Cybercrime

June 5, 2023

A prominent Spanish bank has confirmed that it is dealing with a ransomware attack that has impacted multiple branches. On Friday, Globalcaja issued a statement assuring customers that the incident has not impacted its entities’ operations, and that electronic banking and ATM services are still functioning. Read more… Source: Computing News  

June 5, 2023

Security researchers have linked to the notorious Clop ransomware gang a new wave of mass-hacks targeting a popular file transfer tool, as the first victims of the attacks begin to come forward. It was revealed last week that hackers are exploiting a newly discovered vulnerability in MOVEit Transfer, a file-transfer tool widely used by enterprises to ...

June 5, 2023

Following the discovery that over a hundred Android apps with 400 million combined downloads actually contained the SpinOk malware, security researchers have now found that an additional 92 apps are also affected. For those unaware, SpinOk is a spyware module that was being distributed as a software development kit (SDK) for advertisers. First discovered by the ...

June 5, 2023

British Airways and retailer Boots said their staff were amongst those hit by a cyber attack on Zellis, a payroll provider used by hundreds of companies in Britain. British Airways, owned by IAG, said it had notified affected employees and was providing them with support. Read more… Source: MSN News  

June 5, 2023

Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom malware is delivered via third-party websites. Some of ...

June 3, 2023

Swiss authorities are investigating a cyber attack on the IT company Xplain, whose clients include many federal and cantonal government departments, including the army and customs. The online attack was revealed on Saturday by the newspaper Le Temps, which reported that “several cantonal police forces, the Swiss army and the Federal Office of Police (Fedpol) have ...

June 2, 2023

Mandiant has observed wide exploitation of a zero-day vulnerability in the MOVEit Transfer secure managed file transfer software for subsequent data theft. This vulnerability was announced by Progress Software Corporation on May 31, 2023 and has been assigned CVE-2023-34362. Based on initial analysis from Mandiant incident response engagements, the earliest evidence of exploitation occurred on May ...

June 1, 2023

In the summer of 2020, Jonas Rey, a private investigator in Geneva, got a call from a client with a hunch. The client, the British law firm Burlingtons, represented an Iranian-born American entrepreneur, Farhad Azima, who believed that someone had hacked his e-mail account. Azima had recently helped expose sanctions-busting by Iran, so Iranian hackers ...

June 1, 2023

Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020. The threat actor appears to be targeting Spanish-speaking users in the Americas and, based on ...

May 31, 2023

A critical vulnerability patched 10 days ago in widely used email software from IT security company Barracuda Networks has been under active exploitation since October. The software bug, tracked as CVE-2023-2868, is a remote-command injection vulnerability that stems from incomplete input validation of user-supplied .tar files, which are used to pack or archive multiple files. Read more… Source: ...