DragonSpark Hackers Evade Detection With SparkRAT and Golang
SentinelLabs recently attributed a new string of attacks targeting East Asian organizations to a threat actor referred to as DragonSpark. SentinelLabs stated that the campaign leverages a rare open-source SparkRAT and malware tools to evade detection through source code interpretation techniques. The techniques are based on the Go programming language.
Zendesk Hacked After Employees Fall for Phishing Attack
Zendesk, a customer service solutions provider, has suffered from a data breach that occurred due to a SMS phishing attack launched against its employees. At least one employee fell for the phishing attack, enabling the attackers to steal the employee’s credentials. Last week, cryptocurrency trading and portfolio management company Coinigy
Most Federal Agencies Ignored GAO’s Cybersecurity Recommendations
The US Government Accountability Office (GAO) released a report last Thursday highlighting federal agencies’ failure to implement cybersecurity recommendations. The GAO found that 60% of the cybersecurity recommendations made by the office since 2010 have not been implemented. The GAO stated that the failure to follow the recommendations results in
FBI Confirms North Korean Hackers Behind $100 Million Horizon Bridge Heist
The FBI has announced that it confirmed a link between North Korean hackers and the $100 million Horizon Bridge Heist that occurred in June 2022. Horizon bridge is a platform designed to enable cryptocurrency holders to transfer assets between networks such as the Ethereum Network, Binance Chain, Bitcoin, and Harmony’s
A Major App Flaw Exposed the Data of Millions of Indian Students
An app operated by India’s Education ministry contained a security lapse that resulted in the exposure of personally identifying information belonging to millions of students and teachers. The information was exposed for over a year, the ministry confirmed. The app in question is the Digital Infrastructure for Knowledge Sharing app,
CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop
CircleCI has confirmed that a data breach that impacted the integration and delivery platform was the result of an infostealer deployed to an employee’s laptop. The breach occurred on January 4, 2023 and the company identified the incident after detecting the presence of an unauthorized third party. The information stealer
Euro Police Bust Multimillion-Dollar Crypto Fraud Gang
European law enforcement agencies collaborated to take down a multimillion dollar cryptocurrency fraud group, making multiple arrests last week. The operation was coordinated by Europol and targeted individuals associated with a large scale cryptocurrency investment fraud scheme. Those arrested include 14 individuals in Serbia and one in Germany, as well
Illegal Crypto Transaction Volumes Hit All-Time High
According to recent reporting by blockchain analysis company Chainalysis, over $20 billion worth of illegal transactions were conducted using cryptocurrency last year. The record numbers are expected to get even higher as more illicit activity is uncovered by security research teams. Chainalysis works with law enforcement agencies and the government
Russian Turla Cyberspies Leveraged Other Hackers’ USB-Delivered Malware
Russian state-sponsored threat actor Turla has been identified leveraging Andromeda malware to attack Ukrainian organizations. The malware was likely deployed by other hackers through an infected USB drive. Mandiant detailed the attack in a recent report, stating that the attack was conducted in September 2022. Turla has been active since
Millions of Insurance Customers Compromised Via Supplier
Aflac and Zurich have confirmed that millions of customers located in Japan were impacted after a third-party contractor used by both of the insurance multi-nationals was breached. Customer details were allegedly put up for sale after the incident. Although the breached supplier has not been named, Japanese media outlets claim