Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Fake Reservation Links Prey on Weary Travelers

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

U.K. Water Supplier Hit with Clop Ransomware Attack

The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.

Black Hat and DEF CON Roundup

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.

Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics

The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.

Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.

Messaging Apps Tapped as Platform for Cybercriminal Activity

Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes.

Novel Malware Hijacks Facebook Business Accounts

Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain.

Conti’s Reign of Chaos: Costa Rica in the Crosshairs

Aamir Lakhani, with FortiGuard Labs, answers the question; Why is the Conti ransomware gang targeting people and businesses in Costa Rica?

Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems

300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services.

Google Boots Multiple Malware-laced Android Apps from Marketplace

Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant.

Emerging H0lyGh0st Ransomware Tied to North Korea

Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530.

Journalists Emerge as Favored Attack Target for APTs

Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials and also track them.

‘Callback’ Phishing Campaign Impersonates Security Firms

Victims instructed to make a phone call that will direct them to a link for downloading malware.

Sneaky Orbit Malware Backdoors Linux Devices

The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine.

U.S. Healthcare Orgs Targeted with Maui Ransomware

State-sponsored actors are deploying the unique malware--which targets specific files and leaves no ransomware note--in ongoing attacks.

Latest Cyberattack Against Iran Part of Ongoing Campaign

Iran's steel manufacturing industry is victim to ongoing cyberattacks that previously impacted the country's rail system.

ZuoRAT Can Take Over Widely Used SOHO Routers

Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor.

A Guide to Surviving a Ransomware Attack

Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.

Mitel VoIP Bug Exploited in Ransomware Attacks

Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data

CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers.

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.

Elusive ToddyCat APT Targets Microsoft Exchange Servers

The threat actor targets institutions and companies in Europe and Asia.

Kazakh Govt. Used Spyware Against Protesters

Researchers have discovered that a Kazakhstan government entity deployed sophisticated Italian spyware within its borders.

China-linked APT Flew Under Radar for Decade

Evidence suggests that a just-discovered APT has been active since 2013.

Linux Malware Deemed ‘Nearly Impossible’ to Detect

Symbiote, discovered in November, parasitically infects running processes so it can steal credentials, gain rootlkit functionality and install a backdoor for remote access.

Potent Emotet Variant Spreads Via Stolen Email Credentials

The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns.

Paying Ransomware Paints Bigger Bullseye on Target’s Back

Ransomware attackers often strike targets twice, regardless of whether the ransom was paid.

Black Basta Ransomware Teams Up with Malware Stalwart Qbot

The novel cybercriminal group tapped the ever-evolving info-stealing trojan to move laterally on a network in a recent attack, researchers have found.

Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again

Deja-Vu data from this year's DBIR report feels like we are stuck in the movie 'Groundhog Day.'

Evil Corp Pivots LockBit to Dodge U.S. Sanctions

The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity.

International Authorities Take Down Flubot Malware Network

The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.

EnemyBot Malware Targets Web Servers, CMS Tools and Android OS

Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.

Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack

Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.

Cybergang Claims REvil is Back, Executes DDoS Attacks

Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.

Link Found Connecting Chaos, Onyx and Yashma Ransomware

A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.

Verizon Report: Ransomware, Human Error Among Top Security Risks

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.

Fronton IOT Botnet Packs Disinformation Punch

Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.

Snake Keylogger Spreads Through Malicious PDFs

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

DOJ Says Doctor is Malware Mastermind

The U.S. Department of Justice indicts middle-aged doctor, accusing him of being a malware mastermind.

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers.

Malware Builder Leverages Discord Webhooks

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.

Ransomware Deals Deathblow to 157-year-old College

Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much.

Conti Ransomware Attack Spurs State of Emergency in Costa Rica

The threat group has leaked data that it claims was stolen in the breach and is promising more government-targeted attacks.

Low-rent RAT Worries Researchers

Researchers say a hacker is selling access to quality malware for chump change.

USB-based Wormable Malware Targets Windows Installer

Activity dubbed ‘Raspberry Robin’ uses Microsoft Standard Installer and other legitimate processes to communicate with threat actors and execute nefarious commands.

Attackers Use Event Logs to Hide Fileless Malware

A sophisticated campaign utilizes a novel anti-detection method.