Cyber Crime

Pierluigi Paganini June 05, 2023
Experts warn of a surge of TrueBot activity in May 2023

VMware’s Carbon Black Managed Detection and Response (MDR) team observed a surge of TrueBot activity in May 2023. Researchers at VMware’s Carbon Black Managed Detection and Response (MDR) team warn of a surge of TrueBot activity in May 2023. Truebot has been active since 2017 and some researchers linked it to the Silence Group, while a […]

Pierluigi Paganini June 05, 2023
Magecart campaign abuses legitimate sites to host web skimmers and act as C2

A new ongoing Magecart web skimmer campaign abuse legitimate websites to act as makeshift command and control (C2) servers. Akamai researchers discovered a new ongoing Magecart web skimmer campaign aimed at stealing personally identifiable information (PII) and credit card information from users in North America, Latin America, and Europe. Magecart attacks target e-commerce websites, the […]

Pierluigi Paganini June 05, 2023
Spanish bank Globalcaja confirms Play ransomware attack

Play ransomware group claims responsibility for a ransomware attack that hit Globalcaja, one of the major banks in Spain. Globalcaja is a financial institution in the autonomous community of Castilla-La Mancha, it has more than 300 offices across Spain and provides banking services to more than half a million clients. Globalcaja was the victim of […]

Pierluigi Paganini June 04, 2023
Xplain hack impacted the Swiss cantonal police and Fedpol

Several Swiss cantonal police, the army, customs and the Federal Office of Police (Fedpol) were impacted by the attack against IT firm Xplain.  Swiss police launched an investigation into the cyber attack that hit the Bernese IT company Xplain, which provides its services to several federal and cantonal government departments, the army, customs, and the Federal […]

Pierluigi Paganini June 03, 2023
New Linux Ransomware BlackSuit is similar to Royal ransomware

Experts noticed that the new Linux ransomware BlackSuit has significant similarities with the Royal ransomware family. Royal ransomware is one of the most notable ransomware families of 2022, it made the headlines in early May 2023 with the attack against the IT systems in Dallas, Texas. The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has […]

Pierluigi Paganini June 02, 2023
Point32Health ransomware attack exposed info of 2.5M people

After the recent ransomware attack, Point32Health disclosed a data breach that impacted 2.5 million Harvard Pilgrim Health Care subscribers. In April, the non-profit health insurer Point32Health took systems offline in response to a ransomware attack that took place on April 17. The insurer immediately launched an investigation into the incident with the help of third-party […]

Pierluigi Paganini June 01, 2023
Apps with over 420 Million downloads from Google Play unveil the discovery of SpinOk spyware

Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. The malicious module is distributed as a marketing SDK that developers behind the apps embedded in their applications and games, including those available on Google Play. Upon executing the module, the malware-laced SDK connects to the C2 […]

Pierluigi Paganini June 01, 2023
BlackCat claims the hack of the Casepoint legal technology platform used by US agencies

The BlackCat ransomware gang claims to have hacked the Casepoint legal technology platform used US agencies, including SEC and FBI. The cybersecurity researcher Dominic Alvieri first noticed that the BlackCat ransomware gang added the company Casepoint to the list of victims on its Tor Dark Web site. Casepoint provides a leading legal discovery platform used by […]

Pierluigi Paganini May 31, 2023
Swiss real estate agency Neho fails to put a password on its systems

A misconfiguration of Swiss real estate agency Neho’s systems exposed sensitive credentials to the public. Neho, a Switzerland-based real estate agency, leaked credentials recently, potentially allowing threat actors to prey on sensitive data about the company and its clients. The Cybernews research team discovered a misconfiguration in the website that exposed sensitive credentials to […]

Pierluigi Paganini May 30, 2023
Beware of the new phishing technique “file archiver in the browser” that exploits zip domains

“file archiver in the browser” is a new phishing technique that can be exploited by phishers when victims visit a .ZIP domain. A new phishing technique called “file archiver in the browser” can be used by phishers to “emulate” a file archiver software in a web browser when a victim visits a .ZIP domain. The […]