Top Malware Reported in the Last 24 Hours
A new phishing campaign distributing the Ursnif malware has been discovered. The cybercriminals behind the campaign were using a new technique that involves using hijacked e-mail accounts to send the malware camouflaged as a part of an ongoing e-mail conversation thread. The campaign has been targeting victims across North America and Europe. Ursnif is capable of stealing data such as email credentials, browser cookies, financial information, and video screen grabs.
The Panda Banker trojan was recently found being delivered via the Emotet malware's distribution platform. Panda Banker, which is a variant of the Zeus banking trojan, first emerged in 2016. Previously, the malware was distributed via the Angler, Neutrino, and Nuclear exploit kits. Panda Banker is capable of stealing banking information, credit card data, as well as cryptocurrency wallet data. The current campaign has been targeting victims across the US, Canada, and Japan. So far, the cybercriminals behind the campaign have targeted banks, credit card companies, a porn video streaming service and an e-commerce firm.
Top Breaches Reported in the Last 24 Hours
Hetzner data breach
Hetzner recently suffered a breach which may have compromised the personal information of its customers. The breach likely exposed customers' names and email addresses, their phone numbers, bank account details, identity number, and VAT numbers. The firm has notified its customers about the breach and has also conducted a comprehensive security audit.
SpankChain, a cryptocurrency based on the adult industry, was hacked and around $40,000 worth of Ethereum was stolen. SpankChain utilizes Ethereum and a smart token named BOOTY which is used to tip adult models during live cam shows. The attackers exploited a bug in the network's payment channel smart contract, which allowed attackers to freeze $40,000 worth of SpankChain BOOTY tokens.
Multiple gaming firms were hit by a slew DDoS attacks. Those affected include Final Fantasy XIV’s creator Square Enix and Ubisoft. Other games affected in the DDoS attack include the Rainbow Six Siege, For Honor, and Assassin's Creed Odyssey.