Share Blog Post
- The Tor payment portal and data leak site of REvil was sent to oblivion after an unknown hacker using the same private keys hijacked the group’s domains. The hacked server now leads to some other services.
- Trustwave has made a BlackByte decryptor available for download at GitHub. This Windows-based ransomware takes advantage of the double extortion technique after targeting its victims.
- The Dutch Police detained nine bank help desk fraudsters for targeting and stealing money from elderly people via phone calls. The investigators, further, froze the cryptocurrency assets belonging to the suspects.
- Eight suspects were arrested by the South African Police Service for stealing and laundering more than $6.85 million from the victims of online romance scams.
- Twitter suspended two accounts that were a part of a long-lived DPRK cyberespionage campaign operated by North Korean government hackers. The accounts redirected security researchers to malicious websites to infect them with malware.
- High-profile YouTube creators were targeted with cookie-theft malware in phishing attacks, wherein hackers offered them fake collaboration opportunities. The campaign went on for two years.
- LightBasin, an alleged Chinese hacker group, infiltrated at least 13 telecommunication companies around the globe and accessed call records and messages.
- Data pertaining to at least one million users of Quickfox VPN was left open to the internet due to an unprotected Elasticsearch storage blob. The 100GB data trove contained 500 million sensitive records, including system data on 300,000 customers and PII of a million users.
- The AvosLocker ransomware gang claimed to have breached Taiwanese company Gigabyte. The group has leaked some samples that, allegedly, belong to the victim firm.
- The CISA, FBI, and NSA released a joint advisory that warns critical infrastructure entities—including two U.S. food and agriculture sector organizations—against BlackMatter ransomware intrusions.
- The Argentinian Interior Ministry was targeted by a cybercriminal who pilfered ID card details for the entire population, including the country’s President and other political figures, journalists, and soccer personalities Lionel Messi and Sergio Aguero.
- After the attack on Acer India, the company announced that Acer Taiwan also suffered an attack. As per the company, this attack doesn’t involve any exposure to customer data.
- Health Insurance company Anthem’s vendor PracticeMax and UMass Memorial Health disclosed the PHI and other data of its members and employees in different cyberattacks.
- University Hospital Newark disclosed that the sensitive personal and medical records of 9,329 individuals were illegally accessed by a former employee for over a year.
- A malware campaign in South Korea is propagating RATs impersonating as an adult game. The malware is being spread through torrents and webhards.
- A new espionage campaign was associated with TA551. The threat actor was found relying on email threads to target its victims and using a legitimate open-source tool called Sliver.
- The new MirrorBlast malware was spotted in a phishing campaign linked with the TA505 and PYSA groups.
- Three malicious npm packages—klow, klown, and okhsa—were downloaded 150 times before being removed. They were running cryptocurrency malware on Windows and Linux systems.
- Researchers at Texas A&M University and the University of Florida discovered Gummy Browsers, a new fingerprint capturing and browser spoofing attack.
- Southeast Asia was rifled by a new espionage campaign that targeted defense, healthcare, and ICT sectors. The campaign began in September 2020 and ran at least until May this year.
- In a new analysis, Karma ransomware and Nemty variants were found to possess similarities, including the exclusion of extensions and folders and the presence of debug messages.
- Cryptojacking group TeamTNT was spotted hosting malicious container images in Docker Hub to install basic utilities and scanning tools Zgrab and masscanner to target more machines for cryptomining.
- Academics from universities developed a new attack technique, dubbed SmashEx, that runs into Intel SGX and can allow adversaries to steal confidential data from Intel CPUs.
- Symantec reported a hitherto unknown nation-state actor, Harvester, whose target is South Asian telecom providers, IT firms, and government entities.
- Proofpoint unmasked a mass volume email attack by the TA505 group that delivers a new version of the FlawedGrace RAT across a wide range of industries.
Posted on: October 22, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...