During a routine dark web monitoring by our experts in iZOOlogic, it has come to our attention that the web portal of an Indian state, Telangana, has been allegedly hacked by a threat actor and stolen sensitive data, likely containing personally identifiable information (PII) of citizens and important entities of the state. Based on our...Continue Reading
The widely coveted global beverage chain, Starbucks, has recently reported a cyberattack incident in its Singaporean division that affected more than 219,000 customers. According to reports, a threat actor first posted on the dark web on September 10, selling Starbucks’ database that contained about 219,675 customer data. To verify the uploaded database, a threat actor...Continue Reading
Based on reports, China-based scammers have nabbed more than $500 million from Indian nationals through instant lending applications, bogus cryptocurrency trading schemes, and part-time job baits. Last month, cybersecurity authorities busted a chain of cybercriminals worth over $300 million, but the total did not include the crypto-related scams. As told by a local media outlet,...Continue Reading
Breaking news has been spotted by our threat monitoring team in iZOOlogic about the TikTok platform allegedly suffering from a data breach attack that could expose millions of users to potential compromise. First shared from a tweet posted by a security researcher, TikTok’s massive internal backend source code was purportedly stored on an Alibaba Cloud...Continue Reading
The researchers from iZOOlogic’s threat monitoring team had recently observed an active Facebook campaign targeting Indian clients and entities, wherein malicious and abusive content is propagated through a defined and limited audience. Several of our clients from India have reported these tactics to our threat monitoring team. However, as we attempted to view the reported...Continue Reading
Researchers from Microsoft disclosed the details of an extensive phishing operation that exclusively steals the passwords of its targets, which can also bypass MFA authentication. The new phishing strategy is called Adversary-in-the-Middle (AitM). Subsequently, the threat actors use previously stolen credentials from past attacks to operate a BEC campaign against new targets. Based on reports,...Continue Reading
Threat actors abused a zero-day vulnerability to perform remote code execution against online shops that use the PrestaShop platform, aiming to steal people’s payment information. After learning about the incident, the e-commerce platform’s team immediately warned about 300,000 online shops that use their service. With the zero-day flaw tracked as CVE-2022-36408, it first targets a...Continue Reading
A malicious threat campaign conducted by an identified group of hackers has been targeting the Elastix VoIP telephony servers and systems to deploy multiple PHP web shells. Unfortunately, there are already more than half a million malware samples that the researchers uncovered in just three months. Based on reports, cybersecurity experts claim that the threat...Continue Reading
Despite Google’s efforts to employ advanced security measures to stop malicious applications from being uploaded to the Google Play Store, many threat actors are still finding ways to sneak their apps onto the platform to victimise the app store’s users. Nonetheless, the tech giant is still actively taking steps to find these malware-infested applications, specifically...Continue Reading
Researchers have revealed new details regarding a newly discovered security flaw in the Netwrix Auditor application, which allows threat actors to compromise the Active Directory Domain. If an attacker successfully exploits the Netwrix vulnerabilities, it could result in arbitrary code execution on the impacted device. Based on a report, the service in the Netwrix Auditor...Continue Reading
