New DuckLogs malware service claims having thousands of ‘customers’

A new malware-as-a-service (MaaS) operation named ‘DuckLogs’ has emerged, giving low-skilled attackers easy access to multiple modules to steal information, log key strokes, access clipboard data, and remote access to the compromised host. DuckLogs is entirely web-based. It claims to Read More …

Lastpass says hackers accessed customer data in new breach

LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service. Read More …

All India Institute of Medical Sciences restores e-Hospital data after cyber attack

The server at the All India Institute of Medical Sciences (AIIMS) in Delhi has been down for the eighth day in a row, and according to reports, more analysts from Delhi are under consideration for suspension for cybersecurity violations after Read More …

Crafty threat actor uses ‘aged’ domains to evade security platforms

A sophisticated threat actor named ‘CashRewindo’ has been using ‘aged’ domains in global malvertising campaigns that lead to investment scam sites. Malvertising involves the injection of malicious JavaScript code in digital ads promoted by legitimate advertising networks, taking website visitors Read More …

Criminals use trending TikTok challenge to make data-stealing malware invisible

Malware-slinging miscreants are taking advantage of a trending TikTok challenge — and viewers’ dirty minds — to spread data-stealing malware via a phony app that’s had more than one million views so far. The new TikTok trend is called Invisible Read More …

Major Twitter hack sees 5.4 million phone numbers and email addresses leaked on the dark web

More than 5.4 million Twitter user records, including personal phone numbers and email addresses, are up for grabs on the dark web in a massive data dump that some believe the Elon Musk-owned firm is attempting to cover up. The Read More …

Decentralized Robbery: Dissecting the Nomad Bridge Hack and Following the Money

In this blog post, Mandiant takes a deeper look into how the Nomad bridge smart-contract was exploited and analyzes the on-chain transactions post-compromise using cybercrime prevention company Cyber Team Six’s (CT6) blockchain investigative software, CryptoVoyant. Background In early August 2022, Read More …