Share Blog Post
- Europol detained 23 suspects accused of defrauding companies of more than $1.2 million in multiple BEC scams across 20 countries. Meanwhile, German authorities nabbed four cybercriminals for swindling millions of euros from novice investors through fake websites.
- The U.S. Senate set aside more than $1.9 billion in cybersecurity funds for state and local governments to strengthen their cybersecurity posture and help organizations defend themselves.
- The CobaltSpam tool developed by Mario Henkel can flood Cobalt Strike servers with fake beacons to debauch the internal databases of compromised systems. This would prevent attackers from differentiating real and fake infections.
- An unhappy affiliate linked to the Conti ransomware gang leaked confidential information—screenshots of IP addresses, instructions and training material for new recruits, and how-to guides—on an underground forum.
- Researchers presented a scheme—Pretty Good Phone Privacy—that can hide users’ locations from carriers with just a software upgrade.
- Waste Management Resources disclosed unauthorized access into its network that exposed healthcare information—social security numbers, dates of birth, and bank account numbers—of current and former employees and their dependents.
- A ransomware attack on St. Joseph’s/Candler laid bare the protected healthcare information for both staff and patients. Victims have been informed.
- Game developer and publisher Crytek alerted its customers about an Egregor ransomware attack that occurred in October 2020. Criminals leaked the stolen personal data of customers on its leak site.
- DeFi protocol and network Poly Network lost more than $600 million in a massive cryptocurrency heist. Hackers reportedly reversed more than $4,772,000 worth of assets in less than 24 hours. However, a majority of the funds have been returned to the firm.
- A Chinese cyberespionage group, dubbed UNC215, impersonated Iranian threat actors to target Israeli organizations in a campaign that began in January 2019.
- The Joplin City government paid $320,000 in ransom to a ransomware group that briefly impacted the city’s COVID-19 dashboard, online utility payments, and court functions.
- Security researchers reported a fake version of the Briansclub[.]com carding shop that was using a similar domain to lure users. The fake website was siphoning off the funds deposited by cybercriminal users of the infamous carding shop.
- Flashpoint experts suggest AlphaBay, which used to be the largest darknet marketplace and community, could be returning after four years of hiatus.
- The sale of fake COVID-19 vaccine cards has ramped up on the dark web, with most of the sales from the Netherlands, Switzerland, Greece, France, and Italy.
- SentinelOne warned against a new AdLoad malware variant that bypasses Apple's YARA signature-based XProtect built-in antivirus tech to infect macOS. The malware variant is connected with an ongoing attack campaign active since November 2020.
- An under-construction malware Chaos is available for testing - as per the advertisements on dark web forums. While it claims to be a ransomware, Chaos is actually a wiper.
- A new smishing scam is mimicking the international delivery company DPD. The scam is convincing and attempts to entice victims into giving away their payment information and other personal details.
- AllWorld Cards, a new criminal carding marketplace, is being promoted by a threat actor who published a million credit cards stolen between 2018 and 2019. As per a ransom sampling of 98 cards, 27% of them were still active.
- IISpy, a previously undocumented backdoor, is capable of evading detection, disrupting the server’s logging in, and conducting long-term cyberespionage.
- A new strain of the eCh0raix ransomware is targeting Synology NAS and QNAP NAS devices. Findings until June suggest that the gang has earned quite a decent amount of ransom from Small Office and Home Office (SOHO) users.
- The Iran-linked ITG18 threat actor deployed an Android backdoor to pilfer confidential information from at least 20 Iranian reformists. The campaign was active between August 2020 and May 2021 and used LittleLooter, a previously undocumented malware.
- A new malvertising campaign by the Water Kappa group attempts to steal the banking credentials of Japanese targets using a rebranded version of Cinobi banking trojan.
- FlyTrap, a new Android trojan packaged under fraudulent apps, reportedly compromised Facebook accounts of more than 10,000 users in at least 144 countries since March 2021.
- Virtual meetings, such as Zoom, Microsoft Teams, and Skype, can fall prey to an exotic attack named Glowworm. This enables threat actors to eavesdrop on confidential conversations by measuring the LED power light changes in an audio output device and converting them to audio reproductions.
Posted on: August 13, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...