29 Nov 2022

Millions of Twitter Accounts Potentially Compromised

Cybersecurity expert Chad Loder announced on Twitter that he believes over five million user accounts may have been compromised. The accounts belong to users located in Europe and the US, Loder stated. Shortly after the Tweets were posted to the platform, Loder’s account was suspended. However, they are still available

Read More
29 Nov 2022

Phishing Campaign Impersonating UAE Ministry of Human Resources Grows

Security researchers at CloudSEK have discovered a phishing campaign in which threat actors impersonated the Ministry of Human Resources. According to recent reports, the operation may be larger than previously believed when it was first discovered in July 2022. CloudSEK recently published an updated advisory stating that it identified a

Read More
23 Nov 2022

Vietnam-Based Ducktail Cybercrime Operation Evolving, Expanding

The financially motivated Ducktail information stealer has been updated to include new capabilities, according to WithSecure. The threat actors that leverage the information stealer have been expanding their operations to target Facebook business users. The information stealer is likely operated by Vietnamese-speaking individuals and the group has been active since

Read More
23 Nov 2022

US Offshore Oil and Gas Infrastructure at Significant Risk of Cyberattacks

The US Government Accountability Office (GAO) recently released a report that stresses that offshore oil and gas infrastructure faces significant cybersecurity risks. The report urges the Department of Interior to address the security risks immediately. The offshore oil and gas infrastructure consists of more than 1,600 facilities and is split

Read More
23 Nov 2022

Yanluowang Ransomware’s Russian Links Laid Bare

Threat intelligence firm Trellix has stated that the Yanluowang ransomware group is actually run by Russian speakers after the company was able to gain access to internal messages leaked online. The internal messages expose the inner workings of the ransomware group, Trellix says. The intelligence firm analyzed over 3,000 messages

Read More
23 Nov 2022

Dozens of Russian Groups Steal 50 Million User Passwords

Security researchers at Group-IB have discovered a password-theft campaign perpetrated by Russian-speaking threat groups. The campaign leverages off-the-shelf information stealing malware and has serious consequences for its victims. Group-IB analyzed 34 different Telegram groups that are controlled by the threat actors to organize their efforts. So far, the campaign has

Read More
22 Nov 2022

US Gov Issues Software Supply Chain Security Guidance for Customers

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) have released a report offering joint guidance on how to secure the software supply chain. The guidance was created by a group that is primarily focused on mitigating

Read More
22 Nov 2022

Hive Ransomware Gang Hits 1,300 Businesses, Makes $100 Million

US government agencies have stated that the Hive ransomware gang has victimized more than 1,300 businesses in the past year and a half, resulting in roughly $100 million in ransom payments. The group has been active since June 2021 and has offered ransomware-as-a-service. The Hive ransomware has been used in

Read More
22 Nov 2022

Shoppers Warned Stay Alert this Black Friday as Hackers Renew Efforts

Check Point Research has released a recent advisory warning shoppers to stay vigilant on Black Friday as hackers launch new scams in the lead up to the massive shopping event. The Check Point team has already observed a sharp increase in phishing scams using shopping-related lures. The threat actors behind

Read More
21 Nov 2022

Instagram Credential Phishing Attacks Bypass Microsoft Email Security

Amorblox has highlighted a credential phishing attack that targeted roughly 22,000 students attending national education institutions with a campaign that impersonated popular social media platform Instagram. The Armorblox report details the threat and was released earlier this month. The phishing campaign consisted of an initial email that encouraged the victims

Read More