- Graph: Growing number of threats leveraging Microsoft API
May 2, 2024
An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services. The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for ...
- Ukrainian man sentenced for extorting $700m in REvil ransomware attacks
May 2, 2024
A Ukrainian man has been sentenced to 13 years and seven months in prison for his role in conducting more than 2,500 ransomware attacks across the globe. Yaroslav Vasinskyi, 24, demanded more than $700 million in ransom payments for data he stole from his victims, or he would publicly release it. He was also ordered to ...
- Watch out for tech support scams lurking in sponsored search results
May 2, 2024
A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled “Sponsored”. They’re often ads that are taken out by brands who want to get people to click through to their website. ...
- Scaly Wolf’s new loader: the right tool for the wrong job
May 2, 2024
The BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizations. The threat actors are distributing phishing emails under the guise of a federal agency. The emails have a legitimate document as an attachment. It aims to lull the recipient’s vigilance and prompt them to open the other file, ...
- Dropbox Warns Hacker Accessed Customer Passwords And 2FA Data
May 2, 2024
Dropbox has confirmed that a hacker has accessed customer information including emails and usernames, phone numbers and hashed passwords, OAuth tokens and multi-factor authentication information. Dropbox has issued a statement confirming that it became aware of unauthorized access to the production environment of the Dropbox Sign platform on April 24. That statement confirms that customer information ...
- Australia: Cybercrime detectives arrest man following alleged 1 million NSW clubs customer records data breach
May 2, 2024
A Sydney man has been arrested by police over an alleged data breach of personal information of members and patrons from at least 17 licensed clubs in New South Wales and the ACT. An unauthorised website claimed to have published online the personal details of many customers, with a threat to publish those of more than ...
- UnitedHealth data breach caused by lack of multifactor authentification
May 1, 2024
Hackers breached the computer system of a UnitedHealth Group subsidiary and released ransomware after stealing someone’s password, CEO Andrew Witty testified Wednesday on Capitol Hill. The cybercriminals entered through a portal that didn’t have multifactor authentification (MFA) enabled. During an hourslong congressional hearing, Witty told lawmakers that the company has not yet determined how many patients ...
- “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
May 1, 2024
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation. Arbitrary code execution can provide a threat actor with full control ...
- New “Goldoon” Botnet Targeting D-Link Devices
May 1, 2024
In April, FortiGuard Labs observed a new botnet targeting a D-Link vulnerability from nearly a decade ago, CVE-2015-2051. This vulnerability allows remote attackers to execute arbitrary commands via a GetDeviceSettings action on the HNAP interface. As a result, an attacker can create a crafted HTTP request with a malicious command embedded in the header. Fortinet IPS ...
- UK: Cyber attack recovery could cost council £500,000
May 1, 2024
The total cost of restoring systems following a cyber attack could cost the Western Isles local authority Comhairle nan Eilean Siar £500,000. A suspected ransomware attack in November caused significant disruption to IT systems at the local authority. The impact led to some bills, including council tax, being delayed. Malcolm Burr, the council’s chief executive, said ...
- Australia’s Qantas probing reports of data breach at loyalty app
May 1, 2024
Australia’s Qantas Airways said on Wednesday it was investigating issues impacting its frequent flyer application, after media reports suggested there was a data breach allowing users access to other passengers’ travel information. Multiple local media outlets, citing Qantas customers, are reporting that some users can see strangers’ full travel information, with at least one user being ...