A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice … [Read more...] about LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
cyber security news
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to … [Read more...] about Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
Dec 19, 2024Ravie LakshmananSupply Chain / Software Security Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and … [Read more...] about Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
Dec 18, 2024Ravie LakshmananEmail Security / Cloud Security Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot … [Read more...] about HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
Dec 17, 2024Ravie LakshmananMalware / Credential Theft A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit … [Read more...] about Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
Dec 16, 2024Ravie LakshmananMalvertising / Threat Intelligence Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. "Entirely reliant on a single ad network for … [Read more...] about DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action
Dec 14, 2024Ravie LakshmananBotnet / Ad Fraud Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and … [Read more...] about Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action
Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques
Dec 14, 2024Ravie LakshmananMalware / Cyber Threat Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior engineer for Netskope's Security … [Read more...] about Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
Dec 13, 2024Ravie LakshmananCyber Attack / Malware A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers … [Read more...] about 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
Credentials and API Keys Leaking Online
Dec 12, 2024Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters, often lacking proper authentication, … [Read more...] about Credentials and API Keys Leaking Online