Blog

SMiShing Incident Twilio Data Breach Social Engineering Fraud Prevention Impersonation

A SMiShing incident caused Twilio to be hit by data breach

A California-based communications firm, Twilio, had recently been attacked by hackers that breached their internal systems and stole customers’ sensitive data. Based on the investigation, a targeted staff of the firm were victimised by a SMiShing (SMS phishing) attack that lost their employee credentials to the hackers, allowing the breach to occur. Boasting over 5,000 staff...
Continue Reading
Raspberry Robin Malware Connected Evil Corp Threat Group

Raspberry Robin malware may be connected to the Evil Corp group

Microsoft researchers said last week that there might be a possible linkage between the Raspberry Robin malware and the Russian-based malicious threat group Evil Corp. Based on reports, several FakeUpdates malware were found being transmitted through the Raspberry infection that happened last month. Evil Corp was the unnamed access broker for the malware infection last July....
Continue Reading

Clipper malware used by threat actors to swap IBAN accounts

Malicious threat actors are conducting a fraud campaign that takes advantage of the complex structure of the International Bank Account Number (IBAN) numbering system. Reports reveal that the hackers use IBAN clipper malware to substitute legitimate IBAN accounts with attacker-controlled ones. A couple of months ago, a researcher monitored a group of threat actors on a...
Continue Reading
Neurology Hospital Firm Healthcare Indiana US Ransomware Attack Malware Goodman Campbell

A neurology firm in Indiana suffered from a ransomware attack

Indiana’s Goodman Campbell Brain and Spine neurology institution discloses a data breach incident that exposed the protected health information (PHI) of over 360,000 individuals on the dark web. Although there is no mentioned ransomware group linked with the attack, researchers believe that the notorious Hive group could be involved due to their aggressive cyberattacks against the...
Continue Reading
Yanluowang Ransomware Malware Threat Gang Data Breach Cisco Corporate Network

Yanluowang ransomware gang breached Cisco’s corporate network

On August 10, Cisco announced that the notorious Yanluowang ransomware gang had breached their corporate network last May. The threat group requested a ransom payment from the firm to keep the stolen files from being published online. However, the tech firm clarified that the stolen data were all non-sensitive, implying that the incident had no massive...
Continue Reading
Football Fans Online Ticket Scam Fraud Prevention Fake Tickets Social Media Fake Profiles Scammers Fraudsters

Football fans victimised by an online ticket scam campaign

Online scammers have recently targeted the fans of the popular sport football after reports were heard about them selling non-existent football tickets. Furthermore, analytics reveal that over £410 was the average loss per victim, with an uptick rate of 68% in cases from January to June. These scammers have leveraged the sport’s popularity to defraud its...
Continue Reading
Woody RAT Malware Compromised Systems Russia Threat Actors Phishing

Woody RAT malware compromised multiple Russian entities

A group of unidentified threat actors has targeted several Russian organisations with a new malware called Woody RAT. This RAT enables the attackers to take over and steal troves of data from infected devices remotely. One of the Russian entities that were compromised by this malware is a government-managed defence corporation. The researchers then added that...
Continue Reading
Ukraine Seized Bot Farm 1 Million Malicious Bots

Ukraine seized a bot farm consisting of over 1 million malicious bots

A massive bot farm that contained approximately 1 million bots for disseminating disinformation on social media platforms was taken down by the Ukrainian cyber police. Based on reports, the objective of the massive bot farm was to discredit information from the Ukrainian official state sources to destabilise social status. The cyber police noted that the threat...
Continue Reading
US Visit Taiwan China DDoS Cyberattacks Nancy Pelosi Threat Group

The US’ visit to Taiwan sparked several suspicious DDoS attacks

The recent United States House Speaker Nancy Pelosi’s visit to Taiwan has coincidentally overlapped with several unknown distributed denial-of-service (DDoS) attacks  against Taiwanese websites. These attacks created speculations that China-sponsored threat groups are the culprit of the current cyberattacks against Taiwan. Based on reports, the cybercriminal incident struck four significant websites owned by high-ranking entities such...
Continue Reading
MarsStealer Malware Fake Atomic Wallet Social Media Malvertising SEO Poisoning Fraud Prevention Cryptocurrency

Mars Stealer malware spread through fake Atomic Wallet site

Threat actors have been spotted operating a fake website that impersonates Atomic Wallet’s official portal to spread the Mars Stealer infostealer malware toward their targeted victims. Being one of the most popular decentralised wallets and cryptocurrency exchange portals, Atomic Wallet became a new target of threat actors to abuse and clone, aiming to spread malware. The...
Continue Reading
Manjusaka Hacking Framework Cobalt Strike Cyberattacks Chinese Hackers

