LockBit Copycat DarkVault Spurs Rebranding Rumor

Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware

Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL,

10-Year-Old 'RUBYCARP' Romanian Hacker Group Surfaces with Botnet

A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with The Hacker News. "Its primary method of operation

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet

Change Healthcare Faces Second Ransomware Dilemma

Bing Ad Posing As NordVPN Aims To Spread SecTopRAT Malware

Google Sues App Developers Over Fake Crypto Investment App Scam

Google has filed a lawsuit in the U.S. against two app developers for allegedly engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns. The individuals in question are Yunfeng Sun (aka Alphonse Sun) and Hongnam

From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader application to view the content. According to Fortinet FortiGuard Labs, clicking the URL

Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the uncategorized monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Also previously linked to the exploitation spree is a Chinese

Security Pioneer Ross Anderson Dies At 67

Cryptocurrency and Blockchain security due diligence: A guide to hedge risk

Blockchain technology has experienced remarkable adoption in recent years, driven by its use across a broad spectrum of institutions, governments, retail investors, and users. However, this surge in… Read more on Cisco Blogs

Major Linux Distributions Impacted By XZ Utils Backdoor

Indian Government Rescues 250 Citizens Forced into Cybercrime in Cambodia

The Indian government said it has rescued and repatriated about 250 citizens in Cambodia who were held captive and coerced into running cyber scams. The Indian nationals "were lured with employment opportunities to that country but were forced to undertake illegal cyber work," the Ministry of External Affairs (MEA) said in a statement, adding it had rescued 75 people in the past three

Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware

Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a report published Friday. One

Ubuntu Will Manually Review Snap Store After Crypto Wallet Scams

Sam Bankman-Fried Sentenced To 25 Years In Prison

Sam Bankman-Fried's Sentencing Hearing Over FTX Fraud Begins Today

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining

Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to take over the companies' computing power and leak sensitive data," Oligo Security researchers Avi

Ransomware Can Mean Life Or Death At Hospital, But DEF CON Hackers Have A Plan

U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. "The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent prefetcher (DMP) to target constant-time cryptographic implementations and capture sensitive data

German Police Seize 'Nemesis Market' in Major International Darknet Raid

German authorities have announced the takedown of an illicit underground marketplace called Nemesis Market that peddled narcotics, stolen data, and various cybercrime services. The Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said it seized the digital infrastructure associated with the darknet service located in Germany and Lithuania and confiscated €94,000 ($102,107)

GoFetch - Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers

Ransomware, RATs, And More Deployed On Compromised TeamCity Servers

U.S. Sanctions Russians Behind 'Doppelganger' Cyber Influence Campaign

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations. Ilya Andreevich Gambashidze (Gambashidze), the founder of the Moscow-based company Social Design Agency (SDA), and Nikolai Aleksandrovich Tupikin (Tupikin), the CEO and

TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks

Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of CVE-2024-27198 (CVSS score: 9.8) that enables an adversary to bypass authentication measures and gain administrative

New BunnyLoader Malware Variant Surfaces with Modular Attack Features

Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims," Palo Alto Networks

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky (aka Emerald Sleet, Springtail, or Velvet Chollima). "The malware payloads used in

STOP Ransomware Gains Stealthier Variant

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs

Member Of LockBit Ransomware Group Sentenced To 4 Years In Prison

Banish OEM Self-Signed Certs And Roll Your Own LetsEncrypt

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit

Bitcoin Fog Operator Convicted Of Laundering $400M In Bitcoins On Darknet

Danchev's EXIF Analysis Of Conti Ransomware Gang Marketing Material

EquiLend Ransomware Attack Leads To Data Breach

Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets

Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet. The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs. The packages were collectively downloaded 7,451 times prior to them being removed from

Binance’s Top Crypto Crime Investigator Is Being Detained in Nigeria

Tigran Gambaryan, a former crypto-focused US federal agent, and a second Binance executive, Nadeem Anjarwalla, have been held in Abuja without passports for two weeks.

Ransomware Attack Causes British Library To Push The Cloud Button

BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks

The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident "began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of

Bitcoin Briefly Rises To Record High Over $70,000

Change Healthcare Hacker Linked To Espionage Gangs

Cisco Patches High Severity Vulnerabilities In VPN Product

Belgian Ale Legend Duvel’s Brewery Borked As Ransomware Halts Production

Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks

Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said. The activity is part of a&

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. “The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and

Anatomy Of A BlackCat Attack Through The Eyes Of Incident Response

Uncle Sam Intervenes As Change Healthcare Ransomware Fiasco Creates Mayhem

Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout

The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice." "There

Ransomware Ban Backers Insist Thugs Must Be Cut Off From Payday

New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users

A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed CryptoChameleon that’s designed to primarily target mobile devices. “This kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combination of email, SMS, and voice phishing to trick the target into sharing

Bitcoin Scorches Past $57,000 As Big Buyers Flock In

China Warns Of Fake Digital Currency Wallets Fleecing Netizens

WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites

A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw. In an advisory published last week, WordPress

Lockbit Cybercrime Gang Says It Is Back Online Following Bust

North Korean Hackers Targeting Developers with Malicious npm Packages

A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show. The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils. One of the packages in question, execution-time-async, masquerades as its legitimate

Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessage

Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the threat of a practical quantum computer. "With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach

Threat Actors Quick To Abuse SSH-Snake Worm-Like Tool

ConnectWise Exploit Could Spur Ransomware Free-For-All