The Week in Ransomware – April 28th 2023 – Clop at it again
It has been a very quiet week for ransomware news, with only a few reports released and not much info...
News
Cold storage giant Americold outage caused by network breach
Americold, a leading cold storage and logistics company, has been facing IT issues since its network was breached on Tuesday...
US-CERT Vulnerability Summary for the Week of April 17, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets
Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer (or AMOS)...
Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now
Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited...
Why Your Detection-First Security Approach Isn’t Working
Stopping new and evasive threats is one of the greatest challenges in cybersecurity. This is among the biggest reasons why...
ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection
A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have...
Attention Online Shoppers: Don’t Be Fooled by Their Sleek, Modern Looks — It’s Magecart!
An ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive...
Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions
South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned...
New Atomic macOS info-stealing malware targets 50 crypto wallets
A new macOS information-stealing malware named 'Atomic' (aka 'AMOS') is being sold to cybercriminals via private Telegram channels for a...
Linux version of RTM Locker ransomware targets VMware ESXi servers
RTM Locker is the latest enterprise-targeting ransomware operation found to be deploying a Linux encryptor that targets virtual machines on...
A ‘!password20231#’ password may not be as complex as you think
Modern IT system administrators know the importance of maintaining a strong password policy. In this article, we'll explore the evolution...
Android Minecraft clones with 35M downloads infect users with adware
A set of 38 Minecraft copycat games on Google Play infected devices with the Android adware 'HiddenAds' to stealthily load...
Microsoft: Clop and LockBit ransomware behind PaperCut server hacks
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to...
US-CERT Vulnerability Summary for the Week of April 17, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan
A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services,...
Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers
Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based...
Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware
Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p...
LimeRAT Malware Analysis: Extracting the Config
Remote Access Trojans (RATs) have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent...
RTM Locker’s First Linux Ransomware Strain Targeting NAS and ESXi Hosts
The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's...
Chinese hackers use new Linux malware variants for espionage
Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented...
Google disrupts the CryptBot info-stealing malware operation
Google is taking down malware infrastructure linked to the Cryptbot info stealer after suing those using it to infect Google Chrome users...
Thousands of Apache Superset servers exposed to RCE attacks
Apache Superset is vulnerable to authentication bypass and remote code execution at default configurations, allowing attackers to potentially access and...
PrestaShop fixes bug that lets any backend user delete databases
The open-source e-commerce platform PrestaShop has released a new version that addresses a critical-severity vulnerability allowing any back-office user to...