The Manjusaka hacking framework linked to Cobalt Strike attacks

Chinese threat groups were found using a new hacking framework dubbed Manjusaka, which security experts have associated with Cobalt Strike and Sliver attack frameworks. As described in a report, Manjusaka is a Rust-based hacking framework with a Chinese-written user interface. This new tool is also freely available and helps threat actors to generate new implants through...
Continue Reading
Kimsuky Browser Extension Steal Email Content North Korea Threat Group

Kimsuky launches a new browser extension to steal email content

An alleged North Korean malicious threat group called Kimsuky was seen spreading a malicious browser extension for Microsoft Edge and Google Chrome. This newly discovered campaign aims to steal email content from open AOL and Gmail sessions and substitute browser preference files. According to the researcher, the malicious extension is named SHARPEXT. The Kimsuky threat group...
Continue Reading
CharmingKitten Tools TTPs Android Malware Mobile Telegram Infostealer Backdoor

Charming Kitten updates its arsenal by adding new tools and TTPs

Cybersecurity researchers discovered several new tools used by Charming Kitten after multiple errors appeared in OpSec. One of these kits is utilised for harvesting data from targeted Telegram accounts. Moreover, the researchers have found that the attackers had used strategies employed by the Iranian Islamic Revolutionary Guard Corps. Charming Kitten adopted the strategy to execute a...
Continue Reading
Bots Discord Telegram Social Media Chat Malware Infostealer Threat Actors Trojan

Bots from Discord and Telegram apps are used to spread malware

Threat actors reportedly leverage Discord and Telegram bots to spread malware and steal sensitive data from victims. Most of the attacks observed by researchers in this campaign were targeted against two of the most popular gaming platforms, Roblox and Minecraft. For instance, the content delivery network (CDN) on the Discord platform has been used for hosting...
Continue Reading
Android Apps Vector Banking Malware DawDropper Mobile Apps

Android apps vector of a banking malware called DawDropper

A malicious threat campaign that pushes Android dropper apps on Google Play Store seems to be the transmitter for distributing the DawDropper banking malware on compromised devices. According to researchers, more than a dozen Android applications are disguising themselves as utility and productivity apps. The researchers call the malware DawDropper, with infected apps ranging from utility...
Continue Reading
Researchers Spotted 3000 Apps Leak Twitter API Keys

Researchers spotted over 3,000 apps that leak Twitter API Keys

There are more than 3,000 mobile apps that threat actors can utilise to obtain unauthorised access to Twitter accounts. A cybersecurity firm revealed that the account takeover was possible because of a leaked authentic Consumer Key and Consumer Secret Information. The researchers unveiled that out of the 3,200 applications, 230 are leaking four authentication credentials and...
Continue Reading
Phishing Threat Actors MetaMask Steal Crypto Assets Crypto Wallet

Phishing actors target MetaMask users to steal crypto assets

New warnings were disseminated following a recent phishing campaign launched against the traders of a popular cryptocurrency wallet called MetaMask. According to the reports, the threat operators send phishing emails to the targeted MetaMask users with an attached malicious link that, if clicked, would deceive victims into giving away their credentials and seed phrases. An analysis...
Continue Reading
Imminent Monitor RAT Developer Seized AFP Australian Federal Police IM5 Dark Web

Imminent Monitor RAT developer gets seized by the AFP

Authorities arrested a malware developer from Australia after developing and selling the Imminent Monitor RAT (remote access trojan) to threat actors on the dark web, utilised for spying on victims. The trade of RAT variants on underground forums is quite a popular activity between malware developers and threat actors since RATs offer a wide array of...
Continue Reading
Security Flaw Dahua IP Cameras Hackers Spy ONVIF Vulnerability

A security flaw in Dahua’s IP cameras allows hackers to spy

Research shows that a vulnerability in Dahua’s Open Network Video Interface Forum or ONVIF standard implementation can allow attackers to take over the tech brand’s IP cameras. With a CVSS score of 7.4, the vulnerability tracked as CVE-2022-30563 could be exploited to compromise companies’ network cameras by reusing an unencrypted ONVIF interaction and replaying its credentials...
Continue Reading
Bandwidth Proxy Servers Stolen Hacked MS SQL Database Servers

Bandwidth for proxy servers stolen via hacked MS SQL servers

Hackers found a lucrative tactic by utilising malware, adware bundles, and hacking into MS SQL servers to convert devices into proxies borrowed through online proxy services. The threat actors install software called proxyware that allocates a targeted device’s internet bandwidth as a proxy server to steal its bandwidth. After stealing the bandwidth, a remote user can...
Continue Reading
1 2 3 55