News


  • Triada Trojan in WhatsApp mod

    August 24, 2021

    WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the option of viewing messages that have been deleted by the sender. This ...

  • APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign

    August 24, 2021

    Trend Micro researchers have uncovered a cyberespionage campaign being perpetrated by Earth Baku, an advanced persistent threat (APT) group with a known history of carrying out cyberattacks under the alias APT41. This is not the group’s first foray into cyberespionage, and its long list of past cybercrimes also includes ransomware and cryptocurrency mining attacks. Earth Baku ...

  • Ransomware Groups to Watch: Emerging Threats

    August 24, 2021

    As part of Unit 42’s commitment to stop ransomware attacks, we conduct ransomware hunting operations to ensure our customers are protected against new and evolving ransomware variants. We monitor the activity of existing groups, search for dark web leak sites and fresh onion sites, identify up-and-coming players and study tactics, techniques and procedures. During our operations, ...

  • FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020

    August 23, 2021

    The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations since at least November 2020 as a ransomware affiliate. The US federal law enforcement agency shared indicators of compromise, tactics, techniques, and procedures (TTP), and mitigation measures in a flash alert published ...

  • Hacker gets 500K reward for returning stolen cryptocurrency

    August 23, 2021

    The saga of what has been dubbed the biggest hack in the world of decentralized finance appears to be over as Poly Network recovered more than $610 million in cryptocurrency assets it lost two weeks ago and the hacker received a $500,000 bounty for returning the money. Today, the hacker, referred to as Mr. White Hat, ...

  • Nokia subsidiary discloses data breach after Conti ransomware attack

    August 23, 2021

    SAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. The wholly-owned and independently-operating Nokia company, headquartered in Chicago, IL, works with telecom carriers, major tower owners, and original equipment manufacturers (OEMs) across the US. Read more… Source: ...

  • Attackers Actively Exploiting Realtek SDK Flaws

    August 23, 2021

    Threat actors zeroing in on command injection vulnerabilities reported in Realtek chipsets just days after multiple flaws were discovered in the software developers kits (SDK) deployed across at least 65 separate vendors. On Aug. 16 multiple Realtek vulnerabilities were disclosed by IoT Inspector Research Lab. It took about 48 hours for attackers to start trying to ...

  • Pakistan: Neglect caused Federal Board of Revenue cyber-attack

    August 22, 2021

    Despite knowing that its information technology equipment is obsolete and some of its software is outdated, the Federal Board of Revenue (FBR) did not make any serious effort to upgrade them, which resulted into hacking of the data centres. The systems were not improved even though the World Bank approved an $80 million loan two years ...

  • LockFile ransomware uses PetitPotam attack to hijack Windows domains

    August 20, 2021

    At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. Behind the attacks appears to be a new ransomware gang called LockFile that was first seen in July, which shows some resemblance and references to other groups in ...

  • Indiana: COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate

    August 19, 2021

    This week, the Indiana Department of Health issued a notice that the state’s COVID-19 contact-tracing system had been exposed via a cloud misconfiguration, revealing names, emails, gender, ethnicity, race and dates of birth of more than 750,000 people. The incident shows that COVID-19 data could be poised for abuse and misuse, according to experts, which is ...

  • Ransomware: This amateur attack shows how clueless criminals are trying to get in on the action

    August 19, 2021

    Ransomware is one of the biggest cybersecurity threats to businesses today, and cyber criminals can potentially make millions of dollars in Bitcoin for a single successful attack. This lure of quickly making large sums of money is attracting interest from across the cyber-criminal spectrum, from sophisticated gangs specialising in ransomware attacks, to affiliate schemes where wannabe ...

  • Diavol ransomware sample shows stronger connection to TrickBot gang

    August 18, 2021

    A new analysis of a Diavol ransomware sample shows a more clear connection with the gang behind the TrickBot botnet and the evolution of the malware. The recent research is the second one that finds common ground in the code of the two threats, tying them to the same actor. Previous analysis of Diavol (Romanian for Devil) ...

  • The Next Disruptive ICS Attacker: An Advanced Persistent Threat (APT)?

    August 18, 2021

    No discussion on ICS attacks could be complete without talking about what some would call, ‘the elephant in the room.’ Critical infrastructure has always been a target for warfare, and modern ICS are no exception. Several high-profile ICS disruptions have in fact been attributed to malicious hackers working at the behest of a military or intelligence ...

  • US Census Bureau hacked in January 2020 using Citrix exploit

    August 18, 2021

    US Census Bureau servers were breached on January 11, 2020, by hackers who exploited a Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report. “The purpose of these servers was to provide the Bureau with remote-access capabilities for its enterprise staff to access the production, development, and lab ...

  • HolesWarm Malware Exploits Unpatched Windows, Linux Servers

    August 18, 2021

    By leveraging more than 20 known vulnerabilities in Linux and Windows servers, the HolesWarm cryptominer malware has been able to break into more than 1,000 cloud hosts just since June. The basic cryptominer botnet has been so successful at juggling so many different known vulnerabilities between attacks, researchers at Tencent who first identified HolesWarm refer to ...

  • US agencies scrub websites in bid to protect Afghans

    August 18, 2021

    Multiple United States agencies that operated in Afghanistan and worked with Afghan citizens have been hastily purging their websites, removing articles and photos that could endanger the Afghan civilians who interacted with them and now fear retribution from the Taliban. The online scrubbing campaign appeared to begin late last week when it became clear that the ...

  • Japanese insurer Tokio Marine discloses ransomware attack

    August 18, 2021

    Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack. The announcement came at the beginning of the week and contains little information about the incident outside the action taken to deal with the intrusion. Read more… Source: Bleeping Computer  

  • CISA Alert: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS

    August 17, 2021

    On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries. BlackBerry QNX RTOS is ...

  • Govt hackers impersonate HR employees to hit Israeli targets

    August 17, 2021

    Hackers associated with the Iranian government have focused attack efforts on IT and communication companies in Israel, likely in an attempt to pivot to their real targets. The campaigns have been attributed to the Iranian APT group known as Lyceum, Hexane, and Siamesekitten, running espionage campaigns since at least 2018. In multiple attacks detected in May and ...

  • Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military

    August 17, 2021

    While investigating the Confucius threat actor, we found a recent spear phishing campaign that utilizes Pegasus spyware-related lures to entice victims into opening a malicious document downloading a file stealer. The NSO Group’s spyware spurred a collaborative investigation that found that it was being used to target high-ranking individuals in 11 different countries. In this blog ...