Threat Intelligence Cybersecurity Hacking News

As we bring you the news from the past 24 hours, we can’t help but note that the weekend was rife with various data breaches. A hacker infected the internal systems of a digital security company. In the same vein, a prolific ransomware gang claimed to have hacked an Italian government agency. In other news, the Konni RAT is back in another campaign against the EU. Read along for more.

  1. Digital security giant Entrust suffered a data breach, resulting in the theft of essential corporate data. The breach impacts the DOJ, the DOE, and the USDT, among others.

  2. The LockBit ransomware group claimed to have stolen 78GB of files—contracts, company documents, financial reports, and scans—from the Italian Revenue Agency.

  3. A threat actor leaked out the data, including emails and phone numbers, of 5.4 million Twitter users, which is for sale for at least $30,000. The data was obtained by exploiting a flaw that allows an unauthenticated user to get a Twitter ID.

  4. The Town of St. Marys in Ontario, Canada, was hit by a ransomware attack, allegedly by LockBit. The attack locked the town’s internal server and encrypted data.

  5. The City of Newport, Rhode Island, is informing current and past municipal employees of a suspected cyberattack that potentially left specific personal information exposed.

  6. North Korea-based APT37 is targeting high-value organizations in Poland, the Czech Republic, and other European countries, with Konni RAT. The campaign is dubbed STIFF#BIZON.

  7. PB Fintech disclosed a data breach that impacted its insurance broking arm Policybazaar’s system. Investigation into the matter is ongoing and no significant data has been exposed, claimed the firm.

  8. Oklahoma City Housing Authority is informing individuals of a potential data breach that exposed their SSNs, names, driver’s license, government ID, medical information, and financial information.

  9. The SmokeLoader malware was found distributing a new variant of the Amadey bot, via keygen and software cracks. Previously, Amadey relied on the Fallout and Rig exploit kits.

  10. Cyber insurance provider, Acrisure, acquired Catalyst Technology Group and ITS Inc. for an undisclosed sum. The acquired firms are Indianapolis- and Maine-based MSPs, respectively.

  11. A new phishing campaign, named Ducktail, was found targeting professionals on LinkedIn to take over their Facebook business accounts. The allegedly Vietnamese threat actor seeks out people with admin privileges.

  12. Kaspersky found the CosmicStrand UEFI malware in the firmware images of ASUS and Gigabyte motherboards. The images come with a modified driver that enables a legacy boot process.

  13. Multiple infostealers, including Blitzed Grabber, Mercurial Grabber, 44Caliber, and X-Files, are being propagated via Discord and Telegram, found Intel 471.

  14. Adversaries are targeting websites using PrestaShop, an open source e-commerce platform, by abusing a zero-day to execute arbitrary code and steal payment information.

  15. The Robin Banks threat actor established a new PhaaS platform and is selling phishing kits to threat actors specialized in social engineering schemes. The kits target organizations in the U.S., the U.K, Canada, and Australia.

  16. The source code of a new Rust-coded infostealer, Luca Stealer, has been released for free in underground forums. The stealthy malware has a detection rate of only 2% in VirusTotal and is in active use.

  17. The Biden administration released guidance on cybersecurity funding priorities—Defense and Resilience of Government Networks; Cross-Sector Collaboration in Defense of Critical Infrastructure, and Foundations of Our Digitally-Enabled Future—that should be adhered to by federal agencies for fiscal year 2024.

  18. Instances of threat actors leveraging the Microsoft brand to conduct phishing attacks have increased by 266% in Q1 2022, as compared to the previous year. Fake Facebook messages surged by 177% in Q2 2022.

  19. A new campaign infected 207 websites with malicious code, built to launch a cryptominer by leveraging WebAssembly on the browser. As WebAssembly is in a binary format, the campaign is difficult to analyze by conventional antivirus.

  20. Data security platform Sotero raised $13 million in seed funding, led by OurCrowd. Existing investors Boston Seed Capital, Gutbrain Ventures, and PBJ Capital were other participants.

10 views0 comments

Recent Posts

See All