The malware is sold as a service and can be obtained through malvertising, fake browser updates, and cracked software installations. It has also been found that the malware is being spread through Discord’s content delivery network.

The National Insurance Board in Trinidad and Tobago has been hit by a ransomware attack, leading to the closure of its offices and limiting its operations for an extended period.

The attack occurred on December 24, 2023, and caused severe disruptions to the hospitals’ IT systems. Investigations are underway to determine the extent of the damage and whether any data was stolen.

The Albanian parliament and a telecom company were targeted by cyberattacks originating from outside Albania. The attacks, which attempted to interfere with infrastructure and delete data, have not been attributed to a specific threat actor.

The newly surfaced DragonForce ransomware gang has claimed responsibility for the attack, stating that they have encrypted devices and stolen data, including personal information of Ohio Lottery customers and employees.

The secret hardware function targeted by the attackers allowed them to bypass advanced memory protections, enabling post-exploitation techniques and compromising system integrity.

SE Labs has warned that multi-factor authentication (MFA) is not foolproof and can be bypassed by attackers using old-school methods such as social engineering, malware, and phishing.

The breached information includes names, contact details, dates of birth, medical and health insurance information, financial account numbers, employment status, and government identifiers.

Companies need to shift their focus from solely addressing threats to proactively mitigating risks by analyzing behaviors and implementing insider risk management solutions.

DDoS attacks have significant consequences, including financial losses, compromised data, and erosion of customer trust. Global events like the Russia-Ukraine war and NATO bids have fueled recent DDoS attack growth.