Qilin, also known as Agenda ransomware, represents a formidable threat in cybercrime. This ransomware, one of the known Ransomware-as-a-Service (RaaS) groups, is designed with adaptability in mind, allowing it to customize attacks based on its victims’ specific environments. Originating from a sophisticated background, Qilin leverages advanced tactics to extort organizations.…

Read More

Today I have uploaded the Indonesian Ministry of Transportation Database for you to download, thanks for reading and enjoy!

Kementrian Perhubungan IndonesiaThe Ministry of Transportation of the Republic of Indonesia is a ministry in the Indonesian Government in charge of transportation affairs, is led by a Minister of Transportation who since 27 July 2016 has been held by Budi Karya Sumadi.…

Read More

BlackSuit ransomware is a rebranded version of the notorious Royal ransomware, which emerged due to heightened law enforcement actions against the original group. This rebranding signifies a strategic shift aimed at evading detection and continuing their cybercriminal activities under a new guise. The Royal ransomware, now BlackSuit, has a notorious history of targeting high-profile sectors and demanding substantial ransoms.…

Read More
Executive Summary

On May 20, 2024, Live Nation discovered and disclosed an unauthorized activity in its third-party cloud database environment, which was eventually identified to be Snowflake, in its SEC filing. The database contains information regarding the company, primarily from its Ticketmaster subsidiary. Following this filing and in the following days, analysts discovered multiple clients of Snowflake have had data posted on the Dark Web for sale.…

Read More

MANILA, PHILIPPINES – Within this week, a series of data breaches, personal information from Toyota Makati, a renowned car dealership, Robinsons Malls, a prominent shopping mall chain, and S&R, a popular membership shopping club, has been compromised, affecting hundreds of thousands of customers.

Toyota Makati Data Breach:

An alleged data breach at Toyota Makati, discovered on May 29, 2024, has exposed over a terabyte of data spanning from 2016 to 2024.…

Read More

Published On : 2024-06-03

Executive Summary

At CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on the Vidar Stealer, an information stealer operating as a malware-as-a-service. The research explores the tactics employed by threat actor(s) to evade detection on the system and over the network, as well as their techniques for concealing malicious code and activities.…

Read More

Threat Actor: Unknown | Unknown Victim: QuoteWizard.com and LendingTree | QuoteWizard.com and LendingTree Price: $2,000,000 Exfiltrated Data Type: Personal information, partial credit card details, auto history and driving records, personal background information, tracking pixel data

Additional Information:

The data allegedly includes full customer details such as names, addresses, emails, phone numbers, and other personal information.…
Read More

Threat Actor: ShinyHunters | ShinyHunters Victim: Ticketmaster | Ticketmaster Price: $500,000 Exfiltrated Data Type: Names, emails, addresses, phone numbers, ticket sales, and order details

Additional Information :

ShinyHunters, the current administrator of BreachForums, claimed the hack of Ticketmaster and offered for sale 1.3 TB of data, including full details of 560 million customers, for $500,000.…
Read More

Summary: Managed Service Partners (MSPs) highlight cybersecurity as their top concern in staying competitive in the market, with challenges including staying on top of security technologies, employing more security analysts, and maintaining awareness of the latest threats.

Threat Actor: N/A Victim: N/A

Key Point :

MSPs consider cybersecurity as their main concern for staying competitive in the market.…
Read More

Summary: A threat actor known as “phant0m” is promoting a new Ransomware-as-a-Service (RaaS) called “SpiderX,” which is designed to be more advanced and harder to detect than its predecessor, Diablo ransomware.

Threat Actor: phant0m | phant0m Victim: N/A

Key Point :

A threat actor named phant0m is advertising a new Ransomware-as-a-Service (RaaS) called SpiderX on the dark web forum OnniForums.…
Read More

This time, we’re not revealing a new cyber threat investigation or analysis, but I want to share some insights about the team behind all Sekoia Threat Intelligence and Detection Engineering reports. Let me introduce you to the Sekoia TDR team.

TL;DRSekoia Threat Detection & Research (TDR) is a multidisciplinary team dedicated to Cyber Threat Intelligence and Detection Engineering for the Sekoia SOC Platform.…
Read More