Share Blog Post
- INTERPOL detained a hacker known as Dr. Hex in underground marketplaces, under its Operation Lyrebird. The accused was involved in attacks on 134 websites from 2009–2018 across multiple regions.
- ENISA highlighted 12 high-level recommendations for SMEs on how to fortify the security infrastructure of their businesses.
- A Texan resident was sentenced to more than seven years of prison stay for being a part of business and romance scams since at least 2015. The scams made a profit of $2.2 million for the culprit.
- The Japanese Ministry of Defense announced plans to onboard at least 800 cybersecurity staff by the end of March 2022 to help defend against increasingly sophisticated attacks.
- Threat actors stole over $350,000 from users in a widespread scam involving over 170 fake mobile apps. These apps—BitScams and CloudScams—promised to perform cryptocurrency mining on behalf of subscribers.
- Microsoft’s released an out-of-band security update for the PrintNightmare vulnerability. While researchers initially claimed that the patches do not completely fix the issues, Microsoft clarified that the issue was correctly addressed.
- A ransomware attack on Wiregrass Electric Cooperative temporarily blocked the customers from accessing their account information.
- A misconfigured database at Northwestern Memorial HealthCare (NMHC) providers exposed the private medical information of patients. Unknown threat actors gained access to the database owned by Elekta and stole patients’ names, dates of birth, social security numbers, health insurance information, and medical record numbers.
- A hacker leaked confidential data from the Twitter-like social media platform GETTR. The data—users’ email addresses, birth years, and locations—was dumped on the RAID hacking forum.
- About 1,500 firms worldwide may have been affected by the REvil ransomware attack that compromised Kaseya’s cloud-based RMM platform. The Kaseya ransomware attack is now being used to launch a malspam campaign that drops Cobalt Strike.
- Users of Android and iOS versions of the Formula 1 racing app received an unexpected notification on the Austrian Grand Prix after a hacker hijacked the app.
- A global cryptojacking scheme that targeted over 1,300 organizations was recently revealed. It targeted organizations in the health, tourism, media, and education sectors in the U.S., Vietnam, and India.
- Morgan Stanley confirmed the compromise of the personal information of some of its clients as a third-party vendor was breached in the Accellion FTA service.
- A leading U.S. insurance company CNA Financial Corporation notified customers of a data breach due to an attack by the Phoenix CryptoLocker ransomware in March. Data—names and social security numbers—of 75,349 individuals were compromised.
- A new malware called Bandidos, an upgraded variant of Bandook malware, is part of an ongoing espionage campaign that targets corporate networks in Spanish-speaking countries. It is disseminated via phishing emails containing a malicious PDF attachment.
- The WildPressure APT group resurfaced with new versions of Milum trojan for both Windows and macOS systems. Dubbed as Guard and Tandis, the trojans enable the threat actors to gain remote control of the compromised device.
- The SideCopy cyberespionage group is propagating several custom RATs to target Indian government officials. The malware used by the group include CetaRAT, DetaRAT, ReverseRAT, MargulasRAT, njRAT, Allakore, ActionRAT, Lilith, and Epicenter RAT.
- Lazarus APT launched a new attack campaign against job applicants and employees across the U.S. and Europe. The campaign is carried out via phishing emails that lure victims with job opportunities at Boeing and BAE systems.
- Zloader has been found to be implementing a new infection technique that has no malicious code embedded in the initial attached macro.
- Scammers are now impersonating customers contacting live-chat agents and luring them into opening malicious attachments. This is yet another addition to various phishing schemes.
- Two new spam campaigns are deploying the Qbot and IcedID banking trojans.
Posted on: July 09, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...