Bloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware

Since late 2023, BI.ZONE Threat Intelligence experts have been tracking the activity of Bloody Wolf. The cluster attacks organizations in Kazakhstan with STRRAT, a commercial malware also known as Strigoi Master. The attackers send out phishing emails on behalf of Read More …

Microsoft says cyber-attack triggered latest outage

A global outage affecting Microsoft products including email service Outlook and video game Minecraft has been resolved, the technology giant said in an update, external. The firm said preliminary investigations show the outage was caused by a cyber-attack and a Read More …

The Proliferation of Cellular in IoT

Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner. In this new research, the authors dive deep into Read More …

UK: Basic IT security failings left electoral register vulnerable

Basic IT security failings allowed Chinese state-linked hackers to access the election watchdog’s register containing the details of 40 million voters. The Information Commissioner’s Office (ICO) said the Electoral Commission had failed to keep its servers updated, allowing hackers to Read More …

VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns

On Monday, July 29, Microsoft published an extensive threat intelligence blog on observed exploitation of CVE-2024-37085, an Active Directory integration authentication bypass vulnerability affecting Broadcom VMware ESXi hypervisors. The vulnerability, according to Redmond, was identified in zero-day attacks and has Read More …

Mandrake spyware sneaks onto Google Play again, flying under the radar for two years

In April 2024, Kaspersky researchers discovered a suspicious sample that appeared to be a new version of Mandrake. Ensuing analysis revealed as many as five Mandrake applications, which had been available on Google Play from 2022 to 2024 with more Read More …

UK: 48 cyber breaches of utility companies recorded last year, a 586% increase on 2022

The number of successful cyber attacks against UK utility companies has risen to 48 in 2023, a 586% increase on the seven cases in 2022, says global specialty (re)insurance group Chaucer. So far these cyber attacks have been largely restricted Read More …

Intruders at HealthEquity rifled through storage, stole 4.3M people’s data

HealthEquity, a US fintech firm for the healthcare sector, admits that a “data security event” it discovered at the end of June hit the data of a substantial 4.3 million individuals. Stolen details include addresses, telephone numbers and payment data.… Read More …