It’s been a quiet week, with even threat actors appearing to take some time off for the holidays. We did not see much research released on ransomware this week, with most of the news focusing on new attacks and LockBit affiliates increasingly targeting hospitals. […]
Hospitals ask courts to force cloud storage firm to return stolen data
Two not-for-profit hospitals in New York are seeking a court order to retrieve data stolen in an August ransomware attack that’s now stored on the servers of a Boston cloud storage company. […]
Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts
Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named “MultiLogin” to restore expired authentication cookies and log into users’ accounts, even if an account’s password was reset. […]
Albanian Parliament and One Albania Telecom Hit by Cyber Attacks
The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week.
“These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure,” AKCESK said.
One Albania, which has
“These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure,” AKCESK said.
One Albania, which has
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information.
The activity, which was detected by the agency between December 15 and 25, 2023, targets government entities
The activity, which was detected by the agency between December 15 and 25, 2023, targets government entities
Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks
Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines.
South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky.
“A notable point about attacks that
South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky.
“A notable point about attacks that
Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks
Microsoft on Thursday said it’s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware.
“The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence
“The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence
Game mod on Steam breached to push password-stealing malware
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. […]
Steam game mod breached to push password-stealing malware
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. […]
Eagers Automotive halts trading in response to cyberattack
Eagers Automotive has announced it suffered a cyberattack and was forced to halt trading on the stock exchange as it evaluates the impact of the incident. […]