Kinsing malware operators are exploiting the security vulnerabilities in the WebLogic Server to expand their attack scope and rapidly multiply their crypto miners. According to researchers, the Kinsing operators are extremely financially motivated in each attack. They were recently seen abusing a particular flaw to deploy Python scripts to deactivate several OS service agents and...Continue Reading
In a joint advisory from the FBI, CISA, and MS-ISAC, school districts in the US are warned about the increase in the observed cyberattacks conducted by the Vice Society ransomware gang. As the new school year is coming closer, federal law authorities expect these ransomware attacks to propagate more. Network defenders were also provided with...Continue Reading
The James Webb telescope becomes the newest vector for another malware campaign, dubbed GO#WEBBFUSCATOR, wherein its operators spread malware through phishing emails, malicious files, and space images captured by the world-renowned optical telescope. Based on the investigations, the malware is a Golang-based payload that can affect cross-platform of multiple operating systems and could effectively evade...Continue Reading
The Ministry of Agriculture in the Dominican Republic has suffered from a Quantum ransomware campaign that encrypted several workstations and services. This attack has caused significant disruptions throughout the government agency. The Ministry of Agriculture, called The Instituto Agrario Dominicano (IAD), oversees Agrarian Reform programs in the Dominican Republic. Based on reports, the ransomware attack...Continue Reading
The geopolitical conflict between Ukraine and Russia has caused the emergence of different wiper malware variants that caused havoc in other countries. Cybersecurity researchers noticed that although some variants did not originate from Russia, they still align with the country’s interests. Several malware strains are utilised to lay waste in Ukraine and compromise entities worldwide....Continue Reading
Numerous malware-infected software is being promoted on search engines as threat actors take advantage of people searching for copies of pirated computer applications and software online. These campaigns have been going on and disrupted by cybersecurity authorities ever since, although some continue to operate to victimise people. In usual scenarios, the threat actors in these...Continue Reading
The BlackByte ransomware introduced a new upgrade for their cybercriminal activity after researchers spotted an unknown sample from them. In this report, the BlackByte operators used a new extortion tactic adopted from LockBit. After a quick hiatus, the BlackByte ransomware operation is endorsing their new data leak website on several hacking forums, and through social...Continue Reading
The South Staffordshire Water company that supplies over 300 million litres of drinking water to 1.6 million consumers daily has confirmed that the Clop ransomware gang has disrupted their IT systems. Fortunately, the company’s safety and water distribution systems are still ongoing. South Staffordshire Water assured that all their service teams operate like a standard...Continue Reading
Several malicious threat actors have been spreading SmokeLoader by exploiting previously known vulnerabilities, including two known flaws CVE-2017-11882 and CVE-2017-0199. Reports stated that researchers had fixed these vulnerabilities, but some threat actors still manage to find a method to abuse it for attacks, especially malware delivery. Several researchers said SmokeLoader was available on the underground...Continue Reading
Malicious threat actors are conducting a fraud campaign that takes advantage of the complex structure of the International Bank Account Number (IBAN) numbering system. Reports reveal that the hackers use IBAN clipper malware to substitute legitimate IBAN accounts with attacker-controlled ones. A couple of months ago, a researcher monitored a group of threat actors on...Continue Reading
