A new dark web marketplace selling premium data stolen from organizations has come under the spotlight recently. Reports suggest that the threat actors are promoting the Industrial Spy darknet market through malicious executables, software cracks, and adware. In another update, the operators behind Emotet trojan are aggressively targeting systems worldwide by leveraging a variety of maldocs as a lure.
The crypto market has again collapsed due to a new cyberattack during the weekend. The attackers drained out over $180 million worth of cryptocurrency by exploiting a Defi platform, named Beanstalk.
Top Breaches Reported in the Last 24 Hours
GitHub reveals a security breach
GitHub reported that threat actors used stolen OAuth user tokens to exfiltrate private data from several organizations. The stolen OAuth tokens were linked to two OAuth integrators, Heroku and Travis-CI. The first intrusion was detected on April 12 after the company’s security team identified unauthorized access to its npm production infrastructure using a compromised AWS API key.
Beanstalk Farms loses $182 million
Beanstalk Farms, an Ethereum-based stablecoin protocol, suffered a loss of around $182 million following a cyberattack. The attackers got away with around $80 million of crypto tokens by projecting a flash loan on the lending platform Aave, which is used to amass a large amount of Beanstalk’s native governance token, Stalk.
Top Malware Reported in the Last 24 Hours
Recent Emotet attack trends
Researchers observed that the recent Emotet outbreak is being spread through various malicious Microsoft Office files that come attached with phishing emails. The emails include ‘Re:’ or ‘Fe:’ in the subject line. The attached Excel files and Word documents contain the ‘Enable Content’ button that, if clicked, causes the download of malicious macros.
Top Vulnerabilities Reported in the Last 24 Hours
CISA adds new flaws to its list
New Threat in Spotlight
Karakurt linked to Conti hacking group
Security researchers have found a connection between Conti ransomware and the recently emerged Karakurt data extortion group. The intelligence team has managed to connect the dots by obtaining remote access to multiple servers that are actively being used as C2 communication systems by threat actors. Since its inception in December 2021, the Karakurt group has claimed more than 40 victims across the globe.
Industrial Spy marketplace launched
Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies. While the premium stolen datasets are priced at millions of dollars, lower-tier data are sold for as little as $2. The marketplace also offers free stolen data packs in a bid to attract more threat actors to use the site.