Cybercrime, Afghanistan and India targeted with commodity RATs
Cisco Talos cybersecurity experts: The attacker, a single actor, deploys a variety of malware, such as DcRAT and QuasarRAT, via diplomatic and humanitarian lures.
Cybercrime, Karma ransomware group exploits the JSWorm legacy
Sentinel Labs cybersecurity experts: The malware seems am evolution of Nemty, Nefilim, Fusion, Milihpen and Gangbang. If victims don’t pay, stolen info finish on a data leak site.
Cybercrime, REvil disappears again after losing control of Tor payment portal and data leak website
The cybersecurity expert Dmitry Smilyanets: The ransomware group went off the radar again, following a message from its element user 0_neday.
Cybercrime, Netwire hides behind the purchase of a property
The email 7z attachment hides an executable inside. This is the malware itself.
Cybercrime, ransomware gangs are under the lens of more than 30 countries
The Ransomware Initiative Meeting members will target the cryptocurrency payment channels used by the groups to finance their operations.
Cybercrime, Yanluowang is a new ransomware used in targeted attacks
Symantec cybersecurity experts: The malware deployment is preceded by a reconnaissance with the AdFind tool. The victims are large organizations.
Cybercrime, Agent Tesla conveyed to Italy by a false order
The email gz attachment contains an exe: the malware itself. Stolen data is exfiltrated via ftp.
Cyber Espionage, IronHusky targets Defense and IT companies with MysterySnail
Kaspersky cybersecurity experts: The Chinese APT exploits the CVE-2021-40449 zero-day vulnerability in the Win32k kernel driver and the malware to escalate privileges.
Cyber Espionage, Iran DEV-0343 targets US-Israeli technology companies
Microsoft cybersecurity experts: The threat actors conducted extensive password spraying against more than 250 Office 365 tenants, included GIS and Persian Gulf ports.
Cybercrime, FontOnLake is a new malware targeting Linux
ESET cybersecurity experts: To collect data or conduct other malicious activity, it uses modified legitimate binaries that are adjusted to load further components.