The ClickFix campaign utilizes social engineering tactics to deploy malware on Windows and macOS platforms by presenting fake Google Meet error messages. Users are tricked into downloading malware disguised as troubleshooting files. This campaign highlights the dangers of browser-based attacks and the need for enhanced security measures.…
Read More
Tag: MONITOR
The Water Makara campaign is a sophisticated spear-phishing attack targeting Brazilian organizations, utilizing obfuscated JavaScript to deliver the Astaroth malware. This malware compromises systems undetected, posing significant threats to sectors like banking and national security. Affected Platform: Brazilian organizations
Read More
Keypoints :
Water Makara is a spear-phishing attack specifically aimed at Brazilian organizations.…
Threat Actor: Unknown | Trustee Plus
Victim: Users of cryptocurrency services | cryptocurrency users
Price: Not disclosed
Exfiltrated Data Type: Financial transaction data
Read More
Key Points :
Trustee Plus offers cryptocurrency top-up capabilities with NFC-enabled virtual credit cards. The service allows users to withdraw cash from ATMs, raising security concerns.…
Threat Actor: Unknown | Lelivrescolaire.fr
Victim: Lelivrescolaire.fr | Lelivrescolaire.fr
Price: Not disclosed
Exfiltrated Data Type: User account details, student and educator data
Read More
Key Points :
The breach exposes sensitive user information, raising privacy concerns. Potential risks include identity theft and phishing attacks. Highlights the need for improved cybersecurity measures in educational platforms.…
Threat Actor: Cybercriminals | Cybercriminals
Victim: PhoneMondo.com | PhoneMondo.com
Price: Not Disclosed
Exfiltrated Data Type: Customer Information
Read More
Key Points :
20 million records compromised in the data breach. Leaked data includes sensitive customer information. Risks include identity theft and phishing attempts. Highlights the need for strong cybersecurity protocols.…
Threat Actor: Unknown | unknown
Victim: Various Users | various users
Price: Not disclosed
Exfiltrated Data Type: Login Credentials
Read More
Key Points :
15 million user credentials exposed, raising security concerns. Compromised data includes login details for various URL-based accounts. Emphasizes the need for strong passwords and two-factor authentication.…
Threat Actor: Unknown | unknown
Victim: Outlook and Hotmail Users | Outlook and Hotmail Users
Price: Undisclosed
Exfiltrated Data Type: Email credentials
Read More
Key Points :
Compromised Outlook and Hotmail accounts are being sold on underground forums. Potential misuse includes unauthorized access, phishing schemes, and identity theft.…Mongolia is experiencing an alarming increase in ransomware attacks, as highlighted by recent data from Ransom Monitor. Multiple domains, including government and healthcare services, have fallen victim to notorious threat actors such as funksec and darkvault. This escalating threat underscores the urgent need for enhanced cybersecurity measures across the nation.…
Summary: A new Android malware called ‘FireScam’ is being distributed as a fake premium version of the Telegram app through phishing sites that imitate RuStore, Russia’s app marketplace. This malware is designed to steal user credentials and sensitive information while employing advanced evasion techniques.
Read More
Threat Actor: Unknown | FireScam Victim: Android users | Telegram
Key Point :
FireScam is delivered via a dropper module that installs the main malware payload while evading detection.…
Threat Actor: Unknown | Gammal Tech
Victim: Gammal Tech | Gammal Tech
Price: Not disclosed
Exfiltrated Data Type: User credentials and sensitive details
Read More
Key Points :
Recent data breach compromised sensitive user information from Gammal Tech’s main site. Exposed data may include user credentials, increasing risks of identity theft and phishing attacks.…
Threat Actor: Unknown | unknown
Victim: SSA.gov | SSA.gov
Price: Not disclosed
Exfiltrated Data Type: Social Security Numbers (SSNs), addresses, financial data
Read More
Key Points :
The breach targeted the official platform of the U.S. Social Security Administration. Sensitive information, including SSNs and financial data, was reportedly compromised.…
Threat Actor: Unknown | Unknown
Victim: Lelivrescolaire.fr | Lelivrescolaire.fr
Price: Not disclosed
Exfiltrated Data Type: Sensitive user information (students, educators, etc.)
Read More
Key Points :
The breach compromised the database of a prominent educational resource platform in France. Sensitive user information was exposed, raising concerns about data security and privacy.…
Threat Actor: Unknown | Unknown
Victim: VIP Database | VIP Database
Price: Not disclosed
Exfiltrated Data Type: Personal details of high-profile individuals
Read More
Key Points :
A recent data breach has compromised a VIP database, exposing sensitive information. The leaked data includes personal details, leading to privacy risks and security concerns.…
This article outlines critical vulnerabilities affecting various software products, including Citrix, Cisco, Fortinet, and Microsoft. Threat actors are exploiting these vulnerabilities, such as CVE-2023-3519 and CVE-2023-34362, to gain unauthorized access and execute malicious activities. Regular updates and security patches are essential to mitigate these risks. #CyberSecurity #VulnerabilityManagement #ThreatIntelligence
Read More
Keypoints :
Multiple critical vulnerabilities identified across various software products.…
The NonEuclid Remote Access Trojan (RAT) represents a significant threat in the cyber landscape, utilizing advanced evasion techniques and ransomware capabilities to compromise systems. Its promotion on underground forums and social media highlights the growing sophistication of malware. #CyberThreats #Malware #RAT
Read More
Keypoints :
The NonEuclid RAT allows unauthorized remote access to victims’ computers.…
This article highlights the silent threat of info stealers and emphasizes the importance of visibility and proactive measures for organizations to mitigate risks associated with leaked credentials. It provides strategic insights for decision-makers on how to address these threats effectively. #InfoStealers #Cybersecurity #CredentialManagement
Read More
Keypoints :
Info stealers are subtle but dangerous threats in the cybersecurity landscape.…
Summary: Cyberhaven fell victim to a supply-chain attack where attackers compromised their Chrome extension, allowing them to exfiltrate sensitive data such as Facebook access tokens. The incident highlights the vulnerabilities in software supply chains and the need for better security measures regarding browser extensions.
Read More
Threat Actor: Unknown | unknown Victim: Cyberhaven | Cyberhaven
Key Point :
Attackers used social engineering to gain access rights to Cyberhaven’s Chrome extension.…
Threat Actor: Unknown | Niva Bupa Insurance Group
Victim: Niva Bupa Insurance Group | Niva Bupa Insurance Group
Price: Not disclosed
Exfiltrated Data Type: Sensitive customer information, including policyholder information, financial records, and contact details
Read More
Key Points :
A data breach has exposed sensitive customer information at Niva Bupa Insurance Group.…
Threat Actor: Unknown | Obltelecom.ru
Victim: Obltelecom.ru | Obltelecom.ru
Price: Not disclosed
Exfiltrated Data Type: Customer details, billing data, service usage records
Read More
Key Points :
A data breach involving Obltelecom.ru has exposed sensitive customer information. The leaked database includes contact information, billing data, and service usage records.…
Threat Actor: Unknown | Brooklyn Art Library
Victim: Brooklyn Art Library | Brooklyn Art Library
Price: N/A
Exfiltrated Data Type: Personal details (names, email addresses, sensitive data)
Read More
Key Points :
Approximately 2,000 records were exposed in the breach. Leaked data includes names, email addresses, and sensitive contributions to the Sketchbook Project.…