Security Affairs

Evil Corp Rebrands Their Ransomware to Macaw Locker to Evade US Sanctions

The Macaw Locker ransomware encrypts victims’ files and append the .macaw extension to the file name of the encrypted files. It drops ransom notes with a link to a unique victim negotiation page.

TeamTNT Threat Group Deploys Malicious Docker Image on Docker Hub to Distribute Hacking Tools

The malicious Docker image was hosted in Docker Hub under the handle name alpineos, a community user who joined Docker Hub on May 26, 2021. Reportedly, the profile was hosting 25 Docker images.

Update: Ecuador’s Banco Pichincha has yet to recover after recent cyberattack

The bank issued a statement on Monday to inform customers about the cyberattack, it also added to have “identified a cybersecurity incident in our systems that has partially disabled our services.”

Update: Twitch security breach had minimal impact, the company states

According to the update, Twitch passwords have not been exposed. The company believes that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed.

Python-based FreakOut Botnet Adds PoC Exploit for Visual Tools DVRs to its Arsenal

Operators behind the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet have added a PoC exploit for Visual Tools DVR, a professional digital video recorder used in surveillance video systems.

Adobe addresses four critical flaws in its products

The IT giant addressed four vulnerabilities in Acrobat and Reader for Windows and macOS, including two critical arbitrary code execution flaws, tracked as CVE-2021-40728 and CVE-2021-40731. servers exposed via misconfiguration

The exposed configuration file, first indexed on an IoT search engine on September 7, appears to be the main configuration file of the application hosted on the ‘upliftmedia’ subdomain of

Researchers dumped Gigabytes of data from Agent Tesla C2 Servers

Resecurity, Inc. and its cyber threat intelligence and R&D unit, HUNTER, drained the Agent Tesla Command & Control Servers (C2) and extracted over 950GB of logs, files, and other information.

TA544 group behind a spike in Ursnif malware campaigns targeting Italy

Proofpoint researchers have discovered a new Ursnif baking Trojan campaign carried out by a group tracked as TA544 that is targeting organizations in Italy. The experts observed nearly 20 notable campaigns.

LockBit 2.0 ransomware hit Israeli defense firm E.M.I.T. Aviation Consulting

The threat actors claim to have stolen data from the company and are threatening to leak them on the dark web leak site of the group in case the company will not pay the ransom.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags