Evil Corp Switched to Using LockBit Malware to Avoid Sanctions

The Evil Corp group switched to using the LockBit ransomware to avoid sanctions imposed earlier by the Office of Foreign Assets Control of the US Department of the Treasury (OFAC). Let me remind you that Evil Corp has existed since at least 2007, but at first hackers more often acted as partners for other groups.… Continue reading Evil Corp Switched to Using LockBit Malware to Avoid Sanctions

Information Security Specialists Discovered a 0-day Vulnerability in Windows Search

A new 0-day Windows Search vulnerability could be used to automatically open a search box and launch remote malware, which is easily done by simply opening a Word document. Bleeping Computer says the problem is serious because Windows supports the search-ms protocol URI handler, which allows apps and HTML links to run custom searches on… Continue reading Information Security Specialists Discovered a 0-day Vulnerability in Windows Search

Chinese Hackers Attack Fresh 0-day Follina Vulnerability

Experts have warned that Chinese hackers are already actively exploiting a 0-day vulnerability in Microsoft Office known as Follina to remotely execute malicious code on vulnerable systems. Let me remind you that the discovery of Follina became known a few days ago, although the first researchers discovered the bug back in April 2022, but then… Continue reading Chinese Hackers Attack Fresh 0-day Follina Vulnerability

Europol and Intelligence Agencies of 11 Countries Destroyed the FluBot Trojan Infrastructure

Europol announced that law enforcement officers, as a result of an international operation, destroyed one of the fastest-spreading malware – the FluBot Trojan. Let me remind you that we also talked about the fact that Law enforcement officers closed the hacker resource RaidForums, and also that the US authorities arrest Kaseya hacker and attacker associated… Continue reading Europol and Intelligence Agencies of 11 Countries Destroyed the FluBot Trojan Infrastructure

Attackers Are Already Exploiting the Fresh 0-day Follina Bug in Microsoft Office

Security researchers recently discovered a zero-day vulnerability in Microsoft Office dubbed Follina. The bug can be exploited through the normal opening of a Word document, using it to execute malicious PowerShell commands through the Microsoft Diagnostic Tool (MSDT). Let me remind you that we also wrote that Lapsus$ hack group stole the source codes of… Continue reading Attackers Are Already Exploiting the Fresh 0-day Follina Bug in Microsoft Office

Microsoft Experts Found Vulnerabilities in Pre-Installed Android Applications

Microsoft experts have found four serious vulnerabilities in pre-installed Android applications, namely in the framework used by Android applications of several major international mobile service providers. Vulnerabilities were discovered in the platform of mce Systems, an Israeli company that provides software for mobile operators. Let me remind you that we also wrote that About 8%… Continue reading Microsoft Experts Found Vulnerabilities in Pre-Installed Android Applications

Google Has Disabled Some of the Global Cache Servers in Russia

Media reports say that Google is notifying ISPs in Russia that it is shutting down its Google Global Cache (GGC) servers, which speed up the loading of its services, including YouTube content. These changes are reported by RBC, citing two of its own sources in the telecommunications industry. Let me also remind you that we… Continue reading Google Has Disabled Some of the Global Cache Servers in Russia

Fake Exploits Used to Deliver Cobalt Strike Beacons

Cyble experts have warned that cybercriminals are attacking IS researchers, distributing malware under the guise of exploits for Windows, which eventually installs Cobalt Strike beacons on the experts’ machines. Let me remind you that we also wrote that Emotet now installs Cobalt Strike beacons. Cyble analysts report that malware disguised as PoC exploits for a… Continue reading Fake Exploits Used to Deliver Cobalt Strike Beacons

The Conti Ransomware Ceases Operations and Breaks Up into Several Groups

Experts report that the Conti ransomware is going out of business, group ceases operations, its infrastructure is disabled, and the group’s leaders have said the brand already does not exist. One of the first to notice the change was Elisey Boguslavsky of Advanced Intel, who tweeted that the group’s internal infrastructure had been shut down.… Continue reading The Conti Ransomware Ceases Operations and Breaks Up into Several Groups

Cybersecurity Experts Analyzed the Methods of a Group of Russian Hackers Wizard Spider

Information security specialists from PRODAFT have published the results of an investigation into the Wizard Spider group, which is allegedly associated with the Grim Spider and Lunar Spider hacker groups. The Wizard Spider group, possibly of Russian origin, manages an infrastructure of “a complex set of sub-commands and groups, controls a huge number of hacked… Continue reading Cybersecurity Experts Analyzed the Methods of a Group of Russian Hackers Wizard Spider