Share Blog Post
- The U.S. Department of Justice announced plans to build up a new task force to tackle the underlying causes behind the rise in ransomware attacks and disrupt their operations running globally.
- The U.K. NCSC released a free cybersecurity training package for teachers and staff to help them mitigate cyber threats while demonstrating case studies for a better understanding of the impact of cyber incidents.
- The U.S. Department of Energy, CISA, and the electricity sector are working on a 100-day plan to strengthen the cybersecurity posture of electric utilities, ICS, and the energy supply chain.
- Login credentials for 1.3 million current and previously compromised Windows Remote Desktop servers were leaked on the UAS dark web market.
- The REvil ransomware gang stole massive amounts of data—large quantities of confidential drawings and gigabytes of personal data— from Apple, Dell, HPE, Lenovo, and Cisco.
- A misconfigured database leaked names, addresses, phone numbers, social security numbers, and account numbers of Eversource Energy customers.
- Bloomberg employees are being impersonated by hackers with the motive to install RAT on target computers. The phishing campaign has, reportedly, been active since 2020 and utilizes the NanoCore tool.
- Investigation of the Codecov system breach revealed that it is linked to the SolarWinds attack, attributed to the Russian Foreign Intelligence Service (SVR).
- A large-scale scam campaign, with an aim to pilfer login credentials from users, was discovered targeting Facebook Messenger users in over 80 countries.
- Google Alerts is still being abused for scams and malware by redirecting users to fake adult sites, fake dating apps, sweepstake scams, and unwanted browser extensions. Such attacks are launched by sending fake Google Alert URLs to unsuspicious users.
- A hacker was spotted selling approximately 50GB of sensitive data stolen from OTP-generating companies, including Google, Facebook, Amazon, Emirates, Apple, Microsoft, Signal, Telegram, and Twitter.
- The WhatsApp Pink malware has now been updated to automatically respond to Signal, Telegram, Viber, and Skype messages. The malware is distributed via a fake version of WhatsApp claiming to be pink-themed.
- The new Pareto botnet has been found infecting a massive number of Android devices to conduct fraud in the internet TV advertising ecosystem. It works by spoofing signals within malicious Android mobile apps to impersonate consumer TV streaming products running Fire OS, tvOS, Roku OS, and other prominent platforms.
- Telegram is used yet again to distribute the ToxicEye RAT. The malware is capable of taking over file systems, installing ransomware, and leaking data from victim systems.
- Prometei botnet is the latest malware to have jumped onto the ProxyLogon wagon and can allow threat actors to mine cryptocurrency.
- A newly discovered zero-day authentication bypass vulnerability found in Pulse Connect Secure gateway is currently being exploited in the wild. Tracked as CVE-2021-22893, the flaw has been linked with UNC2603 and UNC2717 threat actors against different government and law enforcement agencies.
- An infostealer named Ficker is being propagated via fake Microsoft Store, Spotify, and FreePdfConverter apps. Using this malware, attackers can steal saved credentials in web browsers, desktop messaging clients (Pidgin, Steam, Discord), and FTP clients.
- A new ransomware called NitroRansomware encrypts victims’ files and demands a Discord Nitro gift code to decrypt files. It is distributed as a fake tool stating it can generate free Nitro gift codes.
- The latest variant of XCSSET Mac malware comes with the functionality of stealing confidential information from cryptocurrency apps.
- A text message scam is making the rounds in the U.K. The message pretends to be from a package delivery firm and urges Android users to download a tracking app that is actually the new Flubot spyware.
Posted on: April 23, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...