• When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777

    November 6, 2020

    As security practitioners, Palo Alto Unit 42 researchers spend a lot of time focusing on the threat actors and malware families that leverage the most impactful exploits or affect the highest number of victims. But what happens when a threat actor goes “low and slow” to fly under the radar? One could argue that, in ...

  • RansomEXX Trojan attacks Linux systems

    November 6, 2020

    Kaspersky researchers have recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems. After the initial analysis we noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach to extortion, which suggested that we had ...

  • US: We’ve just seized $1bn in bitcoin stolen from Silk Road by ‘Individual X’ hacker

    November 6, 2020

    The US Justice Department says it’s seized $1bn in bitcoin allegedly stolen by a hacker from Silk Road creator Ross Ulbricht before his arrest for running the dark-web market. Announcing the bitcoin seizure from the unnamed hacker, the Department of Justice revealed it is now seeking forfeiture of the illicit funds, which represent its largest haul ...

  • Italian beverage vendor Campari knocked offline after ransomware attack

    November 5, 2020

    Campari Group, the famed Italian beverage vendor behind brands like Campari, Cinzano, and Appleton, has been hit by a ransomware attack and has taken down a large part of its IT network. The attack took place last Sunday, on November 1, and has been linked to the RagnarLocker ransomware gang, according to a copy of the ...

  • Brazil’s court system under massive RansomExx ransomware attack

    November 5, 2020

    Brazil’s Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking place over video conference. “The Superior Court of Justice (STJ) announces that the court’s information technology network suffered a hacker attack on Tuesday (3), during the afternoon, when the six group classes’ judgment sessions took place,” STJ ...

  • US, Brazilian law enforcement seize $24 million in cryptocurrency generated through online fraud

    November 5, 2020

    US and Brazilian authorities have seized $24 million in cryptocurrency connected to an online scheme that allegedly defrauded “tens of thousands” of investors. Upon request from the government of Brazil, US law enforcement participated in “Operation Egypto,” a Brazilian federal investigation into the suspected scam, the US Department of Justice (DoJ) said on Wednesday. Read more… Source: ZDNet  

  • QBot phishing lures victims using US election interference emails

    November 4, 2020

    The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns. Qbot (aka Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with worm features actively used since at least 2009 to steal financial data and ...

  • As Maze retires, clients turn to Sekhmet ransomware spin-off Egregor

    November 4, 2020

    As the developers of the Maze ransomware announce their exit from the malware scene, clients are now thought to be turning to Egregor as a substitute. The Maze group has been a devastating force for companies that have fallen victim to the cybercriminals over the past year. What has separated Maze in the past from many other ...

  • Ransomware-as-a-Service Becomes Increasingly Accessible via Social Media and Open Sources

    November 4, 2020

    Hackers need not search the dark web for access to their very own ransomware platforms these days. Cybercriminals are continually finding new ways to promote their underground businesses and gain the attention of new customers and novice hackers. Several threat actors have recently taken to popular social media and open sources like YouTube, Vimeo, and Sellix ...

  • GrowDiaries Exposes Emails, Passwords of 1.4M Cannabis Growers

    November 4, 2020

    A database linked to GrowDiaries, an online community of cannabis growers, has exposed more than a million users’ email addresses, passwords, IP address records and posts. GrowDiaries is a robust online community of cannabis growing enthusiasts from around the world, where they can share tips, tricks and pictures of their progress. On Oct. 10, researcher Volodymyr ...

  • REvil ransomware gang ‘acquires’ KPOT malware

    November 4, 2020

    The operators of the REvil ransomware strain have “acquired” the source code of the KPOT trojan in an auction held on a hacker forum last month. The sale took place after the KPOT malware author decided to auction off the code, desiring to move off to other projects. The sale was organized as a public auction on ...

  • Healthcare system facing ‘increased and imminent’ cyber threat

    November 3, 2020

    Federal agencies warn that cybercriminals are escalating their extortion attempts against the healthcare sector even as hospitals are facing a nationwide surge in Covid-19 cases. In a joint alert, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers”. The alert ...

  • Cybersecurity: One in three attacks are coronavirus-related

    November 3, 2020

    The UK’s National Cyber Security Centre (NCSC) is ‘stepping up support’ for the National Health Service to help protect UK hospitals and other healthcare organisations against cyberattacks. The NCSC’s Annual Review 2020 reveals that the cyber arm of GCHQ has handled more 200 cyber incidents related to coronavirus during the course of this year – almost ...

  • New RegretLocker ransomware targets Windows virtual machines

    November 3, 2020

    A new ransomware called RegretLocker uses a variety of advanced features that allows it to encrypt virtual hard drives and close open files for encryption. RegretLocker was discovered in October and is a simple ransomware in terms of appearance as it does not contain a long-winded ransom note and uses email for communication rather than a ...

  • Cybersecurity threats to corporate America are present now ‘more than ever,’ SEC chair says

    November 2, 2020

    Securities and Exchange Commission Chairman Jay Clayton is telling corporate America it needs to get much more vigilant on security. In an interview Monday on CNBC’s “Power Lunch,” stressed that significant cybersecurity threats remain, despite the ongoing coronavirus pandemic and election season. “Cyber risks have not gone away with the unfortunate, unforeseen risks we’ve faced with ...

  • Hacker is selling 34 million user records stolen from 17 companies

    October 31, 2020

    A threat actor is selling account databases containing an aggregate total of 34 million user records that they claim were stolen from seventeen companies during data breaches. On October 28th, a data breach broker created a new topic on a hacker forum to sell the stolen user databases for seventeen companies. In a conversation with BleepingComputer, the ...

  • Wroba Mobile Banking Trojan Spreads to the U.S. via Texts

    October 30, 2020

    The Wroba mobile banking trojan has made a major pivot, targeting people in the U.S. for the first time. According to researchers at Kaspersky, a wave of attacks are taking aim at U.S. Android and iPhone users in an effort that started on Thursday. The campaign uses text messages to spread, using fake notifications for “package ...

  • Lazada confirms 1.1M accounts compromised in RedMart security breach

    October 30, 2020

    Singapore-based online grocery platform RedMart has suffered a data breach that compromised personal data of 1.1 million accounts. An individual has claimed to be in possession of the database involved in the breach, which contains various personal information such as mailing addresses, encrypted passwords, and partial credit card numbers. RedMart customers on Friday were logged out ...

  • REvil ransomware gang claims over $100 million profit in a year

    October 29, 2020

    REvil ransomware developers say that they made more than $100 million in one year by extorting large businesses across the world from various sectors. They are driven by profit and want to make $2 billion from their ransomware service, adopting the most lucrative trends in their pursuit of wealth. Read more… Source: Bleeping Computer  

  • Hacker releases Georgia county’s election-related files

    October 29, 2020

    Hackers on Tuesday released a sample of stolen election-related documents from networks in Hall County, Ga., as part of their efforts to pressure county officials into paying a ransom for control of the files. The Wall Street Journal reported that the batch of files, which were largely administrative and nonsensitive in nature, came as part of ...