Tag: MOBILE

Victim: heras.co.uk Country : GB Actor: lockbit3 Source: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/post/QcPGrIlMqosQQ8pO665779d401f83 Discovered: 2024-05-29 20:36:05.617145 Published: 2024-05-29 19:04:00.000000 Description : Heras is an European leading end-to-end supplier of permanent and mobile perimeter protection solutions. We operate in over 24 countries and employ more than 1100 highly skilled experts. Experts in perimeter protection We design, manufacture, ins…

Ransomware Victims – ALL Other Victims by lockbit3…

Read More

Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and cyberespionage objectives. Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets, employ trojanized versions of legitimate tools, create a fully functional malicious game, and deliver a new custom ransomware.…

Read More

Identifier: TRR240501.

Summary

Earlier in May, our security product spotted a malicious payload, which was tentatively delivered to a computer in Brazil, via an intricate infection chain involving Python scripts and a Delphi-developed loader.

The final malicious payload, that we named “AllaSenha”, is specifically aimed at stealing credentials that are required to access Brazilian bank accounts, leverages Azure cloud as command and control (C2) infrastructure, and is another custom variant of “AllaKore”, an infamous open-source RAT which is frequently leveraged to target users in Latin America.…

Read More

Threat Actor: Unknown | Unknown Victim: BSNL | BSNL Price: $80,000 – $150,000 Exfiltrated Data Type: IMSI, SIM details, HLR information, Machine Copy Data, DP Card Data, DP Security Key Data, Masterkeys, SOLARIS server snapshot, Main database

Additional Information :

The leaked data includes sensitive information such as IMSI, SIM details, HLR (Home Location Register), DP Card Data, Masterkeys, and more.…
Read More
Introduction

At Zscaler ThreatLabz, we regularly monitor the Google Play store for malicious applications. Over the past few months, we identified and analyzed more than 90 malicious applications uploaded to the Google Play store. These malware-infected applications have collectively garnered over 5.5 million installs.

Recently, we noticed an increase in instances of the Anatsa malware (a.k.a.…

Read More

Summary: This content discusses criminal campaigns that exploit cloud storage services to redirect users to malicious websites and steal their information using SMS messages.

Threat Actor: Unnamed threat actors | Unnamed Threat Actors Victim: Users targeted by the criminal campaigns | Users Targeted by Criminal Campaigns

Key Point :

Security researchers have identified criminal campaigns that exploit cloud storage services like Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage.…
Read More

Key Takeaways 

Cyble Research & Intelligence Labs (CRIL) identified a sample of Embargo ransomware, developed in Rust. 

The Threat Actors behind this ransomware are using double extortion tactics. 

We observed an instance where the ransomware group Initially demanded a $1 million ransom payment, threatening data leak and notifications to various parties upon non-payment. …
Read More

Summary

As part of our continuous hunting efforts across the Asia-Pacific region, BlackBerry discovered Pakistani-based advanced persistent threat group Transparent Tribe (APT36) targeting the government, defense and aerospace sectors of India. This cluster of activity spanned from late 2023 to April 2024 and is anticipated to persist.…

Read More

Summary: Scammers are selling counterfeit code of the NSO Group’s Pegasus spyware, taking advantage of its notoriety for financial gain.

Threat Actor: Scammers selling counterfeit code advertised as the NSO Group’s Pegasus spyware.

Victim: Potential buyers who are deceived into purchasing the counterfeit code.

Key Point:

Scammers are creating their own tools and scripts, distributing them under the name of Pegasus spyware to capitalize on its reputation.…
Read More

Threat Actor: Cactus ransomware | Cactus ransomware Victim: OmniVision Technologies | OmniVision Technologies Price: Not specified Exfiltrated Data Type: Personal information, passport images, NDAs, contracts, and other documents

Additional Information:

OmniVision Technologies is a company specializing in digital imaging solutions. In 2023, OmniVision was the victim of a Cactus ransomware attack.…
Read More

Summary: The Open Source Security Foundation (OpenSSF) has launched an email mailing list called Siren to share threat intelligence related to open source projects, addressing the growing concerns about the security of open source software.

Threat Actor: N/A

Victim: N/A

Key Point :

The OpenSSF has introduced the Siren email mailing list to disseminate threat intelligence concerning open source projects.…
Read More

Summary: This article discusses concerns about the privacy of library reading material and how it relates to targeted advertising.

Threat Actor: Advertising platforms

Victim: Library users

Key Point :

An attorney noticed that the in-game ads on her Android tablet were reflecting the audiobooks she recently checked out from the San Francisco Public Library, raising concerns about privacy.…
Read More

Summary: CyberArk, a cybersecurity company, is acquiring Venafi, a specialist in machine identity, for $1.54 billion in order to expand its capabilities in managing machine identities in the cloud.

Threat Actor: N/A Victim: N/A

Key Point :

CyberArk is acquiring Venafi for $1.54 billion, with $1 billion in cash and approximately $540 million in shares.…
Read More

Victim: Heras Country : GB Actor: medusa Source: http://medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion/detail?id=634976681010fa6de5ce165850fe394c Discovered: 2024-05-21 06:07:36.366200 Published: 2024-05-20 13:58:40.12345 Description : Heras (founded in 1952) is an end-to-end supplier of permanent and mobile perimeterprotection solutions. They design, manufacture, install and service temporary and permanent perimeter protection solutions for customers across business, community and industry sectors.…

Read More

Summary: Intel has disclosed a maximum severity vulnerability in its Intel Neural Compressor software for AI model compression, which allows an unauthenticated attacker to execute arbitrary code on affected systems.

Threat Actor: Unauthenticated attacker | unauthenticated attacker Victim: Intel | Intel

Key Point :

The vulnerability, designated as CVE-2024-22476, is the most serious among the 41 security advisories disclosed by Intel.…
Read More

Threat Actor: Hacktivist Indonesia | Hacktivist Indonesia Victim: Centurion University | Centurion University Price: Not specified Exfiltrated Data Type: Personal information, educational backgrounds, payment details

Additional Information:

The hacktivist group Hacktivist Indonesia has leaked the complete database of Centurion University. The leaked data includes sensitive information of applicants, students, and staff associated with the university.…
Read More