Share Blog Post
- The U.S. DOJ seized two C&C and malware distribution domains that were used as part of a recent phishing attack against the U.S. Agency for International Development (USAID).
- IBM announced a $3 million grant to U.S. public K-12 schools to help school officials bolster their defenses while proactively responding to cyberattacks, especially by ransomware operators.
- Under its Operation HAECHI-I, Interpol claimed to intercept $83 million in funds from being transferred from victims' accounts to the attackers behind various financial cybercrimes.
- The U.S. Department of Justice announced to elevate investigations of ransomware attacks to a similar priority as terrorism in the wake of the recent attacks on critical infrastructure and government agencies.
- Microsoft brought together 15 policy makers across seven Asia Pacific markets, including South Korea, Singapore, Indonesia, to enable threat intelligence sharing amongst their respective public sectors.
- An unprotected Elasticsearch database caused AMT Games to accidentally leak profiles of nearly six million players associated with the “Battle for the Galaxy” game. The database contained 1.5TB of data.
- A misconfigured database, containing names, IP addresses, and payment information of the customers, belonging to DDoS-Guard was put on sale on a cybercrime forum. The entire set is being auctioned off at a starting price of $350,000.
- The FBI held the Sodinokibi ransomware group responsible for the attacks on JBS Foods. The attack impacted production plants located in the U.S., Australia, and Canada.
- Google ads are being infected with malicious packages of AnyDesk, Dropbox, and Telegram apps to distribute Redline, Taurus, Tesla, and Amadey trojans.
- The Swedish Public Health Agency shut down SmiNet after being the target of several hacking attempts. No evidence of unauthorized parties accessing sensitive information has been found so far; investigation ensues.
- A subscribe-unsubscribe spam campaign is making the rounds, attempting to confirm valid email accounts that can used in future phishing and spam campaigns. These emails ask the recipients to subscribe or unsubscribe from an unnamed service.
- A Walmart phishing campaign is underway that attempts to steal users’ personal information. The ultimate goal of the campaign is to collect information to conduct identity theft attacks.
- The U.K’s largest independent furniture retailer, Furniture Village, confirmed being hit by a cyberattack. Backend systems, including delivery, phones, and payments systems, still suffer outage.
- The Steamship Authority, Massachussets’ largest ferry service, was hit by a ransomware attack, disrupting some operations.
- UF Health Central Florida witnessed a blow to its IT network caused due to a ransomware attack. UF Health The Village Hospital and UF Health Leesburg Hospital are incapable of accessing their computer systems and email because of the attack.
- An ongoing spear-phishing campaign associated with a China-based APT group has been uncovered by researchers. The campaign is targeting the Ministry of Foreign Affairs in a Southeast Asian nation using an unknown backdoor named SharpPanda.
- The Necro Python botnet got its functionalities updated with new exploits and mining abilities. It targets Linux-based and Windows operating systems.
- TheNobelium threat actor group is using a new poisoned update installer in its latest wave of attacks.
- A new attack technique dubbed Cut-and-Mouse and Ghost Control can be used to bypass ransomware defense in antivirus solutions. Researchers demonstrated that these twin attacks leverage security weaknesses in popular software applications and can enable attackers to takeover applications.
- Prometheus and Grief are two emerging ransomware groups to have joined the data extortion game. While the former has ensnared data of 27 organizations, including that of some Mexican government agencies, the latter has affected five firms.
- A new campaign is propagating TeaBot and FluBot banking trojans on Android phones. The trojans can perform various keylogging activities, steal Google Authentication codes, intercept messaging, and even take control of devices.
- A new backdoor dubbed Facefish can allow attackers to take over Linux systems and steal sensitive data. It targets Linux x64 systems and can drop multiple rootkits at different times.
- A new ransomware named Epsilon Red, similar to the REvil ransomware, targeted a U.S. company in the hospitality sector. Written in Golang, the ransomware is distributed via unpatched Microsoft Exchange servers.
Posted on: June 04, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...