A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Phishing Attack Targets Apple Users With Password Resets
March 27, 2024
If you suddenly receive dozens of password-reset notifications on your iPhone, watch out: You’re probably facing a devious phishing attack targeting Apple users. The malicious tactic is intended to to trick iPhone users into handing over access to their Apple accounts, according to security journalist Brian Krebs. One of the targeted users, tech entrepreneur Parth Patel, documented ...
- Cambodia: Police target growing gambling, cybercrime
March 27, 2024
Deputy Prime Minister and Minister of Interior Sar Sokha has called on the National Police forces to intensify efforts in preventing and suppressing local crimes, including human trafficking, cybercrime and gambling. The appeal comes after authorities clamped down on over 500 illegal gambling sites and detained more than 1,000 people in the past six months. Sokha ...
- New Gmail & M365 Warning As 2FA Security Bypass Hack Confirmed
March 26, 2024
The developers of a notorious 2FA account security bypass tool have launched an updated version of their ‘as-a-service’ kit that is targeting Microsoft 365 and Gmail account holders. Researchers from the Sekoia Threat Detection and Research team have published an in-depth analysis of Tycoon 2FA, a notorious adversary-in-the-middle kit, that is being distributed via cybercrime forums ...
- Illinois Tollway warns I-PASS customers of text message phishing scam
March 26, 2024
The Illinois Tollway is warning customers of an ongoing phishing scam that is targeting drivers by saying that they have outstanding tolls owed to the agency. According to a press release, the Tollway says that some customers have been receiving text messages from the “Illinois toll way,” detailing outstanding toll amounts that the customers owed. Those ...
- Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
March 26, 2024
Since its discovery in 2022, the Agenda Ransomware group (also known as Qilin) has been active and in development. Agenda, which Trend Micro tracks as Water Galura, continues infecting victims globally with the US, Argentina, and Australia, and Thailand being among its top targets (based on the threat actor’s leak site data). Meanwhile the Agenda ransomware ...
- Patch now: Mozilla patches two critical vulnerabilities in Firefox
March 26, 2024
Mozilla released version 124.0.1 of the Firefox browser to Release channel users (the default channel that most non-developers run) on March 22, 2024. The new version fixes two critical security vulnerabilities. One of the vulnerabilities affects Firefox on desktop only, and doesn’t affect mobile versions of Firefox. Windows users that have automatic updates enabled should have ...