"New MedusaLocker Ransomware Variant Deployed by Threat Actor"

"New MedusaLocker Ransomware Variant Deployed by Threat Actor"

According to security researchers at Cisco Talos, a financially-motivated threat actor has been observed targeting organizations globally with a MedusaLocker ransomware variant.  Known as “BabyLockerKZ,” the variant has been around since at least late 2023, and this is the first time it has been specifically called out as a MedusaLocker variant.  The researchers noted that this variant uses the same chat and leak site URLs as the original MedusaLocker ransomware.

Submitted by Adam Ekwall on

"LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort"

"LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort"

New international law enforcement actions have resulted in four arrests and the takedown of nine servers linked to the "LockBit" ransomware operation. According to Europol, the arrests included a suspected LockBit developer in France, two people in the UK believed to have supported an affiliate, and an administrator of a bulletproof hosting service in Spain used by the LockBit ransomware group. Authorities unmasked a Russian national named Aleksandr Ryzhenkov as one of the high-ranking Evil Corp cybercrime group members while also outing him as a LockBit affiliate.

Submitted by Gregory Rigby on

"Private US Companies Targeted by Stonefly APT"

"Private US Companies Targeted by Stonefly APT"

Symantec threat analysts warns that the North Korean Advanced Persistent Threat (APT) group "Stonefly," also known as "APT45," continues to target US companies despite an indictment. Stonefly is linked to the Reconnaissance General Bureau (RGB), a North Korean military intelligence agency. Mandiant's threat analysts previously noted that APT45 relies on publicly available tools such as "3PROXY," malware modified from publicly available malware, and custom malware families. This article continues to discuss key findings regarding Stonefly. 

Submitted by Gregory Rigby on

"Linux Malware '"Perfctl'" Behind Years-Long Cryptomining Campaign"

"Linux Malware '"Perfctl'" Behind Years-Long Cryptomining Campaign"

For at least three years, the Linux malware named "perfctl" has targeted Linux servers and workstations, evading detection with rootkits. According to Aqua Nautilus researchers, the malware likely targeted millions of Linux servers in recent years, possibly infecting several thousands. The perfctl malware is mainly deployed for cryptomining as compromised servers have been used to mine the Monero cryptocurrency, but the malware could easily be used for more harmful operations. This article continues to discuss findings regarding the perfctl Linux malware.

Submitted by Gregory Rigby on

"MITRE Adds Mitigations to EMB3D Threat Model"

"MITRE Adds Mitigations to EMB3D Threat Model"

MITRE has announced the full release of the "EMB3D Threat Model," which now maps essential mitigations to security controls outlined in the Industrial Automation and Control Systems standard. EMB3D, announced in December 2023 and released in May 2024, provides information regarding cyber threats faced by embedded devices in critical infrastructure and other industries. The framework, aligned with CWE, ATT&CK, and CVE threat models, helps asset owners, operators, vendors, and security researchers secure embedded devices.

Submitted by Gregory Rigby on

"Email Phishing Attacks Surge as Attackers Bypass Security Controls"

"Email Phishing Attacks Surge as Attackers Bypass Security Controls"

According to Egress, email phishing attacks increased 28 percent in the second quarter of 2024 compared to the first quarter, with attackers using effective methods to defeat defenses. Attackers often send phishing emails from familiar accounts to get around authentication protocols. From April to June 2024, 44 percent of attacks came from internally compromised accounts, with 8 percent coming from an account within the organization's supply chain. This article continues to discuss findings surrounding the surge in email phishing attacks.

Submitted by Gregory Rigby on

"Microsoft and US Government Disrupt Russian Star Blizzard Operations"

"Microsoft and US Government Disrupt Russian Star Blizzard Operations"

Microsoft and the US government have seized more than 100 websites used by the Russian nation-state threat actor "Star Blizzard." A US court authorized Microsoft's Digital Crimes Unit (DCU) to disrupt 66 unique domains used by Star Blizzard to attack Microsoft customers. The US Department of Justice (DoJ) seized 41 more domains linked to the same actor. Star Blizzard may build new infrastructure, but the seizure of these domains will hinder its ability to influence the November US election. This article continues to discuss the disruption of Star Blizzard operations.

Submitted by Gregory Rigby on

"Adobe Commerce Flaw Exploited to Compromise Thousands of Sites"

"Adobe Commerce Flaw Exploited to Compromise Thousands of Sites"

Sansec reports that multiple threat actors compromised over 4,000 online stores through the exploitation of a critical Adobe Commerce vulnerability named "CosmicSting." The vulnerability is an improper restriction of XML external entity reference (XXE). Adobe released a hotfix for the bug in July, warning of its exploitation in limited attacks, and the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities (KEV) list.

Submitted by Gregory Rigby on

"Pig Butchering Trading Apps Found on Google Play, App Store"

"Pig Butchering Trading Apps Found on Google Play, App Store"

Security researchers at Group-IB have discovered fake trading apps on Google Play and Apple's App Store that lure victims into "pig butchering" scams.  After being reported, the apps have been removed from the official Android and iOS stores after accumulating several thousand downloads.  Pig butchering is a scam where a victim is led to believe they are getting high investment returns on a fake trading platform that displays fabricated information.

Submitted by Adam Ekwall on
Subscribe to