Month: October 2022

0 Comments
A novel ransomware campaign has been spotted targeting organizations in the transportation and logistics industries in Ukraine and Poland using a previously unidentified ransomware payload. Dubbed “Prestige ranusomeware” by its creators, the malware was observed by the Microsoft Threat Intelligence Center (MSTIC), targeting several organizations on October 11 in attacks occurring within an hour of
0 Comments
Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19. The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft to sign malicious artifacts deployed during the infection chain to evade detection.
0 Comments
More than a dozen organizations operating in various verticals were attacked by the threat actor This week, ESET researchers published their analysis of previously undocumented backdoors and cyberespionage tools that the POLONIUM APT group has deployed against targets in Israel. The group has used at least seven different custom backdoors in the past year, and
0 Comments
Performance and security company Cloudflare reported that it stopped a 2.5Tbps distributed denial-of-service (DDoS) attack in Q3 2022 launched by a Mirai botnet against Minecraft server Wynncraft. The data comes from the company’s latest DDoS Threat Report, which includes insights and trends about the DDoS threat landscape in the third quarter of 2022. “Multi-terabit strong
0 Comments
A new threat cluster, tracked by SentinelLabs as WIP19, has been targeting telecommunications and IT service providers across the Middle East and Asia. According to the security experts, the group is characterized by the use of a legitimate, stolen digital certificate issued by DEEPSoft, a Korean company specializing in messaging solutions.  “Throughout this activity, the
0 Comments
ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group ESET researchers reveal their findings about POLONIUM, an advanced persistent threat (APT) group about which little information is publicly available and its initial compromise vector is unknown. POLONIUM is a cyberespionage group first documented by Microsoft Threat
0 Comments
A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. “Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run
0 Comments
Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD),
0 Comments
Japanese car giant Toyota has warned that nearly 300,000 customers may have had their personal data leaked after an access key was publicly available on GitHub for almost five years. In a statement on its website, Toyota said that the email addresses and customer control numbers of 296,019 people who have used T-Connect, a telematics
0 Comments
by Paul Ducklin The second Tuesday of every month is Microsoft’s regular day for security updates, still known by almost everyone by its unofficial nickname of “Patch Tuesday”. But the second Tuesday in October is also Ada Lovelace Day, celebrating Ada, Countess of Lovelace. Ada was a true pioneer not only of computing, but also
0 Comments
The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week.