Cybercrime

September 7, 2022

Cisco Talos has discovered a new remote access trojan (RAT), which we are calling “MagicRAT,” that we are attributing with moderate to high confidence to the Lazarus threat actor, a state-sponsored APT attributed to North Korea by the U.S. Cyber Security & Infrastructure Agency (CISA). This new RAT was found on victims that had been ...

September 6, 2022

This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see ...

September 6, 2022

In early August, Unit 42 researchers discovered attacks leveraging several vulnerabilities in devices made by D-Link, a company that specializes in network and connectivity products. The vulnerabilities exploited include: CVE-2015-2051: D-Link HNAP SOAPAction Header Command Execution Vulnerability CVE-2018-6530: D-Link SOAP Interface Remote Code Execution Vulnerability CVE-2022-26258: D-Link Remote Command Execution Vulnerability CVE-2022-28958: D-Link Remote Command Execution Vulnerability If the devices ...

September 6, 2022

Holiday Inn owner IHG said on Tuesday that bookings on its websites and apps were facing disruptions after its technology systems were hit by “unauthorised activity”. IHG said it was assessing the nature, extent and impact of the incident and had implemented its response plans. The company, which has appointed external specialists to investigate the incident and ...

September 6, 2022

The Los Angeles Unified School District, the second-largest collection of public schools in the United States, said it was targeted by a ransomware attack over the Labor Day weekend that caused “significant disruption” but did not lead to cancellation of classes. “Los Angeles Unified detected unusual activity in its Information Technology systems over the weekend, which ...

September 3, 2022

The Internal Revenue Service has accidentally leaked confidential information for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns. IRS Form 990T is used to report ‘unrelated business income’ paid to a tax-exempt entity, such as nonprofits (charities) or IRA and SEP retirement accounts. This income is commonly derived from sales unrelated ...

September 1, 2022

Amid a wave of hacks that have cost investors billions of dollars worth of cryptocurrency, the FBI is calling on decentralised finance (DeFi) platforms to improve their security. In a warning posted on its website, the FBI said that cybercriminals are increasingly targeting DeFi platforms to steal cryptocurrency, often exploiting vulnerabilities in smart contracts to part ...

September 1, 2022

Scumbags are using a photo from the James Webb Space Telescope to smuggle Windows malware onto victims’ computers – albeit in a roundabout way. The malicious code, written in Go, is hidden in a .jpeg of the stunning first proper image taken by the recently deployed spacecraft. More specifically, the obfuscated code is Base64-encoded and included in ...

September 1, 2022

Chile’s national computer security and incident response team (CSIRT) has announced that a ransomware attack has impacted operations and online services of a government agency in the country. The attack started on Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency. The hackers stopped all running virtual machines and encrypted their files, appending ...

September 1, 2022

The government of Montenegro has provided more information about the attack on its critical infrastructure saying that ransomware is responsible for the damage and disruptions. Public Administration Minister Maras Dukaj stated on local television yesterday that behind the attack is an organized cybercrime group. The effects of the incindet continue for the tenth day. The minister added ...