The Tor payment portal and data leak site of REvil was sent to oblivion after an unknown hacker using the same private keys hijacked the group’s domains. This is the second time that REvil has shut down its operations. Still, organizations should stay protected from such threats by keeping a reliable backup and adopting proactive […]
The Centre for Computing History (CCH) in Cambridge, England, has apologised for an “embarrassing” breach in its online customer datafile, though thankfully no payment card information was exposed.
The 100GB trove found by the researchers contained 500 million records, including PII on one million users and system data on 300,000 customers. WizCase said that the server has yet to be secured.
The lesser-known Lyceum APT seems to be on a mission to gain a foothold with its re-appearance. The gang has been associated with an attack campaign launched against entities in Tunisia. Similarities between Lyceum and the infamous DNSpionage campaign, a cluster of activity linked to the OilRig, have also been observed.
Packers work by compressing or encrypting code to make that code unreadable and non-debuggable — resulting in ‘obfuscated’ code that is difficult for antivirus to detect.
Symantec uncovered a new strain of ransomware, dubbed Yanluowang, targeting virtual machines in enterprises. The attackers behind the ransomware have used the genuine AdFind command line Active Directory query tool. Hackers further warned not to approach law enforcement for help.
Morphisec Labs unearthed a new MirrorBlast campaign aimed at financial services across Canada, the U.S., Europe, Hong Kong, and others. The campaign has an uncanny resemblance to the Russia-based TA505 group. Organizations must protect themselves with adequate protection solutions, such as anti-phishing solutions and making use of TTPs to detect and stop the malware.
Experts found a PoC exploit for a macOS Gatekeeper bypass flaw that was being exploited in the wild. Tracked as CVE-2021-1810, the vulnerability exploits the way in which Archive Utility handles file paths in MacOS systems. If any malware bypass this, it could be a massive compromise for a targeted system.
Sentinel Labs found evidence of Karma ransomware being just another evolutionary step in the strain that started as JSWorm, became Nemty, then Nefilim, Fusion, Milihpen, and most recently, Gangbang.
Tracked as CVE-2021-41556, the issue occurs when a game library referred to as Squirrel Engine is used to execute untrusted code and affects stable release branches 3.x and 2.x of Squirrel.