News – October 2023


  • Okta cybersecurity breach wipes out more than $2 billion in market cap

    October 23, 2023

    Okta has shed more than $2 billion from its market valuation since the company disclosed a hack of its support systems Friday. The high-profile incident is the latest in a string of incidents that have been tied to Okta or its products, including a spate of intrusions at casinos that crippled Las Vegas hotel rooms ...

  • The outstanding stealth of Operation Triangulation

    October 23, 2023

    In the previous blogpost on Triangulation, Kaspersky researchers discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. The researchers mentioned, among other things, that it is able to execute additional modules. They also mentioned that this operation was quite stealthy. This article details ...

  • From Copacabana to Barcelona: The Cross-Continental Threat of Brazilian Banking Malware

    October 23, 2023

    Proofpoint researchers have long tracked clusters of malicious activity using banking malware to target users and organizations in Brazil and surrounding countries. Recently, researchers observed multiple threat clusters targeting Spain from threat actors and malware that have traditionally targeted Portuguese and Spanish speakers in Brazil, Mexico, and other parts of the Americas. While the targeting ...

  • Booking.com customers targeted by scam ‘confirmation’ emails

    October 23, 2023

    Travellers using the popular hotel website Booking.com are being warned not to fall for scam emails asking them to confirm their hotel payment, after a hack of Booking.com’s email system. In recent weeks the Observer has been contacted by a number of customers claiming that they had received scam emails from within the Booking.com system. ...

  • Philippines’ cybersecurity failures exposed as hackers leak state secrets, people’s data

    October 22, 2023

    All it apparently took for one Philippine hacker to break into a government website was “Admin123” – a password that reflects what experts say is the authorities’ lax attitude towards cybersecurity that not only leaves millions of Filipinos vulnerable to identity theft but has exposed some of the country’s top military secrets. On October 3, ...

  • Phony Corsair LinkedIn Listing Contains DarkGate Malware

    October 21, 2023

    You can never be too careful when surfing the web, even if you’re looking for a new job. Corsair is a prominent name in the gaming hardware and accessories market, and it stands to reason that it would be a hot destination for enthusiasts in the market for a new job. However, some nefarious parties are ...

  • Irish-linked spyware used in brazen attacks

    October 21, 2023

    The Irish government is set to investigate a digital surveillance alliance that has been accused of letting its smartphone spyware “run wild across the world”, BBC News NI understands. It comes after Intellexa Limited and its parent company Thalestris were named in a damning report by a leading human rights body. The firms are registered at ...

  • Europol: Ragnar Locker ransomware gang taken down by international police swoop

    October 20, 2023

    This week, law enforcement and judicial authorities from eleven countries delivered a major blow to one of the most dangerous ransomware operations of recent years. This action, coordinated at international level by Europol and Eurojust, targeted the Ragnar Locker ransomware group. The group were responsible for numerous high-profile attacks against critical infrastructure across the world. In ...

  • Money-making scripts attack organizations

    October 19, 2023

    In April of this year, the FBI published an advisory on attacks targeting government, law enforcement, and non-profit organizations. Attackers download scripts onto victims’ devices, delivering several types of malware all at once. The main aim is to utilize company resources for mining, steal data using keyloggers, and gain backdoor access to systems. According to Kaspersky ...

  • Crambus: New Campaign Targets Middle Eastern Government

    October 19, 2023

    The Iranian Crambus espionage group (aka OilRig, APT34) staged an eight-month-long intrusion against a government in the Middle East between February and September 2023. During the compromise, the attackers stole files and passwords and, in one case, installed a PowerShell backdoor (dubbed PowerExchange) that was used to monitor incoming mails sent from an Exchange Server ...