Pareto Botnet, million infected Android devices conduct fraud in the CTV ad ecosystem
Researchers from Human Security have uncovered a huge botnet of Android devices being used to conduct fraud in the connected...
threatintel
Trend Micro flaw actively exploited in the wild
Cybersecurity firm Trend Micro revealed that a threat actor is actively exploiting a flaw, tracked as CVE-2020-24557, in its antivirus solutions...
Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang
During an undercover interview, a CyberNews researcher tricked ransomware operators affiliated with Ragnar Locker into revealing their ransom payout structure,...
WhatsApp Pink malware spreads via group chat messages
A WhatsApp malware dubbed WhatsApp Pink is able to automatically reply to victims’ Signal, Telegram, Viber, and Skype messages. A WhatsApp...
Phone House España – 5,223,350 breached accounts
In April 2021, the Spanish retailer Phone House allegedly suffered a ransomware attack that also exposed significant volumes of customer...
FBI face recognition trawl finds Capitol rioter via his girlfriend’s Instagram
Facial recognition tech is in the news again after the FBI discovered the identify of one of the Capitol rioters...
Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild
Pulse Secure has alerted customers to the existence of an exploitable chain of attack against its Pulse Connect Secure (PCS)...
Microsoft Fixes LPE Vulnerability Impacting Windows 7 and Server 2008
Microsoft quietly patched a local privilege escalation (LPE) flaw that affects both Windows 7 and Server 2008 R2 computers. This...
Lazarus E-Commerce Attackers Adapt Web Skimming for Stealing Cryptocurrency
Cybercriminals with apparent ties to North Korea that hit e-commerce shops in 2019 and 2020 to steal payment card data...
Sweden accused Russia of a hacking attack on the Confederation of Sports
The Swedish Prosecutor's Office and the Swedish State Security Service accused Russia's Main Intelligence Directorate of a hacking attack on...
SOCTA: Here’s a Quick Look into the Report by Europol
The Serious Organized Crime Threat Assessment study 2021 by Europol summarises the criminal threat from the last four years and...
Chinese WeChat Users Targeted by Attackers Using Recent Chromium Bug
According to a local security firm, a Chrome exploit published online last week has been weaponized and exploited to target...
Targeted Malware Reverse Engineering Workshop follow-up. Part 2
If you have read our previous blogpost “Targeted Malware Reverse Engineering Workshop follow-up. Part 1“, you probably know about the...
Dnspeep – Spy On The DNS Queries Your Computer Is Making
dnspeep lets you spy on the DNS queries your computer is making. Here's some example output: $ sudo dnspeepquery name...
Overlord – Overlord – Red Teaming Infrastructure Automation
Overlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user...
REvil ransomware gang recommends that Apple buy back its data stolen in Quanta hack
The REvil ransomware operators are attempting to blackmail Apple after they has allegedly stolen product blueprints of the IT giant...
3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited
Security vendor SonicWall has addressed three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. SonicWall is warning its customers...
China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors
At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the...
Hacking a X-RAY Machine with WHIDelite & EvilCrowRF
The popular cyber security expert Luca Bongiorni demonstrated how to hack an X-Ray Machine using his WHIDelite tool. Recently I...
Critical update: Facebook Messenger users hit by scammers in over 80 states
Researchers from security firm Group-IB have detected a large-scale scam campaign targeting Facebook Messenger users all over the world. Group-IB...
FIN7 sysadmin behind “billions in damage” gets 10 years
In 2018 three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe were arrested and taken...
CodeCov supply-chain compromise likened to SolarWinds attack
CodeCov, a company that creates software auditing tools for developers, was recently breached (the company says it was breached on...
Interview with a bug bounty hunter: Youssef Sammouda
Behind the scenes there are many people working in cyber-security that make the internet a safer place. Youssef Sammouda is...
Fake Microsoft Store, Spotify Distribute Malware to Steal User Data
Attackers are promoting sites that imitate the Microsoft Store, Spotify, and an online document converter to spread malware that steals...
