Cybercrime

November 12, 2024

The U.S. has indicted two individuals, Connor Moucka and John Binns, according to new documents, for hacking third-party cloud data storage and analytics company Snowflake. The Snowflake hack led to data breaches at numerous companies using the platform such as AT&T, Ticketmaster, and more than 150 other corporations. Read more… Source: MSN News Sign up for our Newsletter Related:

November 12, 2024

Breach notification site Have I Been Pwned has confirmed the personal data of 56,904,909 users was found online, leaked from Hot Topic, Torrid, and Box Lunch customers. Threat actor ‘Satanic’ claimed responsibility for the breach, which was allegedly carried out through an infostealer infection, and made possible by weak security practices. The dataset is reportedly on ...

November 11, 2024

Recently, Trend Micro has been tracking Earth Simnavaz (also known as APT34 and OilRig), a cyber espionage group. This group primarily targets organizations in the energy sector, particularly those involved in oil and gas, as well as other infrastructure. It is known for using sophisticated tactics, techniques, and procedures (TTPs) to gain unauthorized access to networks ...

November 11, 2024

In a recent incident response case, Kaspersky researchers discovered a new and notable ransomware family in active use by the attackers, which they named “Ymir”. The artifact has interesting features for evading detection, including a large set of operations performed in memory with the help of the malloc, memmove and memcmp function calls. In the case ...

November 8, 2024

The web browser, and search engines in particular, continue to be a popular entry point to deliver malware to users. While Malwarebytes Labs noted a decrease in loaders distributed via malvertising for the past 3 months, today’s example is a reminder that threat actors can quickly switch back to tried and tested methods. After months of ...

November 7, 2024

The SonicWall Capture Labs threat research team became aware of CVE-2024-51378, assessed its impact and developed mitigation measures for the vulnerability. CVE-2024-51378 is a critical vulnerability with a CVSS score of 9.8 in CyberPanel versions 2.3.6 and 2.3.7 that allows unauthenticated remote code execution (RCE). Threat actors, including the PSAUX ransomware group, have been reported exploiting ...

November 6, 2024

Once used exclusively by the cybercriminals behind REVil ransomware and the Gootkit banking trojan, GootLoader and its primary payload have evolved into an initial access as a service platform—with Gootkit providing information stealing capabilities as well as the capability to deploy post-exploitation tools and ransomware. GootLoader is known for using search engine optimization (SEO) poisoning for ...

November 6, 2024

In August 2024, Kaspersky team identified a new crimeware bundle, which we named “SteelFox”. Delivered via sophisticated execution chains including shellcoding, this threat abuses Windows services and drivers. It spreads via forums posts, torrent trackers and blogs, imitating popular software like Foxit PDF Editor and AutoCAD. It also uses stealer malware to extract the victim’s credit ...

November 6, 2024

Survey of 286 Senior Enterprise Risk Executives Reveals Top Five Emerging Risks in the Third Quarter of 2024 Artificial intelligence (AI)-enhanced malicious attacks are the top emerging risk for enterprises in the third quarter of 2024, according to Gartner, Inc. It’s the third consecutive quarter with these attacks being the top of emerging risk. IT vendor ...

November 5, 2024

Most of us don’t think twice about checking the “Remember me” box when we log in. When you log in and the server has verified your authentication—straight away or after using MFA–the server creates a session and generates a unique session ID. This session ID is stored in a session cookie (or a “Remember-Me cookie” as ...