STRRAT and Vcurms Malware Abuse GitHub for Spreading

Attackers are using GitHub as a source for the final payload

A new phishing campaign has recently been discovered that uses GitHub to deliver Remote Access Trojans (RAT) STRRAT and Vcurms via a malicious Java downloader. ANY.RUN specialists have detected the active spread of these malicious programs and warn users against potential threats. Short About STRRAT and Vcurms STRRAT is a Java-based RAT, notorious for its… Continue reading STRRAT and Vcurms Malware Abuse GitHub for Spreading

Fujitsu Hacked, Warns of Data Leak Possibility

Fujitsu discovered malware on its systems, which could potentially lead to massive data leak

Fujitsu, one of the world’s leading IT companies, reports uncovering the hack in their internal network. The company discovered malware in its IT systems, which led to a massive data breach. Fujitsu Hacked, Company Publishes Report The first to discover Fujitsu hack was the company’s IT specialists who were performing the scanning. The first signs… Continue reading Fujitsu Hacked, Warns of Data Leak Possibility

BianLian Exploits TeamCity Vulnerability to Deploy Backdoors

BianLian cybercriminals deploying PowerShell backdoors for covert system access and control.

BianLian, a group of cybercriminals known for their ransomware attacks, recently caught the attention of the information security community. By exploiting vulnerabilities in the JetBrains TeamCity platform, they managed to carry out multistage cyberattacks. Threat actors reportedly start their attack chain with a Golang-based backdoor, and work their way all the way to the ransomware… Continue reading BianLian Exploits TeamCity Vulnerability to Deploy Backdoors

MIT Hacked, Students’ Data Sold on the Darknet

Hackers publish a database full of info about the current - and past - students of MIT

On February 13, 2024, a post on a Darknet forum appeared, offering to purchase a large pack of data leaked from Massachusetts Institute of Technology (MIT). The hacker under the alias “Ynnian” claims that the leak happened this year, and consists mainly of students’ data. No pay is asked for this DB, hence the information… Continue reading MIT Hacked, Students’ Data Sold on the Darknet

Third Ivanti VPN Vulnerability Under Massive Exploitation

One more vulnerability in Ivanti VPN software is actively exploited

Experts have discovered a third Server Side Request Forgery (SSRF) vulnerability in Ivanti products. This is a serious security issue for corporate VPN devices. The new vulnerability allows unauthorized access to restricted resources that were available only after authentication. Ivanti SSRF Vulnerability Exploited Ivanti, a renowned corporate VPN appliance provider, has issued a warning regarding… Continue reading Third Ivanti VPN Vulnerability Under Massive Exploitation

Claro Company Hit by Trigona Ransomware

One more telecom giant fell victim to a ransomware attack

Claro Company, the largest telecom operator in Central and South America, disclosed being hit by ransomware. Representatives shared this information in response to the service disruptions in several regions. From the ransom note it becomes clear that the attackers are Trigona ransomware. Claro Telecom Hacked, Services Disrupted Since January 25, 2024 Claro Telecom customers have… Continue reading Claro Company Hit by Trigona Ransomware

Carbanak is Back with a New Spreading Tactic

The banking malware Carbanak has been observed being used in ransomware attacks with updated tactics.

The Carbanak cybercrime group, infamous for its banking malware, has resurfaced with new ransomware tactics, marking a significant evolution in their modus operandi. This development, as reported by the NCC Group, reflects Carbanak’s adaptability and increased threat to global cybersecurity Carbanak is Back, Using New Distribution Methods Carbanak’s return is marked by a significant shift… Continue reading Carbanak is Back with a New Spreading Tactic

Kyivstar, Ukraine’s Biggest Cell Carrier, Hacked

Hackers managed to destroy all the software infrastructure

On Tuesday, December 12, 2023, Ukraine’s largest cellular operator Kyivstar got its network infrastructure ruined. This is a result of a hack that was most likely executed by a Russian threat actor. I considered delaying writing this post to gather more facts regarding the situation. On day 1, nothing but speculation and suppositions were available.… Continue reading Kyivstar, Ukraine’s Biggest Cell Carrier, Hacked

AeroBlade TA Spies On U.S. Aerospace Industry

AeroBlade, a new threat actor, targets the U.S. Aerospace Industry. Analysts suppose it is a commercial espionage act

Cybersecurity experts have uncovered a sophisticated cyberespionage campaign targeting a prominent U.S. aerospace organization. The threat actor, identified as AeroBlade, executed a spear phishing attack, raising serious questions about the overall cybersecurity preparedness within critical industries. AeroBlade Attacks US Aerospace Company According to the cybersecurity experts, the spear phishing attack included sending the malicious file… Continue reading AeroBlade TA Spies On U.S. Aerospace Industry

Henry Schein was hacked twice by BlackCat ransomware

Healthcare company Henry Schein is restoring systems after a ransomware group re-encrypted files during negotiations.

Henry Schein Global, a healthcare solutions provider, faced a persistent cybersecurity nightmare. The BlackCat/ALPHV ransomware gang is launching a second wave of attacks, claiming to have re-encrypted files after stalled negotiations. The company, headquartered in Melville, New York, is restoring systems. It happened after the cybercrime group took credit for an initial breach on October… Continue reading Henry Schein was hacked twice by BlackCat ransomware