The investigation relied on an international information exchange, the National Bureau of Investigation collaborated with international entities and the Finnish Security and Intelligence Service

Recently, Morphisec Labs identified a significant increase in activity linked to the Mispadu banking trojan. Initially concentrated on LATAM countries and Spanish-speaking individuals, Mispadu has broadened its scope in the latest campaign.

Over the past 90 days, Unit 42 researchers identified two Chinese APT groups conducting cyberespionage activities against entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN).

The Department of Health and Human Services’ recently released budget proposal for fiscal 2025 includes $1.3 billion in financial help, such as grants, for hospitals to invest in cybersecurity over the next several years.

TheMoon is linked to the “Faceless” proxy service, which uses some of the infected devices as proxies to route traffic for cybercriminals who wish to anonymize their malicious activities.

The rapid digital transformation and technological progress within the technology sector have enlarged the attack surface for companies operating in this space, according to Trustwave.

This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge.

Recently, SpiderLabs identified a phishing email with an attached archive that included a Windows executable disguised as a fraudulent bank payment. This action initiated an infection chain culminating in the deployment of Agent Tesla.

Agenda ransomware group uses RMM tools, as well as Cobalt Strike for deployment of the ransomware binary. It can also propagate via PsExec and SecureShell, while also making use of different vulnerable SYS drivers for defense evasion.

The retailer first learned of the security incident on March 4, and concluded that customer information was involved by March 15, the company wrote in an email to customers.