A new ransomware variant named Underground, linked to the Russia-based RomCom group, encrypts files on victims’ Windows machines and demands a ransom for decryption. It has been active since July 2023.
The FBI issued a warning about aggressive social engineering attacks by North Korean hacking groups targeting cryptocurrency firms. The attacks involve deploying malware to steal crypto assets through highly targeted tactics that are hard to detect.
Malicious actors potentially utilized the MacroPack red-teaming framework to distribute harmful payloads like Brute Ratel and Havoc tools, as well as a new version of the PhantomCore remote access trojan.
The highly obfuscated KTLVdoor malware has versions for both Microsoft Windows and Linux, allowing attackers to perform tasks like file manipulation, command execution, and remote port scanning.
The Dutch Data Protection Authority (Dutch DPA) fined Clearview AI $34 million for the illegal creation of a facial image database. If Clearview AI does not comply, an additional fine of up to $5.5 million will be imposed.
The Python-based infostealer collects user information, text files, PDF files, browser data, crypto wallets, game platforms, browser extensions, and cookies. The stolen data is sent via email to the attacker.
According to telemetry data from Trend Micro, Ransomware attacks in Southeast Asia are on the rise in 2024, with major incidents in countries like Thailand, Japan, South Korea, Singapore, Taiwan, and Indonesia.
VMware has patched a high-severity code execution flaw in its Fusion hypervisor. The vulnerability, tracked as CVE-2024-38811, is caused by an insecure environment variable.
The latest version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS) has introduced key changes to address the evolving digital landscape. While some requirements are already in effect, others will come into play by April 2025.
Ransomware groups are increasingly weaponizing stolen data to pressure victims into paying. They analyze data to maximize damage and create opportunities for extortion, targeting business leaders and employees for blame.