Share Blog Post
- A new emergency hotline has been launched to tackle the rising financial scams in the U.K. The service will work in a similar way to non-emergency police or NHS services.
- The CISA has launched multiple prevention and detection tools as well as solutions to mitigate the rising risk of insider threats and attacks on VPNs. Additionally, they have released guidance on securing critical assets.
- The Security Service of Ukraine (SSU) experts took down an illegitimate network of call centers located in Lviv following the discovery of a scam. The perpetrators behind this scam used covert channels to get in touch with customers and deceived them in a fraudulent scheme for investing in cryptocurrency.
- A data breach at FarFaria resulted in the leak of 38 GB of data due to a misconfigured MongoDB database.
- Researchers detected several sophisticated cyberespionage campaigns from new threat actor groups, namely Wintervivern and ChamelGang. While the former targeted European governments, the latter was held responsible for attacks on an energy company.
- Around 15 Russian financial organizations were targeted in DDoS attacks between August and September this year. While the attacks were serious, the attackers failed to disrupt the performance of credit institutions.
- Hundreds of bookstores across multiple countries in Europe were crippled following a ransomware attack. The impacted store chains include Libris, Aquarius, Malperthuis, Donner, Atheneum, and Bookhandels.
- The Conti ransomware gang claimed attacks on JVCKendwood by stealing 1.7TB of data. The gang further went on to upgrade its tactic by hiring affiliates to demolish backups.
- Transportation organizations such as Forward Air and Navistar were affected in different security breach incidents that affected the sensitive details of their customers and employees.
- The Nobelium threat actor group has been linked with two new backdoors, dubbed Tomiris and FoggyWeb, that are capable of deploying additional payloads. The Tomiris malware was part of a cyberespionage campaign targeting organizations in Eastern Europe.
- New variants of Mirai botnet and FormBook infostealer, were spotted in different campaigns that exploited zero-day vulnerabilities in RUIJIE routers and Office 365 respectively. DoppelDridex, a variant of Dridex, was also found using Slack and Discord CDNs as channels for propagation. An upgraded version of FinSpy was also found using UEFI bootkit to infect its victims.
- BloodyStealer was used to target gamers in Europe, Latin America, and the Asia-Pacific region in an attempt to steal their login credentials.
- The week witnessed the explosion of several new malware such as PixStealer, MalRhino, and GriftHorse. All these malware have been designed to pilfer banking details of users across the globe.
- The recently discovered BrakTooth flaws were found impacting devices used in the healthcare sector. An exploit of these flaws can lead to a system shutdown to a potential data breach.
- A brand new malware, dubbed Sarwent, was associated with a campaign that pretended to safeguard users from the Pegasus mobile spyware. The campaign impersonated the Amnesty International website to lure users. The Sarwent malware contains the usual abilities of a RAT.
Posted on: October 01, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...