Malware

Pierluigi Paganini October 17, 2023
Malware-laced ‘RedAlert – Rocket Alerts’ app targets Israeli users 

Threat actors are targeting Israeli Android users with a malicious version of the ‘RedAlert – Rocket Alerts’ that hide spyware. A threat actor is targeting Israeli Android users with a spyware-laced version of the ‘RedAlert – Rocket Alerts’ app, Cloudflare warns. RedAlert – Rocket Alerts is a mobile app that provides real-time alerts about incoming […]

Pierluigi Paganini October 16, 2023
Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

Microsoft thwarted a large-scale hacking campaign carried out by Akira ransomware operators targeting an unknown industrial organization. Microsoft announced that its Microsoft Defender for Endpoint helped to block a large-scale hacking campaign carried out by Akira ransomware operators (tracked by Microsoft as Storm-1567) The attack took place in early June 2023 and aimed at an industrial engineering […]

Pierluigi Paganini October 16, 2023
DarkGate malware campaign abuses Skype and Teams

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. From July to September, researchers from Trend Micro observed a malicious campaign DarkGate campaign abusing instant messaging platforms to deliver a VBA loader script to victims. The threat actors abused popular messaging platforms such as Skype and Teams […]

Pierluigi Paganini October 15, 2023
The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

The Alphv ransomware group added the Morrison Community Hospital to its dark web leak site. Threat actors continue to target hospitals. The ALPHV/BlackCat ransomware group claims to have hacked the Morrison Community Hospital and added it to its dark web Tor leak site. The group claims to have stolen 5TB of patients’ and employee’s information, […]

Pierluigi Paganini October 14, 2023
Lockbit ransomware gang demanded an 80 million ransom to CDW

The Lockbit ransomware gang claims to have hacked the technology services giant CDW and threatens to leak the stolen data. The technology services giant CDW announced it has launched an investigation into claims made by the Lockbit ransomware gang that added the company to the list of victims on its leak site. CDW Corporation is […]

Pierluigi Paganini October 13, 2023
Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. Cybersecurity company Check Point uncovered a malicious activity, tracked as Stayin’ Alive, that is targeting high-profile government and telecom entities in Asian countries, including Vietnam, Uzbekistan, Pakistan, and Kazakhstan. The campaign has been active since at least 2021, threat actors employed downloaders […]

Pierluigi Paganini October 12, 2023
Ransomlooker, a new tool to track and analyze ransomware groups’ activities

Ransomlooker monitors ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. Cybernews presented Ransomlooker, a tool to monitor ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. The researchers have created the tool to help cybersecurity experts in their daily jobs by providing real-time updates and actionable insights. It offers various […]

Pierluigi Paganini October 12, 2023
A new Magecart campaign hides the malicious code in 404 error page

Researchers observed a new Magecart web skimming campaign changing the websites’ default 404 error page to steal credit cards. Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code. The attacks are targeting a large number of Magento and WooCommerce websites, […]

Pierluigi Paganini October 11, 2023
Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

A Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to target routers from different vendors, including D-Link, Zyxel, and TP-Link. Fortinet researchers observed a new Mirai-based DDoS botnet, tracked as IZ1H9, that added thirteen new payloads to target routers from multiple vendors, including D-Link, Zyxel, TP-Link, and TOTOLINK. The experts observed a surge in botnet […]

Pierluigi Paganini October 09, 2023
The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. Cybersecurity researchers 3xp0rt reported that a threat actor that goes online with the moniker ‘kapuchin0’ (and also uses the alias Gookee) has leaked the source code of the HelloKitty ransomware on the XSS forum. kapuchin0 claims […]