Share Blog Post
- Operators behind the Fonix ransomware shut down their operation and released the master decryption key for free to the infected users.
- A coordinated law enforcement operation successfully shut the shop for ValidCC, a dark web marketplace involved in trading stolen payment card data for more than six years.
- IBM announced to offer $3 million in grants to six school districts in the U.S. to help them prepare for and defend against cyberattacks.
- As part of efforts to addressing account takeovers by OGUsers, Twitter, Instagram, TikTok, and other platforms are reclaiming the hordes of stolen accounts and sending cease and desist letters to the hackers.
- The UK Research and Innovation (UKRI) is dealing with a ransomware attack that encrypted data and impacted two of its services.
- British services business Serco has been hit by the Babuk Locker ransomware, impacting the firm’s European operations. The ransomware operators have further claimed to copy more than 1TB of data after hacking the network for about three weeks.
- The data of 3.2 million DriveSure clients was available on Raidforums hacking forum late last month. The information exposed included names, addresses, phone numbers, email addresses, IP addresses, car makers, car service records, dealership records, and car models.
- Washington’s State Auditor office has suffered a data breach that exposed the personal information of 1.6 million employment claims. Threat actors exploited a vulnerability in a file transfer service from Accellion to breach the data.
- An unsecured Microsoft Azure blob was found leaking images of hundreds of passports and identity documents of journalists and volleyball players from around the world.
- Spotify suffered another credential-stuffing attack in a span of three months. Experts surmise more than 100,000 customers could face account takeover.
- Estate agent Foxtons Group is under pressure due to a data leak incident. Reports claim that thousands of customer card and personal details have been uploaded to a dark web site.
- Oxfam Australia has launched an investigation after its customer database containing 1.7 million customer details and donor information was put on sale on the dark web.
- A mysterious hacking group has targeted BigNox, a company that makes the NoxPlayer Android emulator, in a highly-targeted supply chain attack.
- A malicious Home Depot advertising campaign has been found redirecting Google Search visitors to tech support scams.
- Researchers have spotted a new component of the Trickbot malware that performs local network reconnaissance. Named masrv, the component enables threat actors to send a series of Masscan commands to scan the local networks for the further infection process.
- A malware backdoor named Kobalos has been attacking Linux supercomputers, as well as several privately held servers in North America, Europe, and Asia.
- The Babyk ransomware operators have launched a new data leak site to publish victim’s stolen data as part of a double extortion strategy.
- New details have emerged about malicious extensions for Chrome and Edge browsers. These extensions collectively called CacheFlow were found hijacking clicks to links in search result pages to redirect unsuspecting users to phishing sites and ads.
- A new version of Agent Tesla is targeting Microsoft’s Anti-Malware Software Interface (AMSI) to avoid detection. The new version also has an added capability of deploying a Tor client.
- Matryosh is a new variant of the Mirai botnet that is primarily designed to launch DDoS attacks. Research claim that the botnet’s command format and its use of TOR C2 are highly similar to that of another botnet called LeetHozer.
- The TeamTNT threat actor group is deploying a new Hildegard malware in a new cryptojacking operation. The campaign targets Kubernetes clusters to gain initial access.
- A new way to perform an XS-Leak side-channel attack has been disclosed. The new side-channel attack leverages browser and extension vulnerabilities to trigger cross-site leaks.
- Scammers are now targeting Discord servers to send private messages to users in a new cryptocurrency giveaway scam. The messages appear to be from new, upcoming cryptocurrency exchanges and promise free Bitcoin or Ethereum.
Posted on: February 05, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...