A new ransomware operation has been found with a unique method of selling its decryptors through Roblox, a gaming platform that uses its in-game currency, Robux. Roblox is a game designed for kids, and one of its features is that it allows its members to develop their games and monetise them by selling ‘Game Passes.’...Continue Reading
Malicious threat groups have targeted more than a hundred Elasticsearch databases and substituted nearly 500 indexes with ransom notes in their recent cybercriminal activities. The ransom demands reached about $280,000, and each request was approximately $600. According to a researcher, they have observed cybercriminals receiving payments through a Bitcoin wallet address. They also noted that...Continue Reading
The SideWinder APT group has included a new custom tool for malware strains in phishing attacks distributed to Pakistani organisations. The phishing links are attached to emails impersonating legitimate notifications and services of government departments and organisations in Pakistan. SideWinder, an advanced persistent threat group that has been active since 2012, primarily focuses on attacking...Continue Reading
Researchers have published a report regarding the increased utilisation of the Browser Automation Studio or BAS framework developed by Bablosoft, which threat actors actively use for its free-to-use browser functionality. The framework contains several functions that threat actors can utilise for illegal activities. It is a Windows-only automation environment used for different capabilities in browser-related...Continue Reading
A newly discovered security flaw has been found in the open-source Horde Webmail client, which hackers can exploit to gain control and perform remote code execution (RCE) on the email server by sending a malicious email to a victim. According to researchers, if the victim views the malicious email, the adversary can elusively take complete...Continue Reading
A new version of the XLoader botnet has been found using probability theory in obfuscating its command-and-control (C2) servers to become more resistant to being disrupted by security analysts. The method used by the botnet’s operators allows them to remain on the same infrastructure without losing nodes while also evading detection. Being initially based on...Continue Reading
The ChromeLoader browser hijacker has been increasingly active in attacking several browsers this month. A constant increase in the volume of attacks has been detected since the year started. The hijacker alters victims’ web browser settings to portray search results with unwanted software, adult games, explicit content, fake giveaways and dating websites. Its operators receive...Continue Reading
A high chance of websites being exposed to third-party JavaScripts has recently been identified by researchers, with a further concern of threat actors having an easy way to exploit them to inject malicious codes into the sites. In a normal occurrence, webpages load a third-party script into a browser coming from an external server that...Continue Reading
A malicious Python backdoor has been discovered by researchers in the PyPI registry operating a supply chain attack. These newly discovered attacks aim to deploy backdoors and Cobalt Strike beacons in different OSs such as Windows, Linux, and macOS. The threat actors launched a malicious package coded as ‘pymafka’ in the PyPI. The name is...Continue Reading
The popular search engine DuckDuckGo, which has claimed maximum browsing privacy for its users, reportedly allows Microsoft trackers on third-party websites. This report is discovered from an agreement between the two tech firms about their syndicated search content contract. DuckDuckGo had long assured its users of a private browsing experience, including not allowing trackers to...Continue Reading
