Cybercriminals have developed an enhanced version of the infamous GhostLocker ransomware that they are deploying in attacks across the Middle East, Africa, and Asia.

Two ransomware groups, GhostSec and Stormous, have joined forces in the attack campaigns with double-extortion ransomware attacks using the new GhostLocker 2.0 to infect organizations in Lebanon, Israel, South Africa, Turkey, Egypt, India, Vietnam, and Thailand, as well as other locations.…

Read More

Mar 05, 2024NewsroomCybercrime / Malware

A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds.

“Savvy Seahorse is a DNS threat actor who convinces victims to create accounts on fake investment platforms, make deposits to a personal account, and then transfers those deposits to a bank in Russia,” Infoblox said in a report published last week.…

Read More

Mar 05, 2024NewsroomMalware / Artificial Intelligence

More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show.

These credentials were found within information stealer logs associated with LummaC2, Raccoon, and RedLine stealer malware.…

Read More

A deep fake video of Maria Ressa promoting the crypto-currency scam “Bitcoin Method” was released on Facebook on 6 February 2024. The AI edited video was based on Ressa’s appearance in The Late Show with Stephen Colbert from November 2022, where she was invited to discuss her insights about Democracy and freedom and the danger of living in a world dominated by social media.…

Read More

The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.

While BlackCat’s data leak blog has been down since Friday, BleepingComputer had confirmed that negotiation sites were still active over the weekend.…

Read More

 

The digital sphere has witnessed a surge in AI-fueled tax fraud, presenting a grave threat to individuals and organisations alike. Over the past year and a half, the capabilities of artificial intelligence tools have advanced rapidly, outpacing government efforts to curb their malicious applications.

LexisNexis’ Government group CEO, Haywood Talcove, recently exposed a new wave of AI tax fraud, where personally identifiable information (PII) like birthdates and social security numbers are exploited to file deceitful tax returns.…

Read More

BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, Reuters, The Guardian, and Washington Post, among others.

These “news” websites, which we were able to trace to their proprietor in India, repost articles from credible media and research organizations without attribution.…

Read More

BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, Reuters, The Guardian, and Washington Post, among others.

These “news” websites, which we were able to trace to their proprietor in India, repost articles from credible media and research organizations without attribution.…

Read More

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly, a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.…

Read More

Hunt is tracking an ongoing sophisticated phishing campaign targeting individuals in the Telegram groups focused on the blockchain and angel investing communities, specifically entrepreneurs. The tactics described below are strikingly similar to those previously attributed to the Lazarus Group, a North Korean state-sponsored threat actor. Communication begins with the actor posing as a representative of an investment company seeking business opportunities.…

Read More

Remote Monitoring & Management (RMM) software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to infiltrate company networks and pilfer sensitive data.…

Read More
10 Billion Attacks Blocked in 2023, Qakbot’s Resurrection, and Google API Abused Foreword

Welcome to the new edition of our report. As we bid farewell to the year 2023, let’s briefly revisit the threat landscape that defined the past year. In 2023, the overall number of unique blocked attacks surged, reaching an unprecedented milestone of more than 10 billion attacks and a remarkable 49% increase year-over-year.…

Read More