CloudSEK discovered that fake Pegasus spyware source code is being sold on the dark web, surface web, and instant messaging platforms. Researchers at CloudSEK searched the clear and dark web for spyware threats after Apple warned about "mercenary spyware" attacks. Many of the nearly 25,000 analyzed Telegram posts claimed to sell authentic Pegasus source code, a spyware strain commercialized by the Israeli company NSO Group. Most of the posts offered illegal services, often mentioning Pegasus and NSO tools.

The new ransomware strain "ShrinkLocker" creates a boot partition to encrypt corporate systems with Windows BitLocker. ShrinkLocker, which shrinks non-boot partitions to create the boot volume, has targeted a government agency and vaccine and manufacturing companies. This article continues to discuss findings regarding the new ShrinkLocker ransomware.

By dgoff

A new infostealer malware campaign called "Gipy" targets users in Germany, Russia, Spain, and Taiwan with phishing lures regarding an Artificial Intelligence (AI) voice changer. Gipy malware, which emerged in early 2023, allows attackers to steal data, mine cryptocurrency, and install additional malware. In this case, threat actors promise victims a legitimate AI voice-altering app. The app works as promised after installation, while Gipy malware is delivered in the background. When Gipy is run, password-protected malware from GitHub is launched.

According to the cybersecurity company Rapid7, software vulnerabilities in a Hyundai Motor app that lets cars be started remotely made them vulnerable to hackers for three months before the company fixed the bug in March. Rapid7 research director Tod Beardsley said Hyundai's December 8, 2016 update to its Blue Link mobile app allowed car thieves to locate, unlock, and start vulnerable vehicles. This article continues to discuss the potential exploitation and impact of the vulnerabilities in the Hyundai app. 

"Storm-0539," also known as "Atlas Lion," is a Moroccan cybercriminal group that compromises retailers and creates fake gift cards. Microsoft detailed the group's tactics, techniques, and procedures (TTPs), which show their reconnaissance skills, cloud environment use, and cost-cutting. Microsoft analysts noted that Storm-0539's ability to breach and create cloud-based attack infrastructure saves them upfront costs. The group poses as a legitimate non-profit to cloud providers in order to receive sponsored or discounted services.

Hackers have compromised a popular brand of recording software used in courtrooms, jails, and prisons, allowing them to gain complete control of a system via a backdoor implanted in an update to the tool. Justice AV Solutions (JAVS) is used to record lectures, court hearings, council meetings, and other events, with over 10,000 installations. This article continues to discuss findings regarding the backdooring of the courtroom recording software.

A consumer-grade spyware app called "pcTattletale" has been discovered on the check-in systems of at least three US Wyndham hotels. The app secretly took screenshots of the hotel booking systems containing guest and customer information.

Australian patients' health and personal information has reportedly been published online following the ransomware attack on medical prescriptions provider MediSecure. Security researchers at CyberKnow discovered that a threat actor is offering over 6.5TB for sale for $50,000. The researchers noted that it was interesting that the sale is being offered via a forum rather than a ransomware leak site.

Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. The Pennsylvania-based firm, with a presence in 50 countries, employs 46,000 people. Cencora, in February 2024, disclosed a data breach in a Form 8-K filing with the SEC, stating that unauthorized parties gained access to its information systems and exfiltrated personal data.