22 Aug 2022

China-backed APT41 Group Hacked at Least 13 Victims in 2021

Advanced persistent threat (APT) group known as APT41, Bronze Atlas, Barium, Double Dragon, and Wicked Panda, has been observed targeting at least 13 organizations spanning several countries during the 2021 calendar year. According to new information from Group-IB, the Chinese threat actor targeted organizations in Taiwan, the US, India, Vietnam,

Read More
22 Aug 2022

Spy group abuses Microsoft OneDrive to steal credentials in hack-and-leak campaigns

Microsoft has warned that a Russian threat actor that is highly persistent is targeting NATO nations with cyberattacks such as credential theft campaigns. The cyberattacks aim to compromise OneDrive accounts, steal data, and then leak selective information in order to sway public opinion and push an agenda. The group is

Read More
19 Aug 2022

Google Patches Chrome’s Fifth Zero-Day of the Year

Google has patched an insufficient validation input flaw along with 11 other security vulnerabilities. The flaw allows for arbitrary code execution and is currently under active attack, according to Google. This marks the fifth zero-day vulnerability discovered and subsequently patched in Chrome this year. The patch was released on Wednesday

Read More
19 Aug 2022

Hackers Deploy Bumblebee Loader to Breach Target Networks

Threat actors associated with the malwares IcedID, TrickBot, and BazarLoader are increasingly turning to the malware Bumblebee to breach target networks, researchers say. The network breaches are followed by post-exploitation activities that aim to collect sensitive information. On Thursday, Cybereason published an advisory about the malware Bumblebee detailing the nature

Read More
19 Aug 2022

ATMZOW JS Sniffer Campaign Linked to Hancitor Malware

Security researchers at Group-IB have made a connection between the ATMZOW JS Sniffer campaign and the Hancitor malware downloader, claiming that the same malicious actors may be behind both threats. The connection was made earlier this week after analyzing roughly 483 websites spanning four continents that had been successfully infected

Read More
18 Aug 2022

‘Operation Sugarush’ Mounts Concerning Spy Effort on Shipping, Healthcare Industries

Researchers at Mandiant have identified a Persian-speaking threat group targeting a range of industries such as healthcare and energy. However, the group appears to have a specific focus on the shipping sector. Mandiant has named the group UNC3890. The threat group uses email social-engineering lures and a watering hole hosted

Read More
18 Aug 2022

APT Lazarus Targets Engineers with macOS Malware

North Korean advanced persistent threat actor Lazarus is leveraging the current popularity of the blockchain and cryptocurrency industry to target organizations and individuals running Apple and Intel-based systems. The cyber espionage campaign recently identified consists of Lazarus deploying fake job postings for Coinbase. The job posting contains a malicious Mac

Read More
18 Aug 2022

RubyGems Mandates MFA for Top-100 Package Maintainers

RubyGems, the official package manager for the Ruby programming language, has announced that it will mandate multi-factor authentication to boost security on the top 100 RubyGems packages. The announcement was released on Monday. Owners of gems with over 180 million downloads will be required to enroll in multi-factor authentication. This

Read More
18 Aug 2022

Threat Group Ramps-Up Attacks on Travel Sector in 2022

Researchers have identified new details regarding a prolific threat group that has deployed 15 malware families over the past four years. The group, TA558, is financially motivated and mainly targets organizations in Latin and North America. The group switches between English, Spanish, and Portuguese when it conducts its attacks, according

Read More
17 Aug 2022

U.K. Water Supplier Hit with Clop Ransomware Attack

A UK water supplier has suffered from a ransomware attack that disrupted corporate IT systems. The attackers misidentified the victim in a post on its website containing leaked stolen data, however, the water supplier confirmed the cyberattack. Thankfully, the organization’s water supply was not impacted. The Clop ransomware group claimed

Read More