Share Blog Post
- The FBI used backdoors, which Halfnium hackers exploited to enter Exchange Servers globally, to remotely delete web shells from hundreds of impacted servers.
- The Internet of Secure Things Alliance (ioXt) launched a new security certification for VPNs and mobile apps. The compliance program consists of a set of security-related requirements against which apps can be certified.
- The SolarWinds attack was officially attributed to Russia’s Foreign Intelligence Service - SVR. The NSA, FBI, and CISA issued a joint advisory warning of SVR’s activities against various organizations.
- Babuk ransomware operators reportedly posted 500GB worth of Houston Rockets’ internal business data—contracts, NDA, and financial data—on its dark web forum.
- Employment-oriented service users in the U.S., the Middle East, and Canada are being targeted with customized phishing emails that attempt to hijack their LinkedIn accounts or promote fake LinkedIn email leads.
- Two Tasmanian casinos were forced to shut down following a ransomware attack. The attack affected hotel booking systems, as well as the slot machines.
- Celsius Network, a cryptocurrency rewards platform, underwent a security breach, which, in turn, led to a phishing attack on its customers. This breach resulted in the loss of partial customer list of the company.
- More than 100,000 web pages hosted by Google sites are being used to trick netizens into opening booby-trapped business documents containing RAT, with common business lures.
- Attackers are launching campaigns in which IceID was switched with QakBot trojan to deliver malicious payloads. The campaign relied on updated XLM macros to distribute the trojan.
- ParkMobile suffered a breach and the account information of 21 million customers was for sale on a Russian-speaking crime forum for $125,000.
- ShinyHunters leaked sensitive information of about 2.5 million Upstox users. the exposed information includes names, dates of birth, email addresses, bank account information, and about 56 million KYC documents stolen from the company’s server.
- APKPure, one of the largest app stores, fell victim to a supply chain attack. Threat actors managed to launch the attack by compromising client version 3.17.18 to deliver malware dubbed Triada.
- More than 500,000 Huawei users were infected with the Joker malware distributed via 10 apps in AppGallery.
- Lazarus APT was found stealing cryptocurrency with a never-before-seen tool - modified JS sniffers. Named Lazarus BTC Changer, this crypto skimmer switches the destination payment address to the threat actor’s BTC address.
- A new malicious package—web-browserify—targeting NodeJS developers was spotted on the npm registry. The package once executed, uses another legitimate npm component, systeminformation, to collect information from the infected systems.
- The new Saint Bot malware was leveraged to drop information stealers and other malware downloaders in targeted campaigns against Georgian government institutions.
- Several new variants of the Android malware family BRATA were found posing as app security scanners on Google Play Store to propagate a backdoor capable of collecting sensitive information.
- NAME:WRECK, a set of nine newly disclosed DNS vulnerabilities, put more than 100 million consumers, enterprises, and industrial IoT devices at risk. These vulnerabilities affect four well-known TCP/IP stacks, IPnet, FreeBSD, Nucleus NET, and NetX.
- A new report revealed that the Facebook data leak incident affected users in Egypt the most. The private details of around 45 million Egyptians have been leaked following the incident.
- Cracked copies of Microsoft Office and Adobe Photoshop are being used to steal browser session cookies and Monero cryptocurrency wallets from users who install the pirated software. The cracked software are distributed via BitTorrent.
Posted on: April 16, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...