In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Mozilla Releases Security Updates for Firefox
March 28, 2025
Mozilla has released security updates to address one critical vulnerability in Firefox and Firefox ESR. Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in Firefox’s Inter-process Communication (IPC) code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. Exploitation ...
- Google Releases Security Updates for Chrome
March 28, 2025
Google has released Chrome version 134.0.6998.177/.178 to address a high severity vulnerability, reported as exploited in the wild. A remote attacker could exploit this vulnerability to escape a sandbox via a malicious file. Google is aware that an exploit for CVE-2025-2783 exists in the wild. Affected organisations are encouraged to review the Chrome Release 134.0.6998.177/.178 Stable ...
- Cyberattacks climbing across Caribbean
March 28, 2025
Ransomware gangs FOG and Akira continue to be the main culprits behind a number of recent cyberattacks plaguing businesses locally and across the Caribbean, a cyber-security expert has indicated. According to Rory Ebanks, director of cybersecurity at Symptai Consulting Limited, the two ransomware gangs, which both emerged in the last three years, primarily exploit vulnerabilities in ...
- Security Update Released for CrushFTP
March 28, 2025
A vulnerability has been disclosed in CrushFTP, a file server supporting standard secure file transfer protocols, after being discovered by a security researcher. The vulnerability designated as CVE-2025-2825 is a critical ‘improper authentication’ vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow an unauthenticated attacker to craft remote and unauthenticated HTTP requests to CrushFTP, ...
- Critical Strapi Vulnerability Allows RCE via Server-Side Template Injection
March 27, 2025
SonicWall Capture Labs threat research team became aware of the threat CVE-2023-22621, assessed its impact and developed mitigation measures for this vulnerability. CVE-2023-22621 is a high-severity vulnerability affecting Strapi versions 3.0.0 through 4.5.5. The flaw permits authenticated Server-Side Template Injection (SSTI), allowing a remote attacker with access to the Strapi admin panel to bypass validation checks ...
- Ukraine state railway says online services partially restored after cyber attack
March 27, 2025
Ukraine’s state-owned railway Ukrzaliznytsia, the country’s largest carrier, has partially restored online services after a large-scale cyber attack hit passenger and freight transport systems, the company said on Thursday. An outage was first reported on Sunday when the rail company notified passengers about a failure in its IT system and told them to buy tickets on ...