain suffered a ransomware attack. Systembolaget has a monopoly on the sale of alcoholic beverages containing more than 3.5% alcohol by volume. It operates stores across Sweden and is responsible […]

April 25, 2024

As part of the malware operation, referred to as GuptiMiner, the threat actor exploited a vulnerability in the eScan antivirus update mechanism and performed a man-in-the-middle (MitM) attack to replace the legitimate update package with a malicious one. eScan is […]

April 12, 2024

Proofpoint researchers observed a threat actor, tracked as TA547, targeting German organizations with an email campaign delivering the Rhadamanthys malware. TA547 is a financially motivated threat actor that has been active since at least November 2017, it was observed conducting […]

April 8, 2024

The sophisticated threat group behind a complex JavaScript remote access Trojan (RAT) known as JSOutProx has released a new version of the malware to target organizations in the Middle East. Cybersecurity services firm Resecurity analyzed technical details of multiple incidents […]

April 5, 2024

A cyberattack hit Omni Hotels & Resorts disrupting its services and forcing the company to shut down its systems. The hotel chain did not share details about the attack, however, the effects reported in the notice suggest that the company […]

April 3, 2024

To deploy a ransomware attack, adversaries must first gain access to a victim’s corporate environment, devices, and data. Threat actors typically use two main approaches to gain entry: logging in using compromised credentials, i.e., legitimate access data that had previously […]

March 28, 2024

NHS Scotland says it managed to contain a ransomware group’s malware to a regional branch, preventing the spread of infection across the entire institution. The INC Ransom group this week claimed responsibility for the assault on ‘NHS Scotland’, saying it […]

March 20, 2024

Trend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score 7.3) security flaws in JetBrains TeamCity to deploy multiple malware families and gain administrative control over impacted systems. In early March, Rapid7 researchers […]

March 19, 2024

Trend Micro researchers uncovered a sophisticated campaign conducted by a threat actor tracked as Earth Krahang while investigating the activity of China-linked APT Earth Lusca. The campaign seems active since at least early 2022 and focuses primarily on government organizations. […]

March 14, 2024

Nissan Oceania, the regional division of the multinational carmaker, announced in December 2023 that it had suffered a cyber attack and launched an investigation into the incident. Nissan immediately notified the Australian Cyber Security Centre and the New Zealand National […]

March 14, 2024

The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users […]

March 6, 2024

While embattled ransomware gang LockBit 3.0 fights for its survival following Operation Cronos, a coordinated takedown of the syndicate’s web infrastructure by global authorities, the availability of victim data leaked by the gang persists via peer-to-peer (P2P) torrent networks. The […]

February 28, 2024

The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations […]

February 23, 2024

Expect attackers to continue refining their tactics for maximizing profits via a grab bag of the same strategies, including forcibly encrypting systems and charging for a decryptor, stealing data and threatening to dump it, creating scary public personae, or a […]

February 20, 2024

In a massive coordinated effort, law enforcement agencies from the United States and United Kingdom have dismantled the infrastructure of the notorious LockBit ransomware gang. LockBit has been linked to more than $100 million in ransom payments from victims across […]

February 19, 2024

In November 2023, researchers from ThreatFabric observed a resurgence of the Anatsa banking Trojan, aka TeaBot and Toddler. Between November and February, the experts observed five distinct waves of attacks, each focusing on different regions. The malware previously focused its […]

February 15, 2024

Cyber baddies have turned to ad networks to measure malware deployment and to avoid detection, according to HP Wolf Security. The security group’s Q4 2024 Threat Insights Report finds criminals have adopted ad tech tools to make their social engineering […]

February 14, 2024

The Bumblebee malware loader seemingly vanished from the internet last October, but it’s back and – oddly – relying on a vintage vector to try and gain access. First spotted in 2022 by researchers at Proofpoint – who identified it […]

February 13, 2024

The number of senior business executives stymied by an ongoing phishing campaign continues to rise with cybercriminals registering hundreds of cloud account takeovers (ATOs) since spinning it up in November. Researchers from Proofpoint listed many C-suite roles as prime targets […]

February 7, 2024

Iran’s anti-Israel cyber operations are providing a window into the techniques the country may deploy in the run-up to the 2024 US Presidential elections, Microsoft says. An analysis of Iran’s activity, published by Microsoft Threat Analysis Center (MTAC) today, concluded […]