Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
CyberNews
Cybersecurity analyst disowns threat actor ‘twin’
Vx-Underground is a regular fixture on Twitter, aka X, regularly posting bulletins regarding threat actors.
Bleeping Computer
VX-Underground malware collective framed by Phobos ransomware
A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor.
Bleeping Computer
Fraud researchers impersonated on X to push crypto-stealing sites
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
Bleeping Computer
Fraudsters make $50,000 a day by spoofing crypto researchers
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
CyberNews
ICBC, China’s largest bank, hit with ransomware
Industrial and Commercial Bank of China was hit with ransomware attack, disrupting the US Treasury market.
Bleeping Computer
Industrial and Commercial Bank of China hit by ransomware attack
The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues.
Bleeping Computer
World’s largest commercial bank ICBC confirms ransomware attack
The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues.
The Record
Industrial and Commercial Bank of China dealing with LockBit ransomware attack
The ransomware attack on China's largest bank impacted trading on the U.S. Treasury market.
CSO
Boeing systems hit in reported Lockbit cyberattack
Boeing has confirmed that an "incident" has occurred, after reports surfaced that the Lockbit ransomware group has claimed to have exfiltrated sensitive data from the aerospace giant.
SecurityWeek
Boeing Confirms Distribution Business Hit by Cyberattack
Boeing has confirmed a cyberattack after a ransomware group claimed to have breached the company’s systems.
Cyber Security News
Boeing Admits Cyberattack; Lockbit Claims Zero-Day Exploit Was Used to Gain Access
Boeing, the aerospace industry leader, has recently reported a cyberattack on its systems. The attack primarily targeted the company's parts and distribution business.
The Record
Boeing says cyber incident affects parts and distribution business
"We are aware of a cyber incident impacting elements of our parts and distribution business," a spokesperson told Recorded Future News. "This issue does not affect flight safety.”
The Record
Major Mexican airport confirms experts are working to address cyberattack
The Querétaro Intercontinental Airport — about three hours from Mexico City — posted on social media that it was responding to an unspecified incident.
SecurityWeek
Johnson Controls Hit by Ransomware
Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen information
DarkReading
Suspicious New Ransomware Group Claims Sony Hack
A deceitful threat actor claims its biggest haul yet. But what, if any, Sony data does it actually have?
SecurityWeek
Sony Investigating After Hackers Offer to Sell Stolen Data
Sony has launched an investigation after a ransomware group claimed to have compromised all systems and offered to sell stolen data.
Bleeping Computer
T-Mobile denies new data breach rumors, points to authorized retailer
T-Mobile has denied suffering another data breach following Thursday night reports that a threat actor leaked a large database allegedly containing T-Mobile employees' data.
The Record
T-Mobile denies rumors of a breach affecting employee data
T-Mobile attributed a leak, which didn't affect company data, to an April attack on an independent retailer.
SecurityWeek
TransUnion Denies Breach After Hacker Publishes Allegedly Stolen Data
TransUnion denies suffering a breach after a hacker publishes 3GB of data allegedly stolen from the credit reporting firm.
Cyber Security News
LockBit Demands 3% of Victim Company Revenue as Ransom
In recent developments within the notorious LockBit ransomware group, discussions among its affiliates are stirring up potential changes in their ransom payment policies.
Infosecurity News
Threat Actor Claims Major TransUnion Customer Data Breach
Database compromise dates back to March 2022
CSO
Hackers behind MGM cyberattack thrash the casino’s incident response
MGM rushed through response owing to incompetent staff, had multiple system vulnerabilities, and did not care about customer safety, alleged ransomware group ALPHV who also blamed VX underground for spreading misinformation.
Bleeping Computer
MGM casino's ESXi servers allegedly encrypted in ransomware attack
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.
CyberSecurity Dive
MGM Resorts disruption linked to recent attacks against hospitality industry
Security researchers link the threat group Scattered Spider to a wave of malicious activity as Caesars Entertainment confirms social engineering attack in regulatory filing.
SecurityWeek
Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack
A known ransomware gang has taken credit for the highly disruptive attack on MGM Resorts, and the company has yet to restore impacted systems
The Record
MGM still responding to wide-ranging cyberattack as rumors run rampant
The hospitality giant, facing serious disruptions to its businesses in Las Vegas, says it is continuing to "work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly."
Infosecurity News
MGM Criticized for Repeated Security Failures
The malware researchers' collective Vx-underground claimed that ALPHV/BlackCat was behind the attack against the casino giant
Infosecurity News
Data of 2.6M Duolingo Users Leaked on Hacking Forum
The compromised data includes names, usernames, email addresses and internal service-related details
Bleeping Computer
Scraped data of 2.6 million Duolingo users released on hacking forum
The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.
Bleeping Computer
Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom
Microsoft has discovered a new version of the BlackCat ransomware that embeds the Impacket networking framework and the Remcom hacking tool, both enabling spreading laterally across a breached network.
Infosecurity News
AnonFiles Shuts Down After Massive User Abuse
Anonymous file sharing service puts domain up for sale
Bleeping Computer
Raccoon Stealer malware returns with new stealthier version
The developers of Raccoon Stealer information-stealing malware have ended their 6-month hiatus from hacker forums to promote a new 2.3.0 version of the malware to cyber criminals.
Bleeping Computer
ALPHV ransomware adds data leak API in new extortion strategy
The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their attacks.
Infosecurity News
Twitter User Exposes Nickelodeon Data Leak
Social media reports suggest an individual allegedly dumped approximately 500GB of animation files
The Record
Nickelodeon says some of allegedly stolen data ‘appears to be decades old’
Cybersecurity experts have warned for days that hackers are sharing stolen documents from the television network.
Infosecurity News
Mexican Hacker Unleashes Android Malware on Global Banks
Neo_Net’s campaign mainly targeted Spanish and Chilean financial institutions
Security Affairs
Neo_Net runs eCrime campaign targeting clients of banks globally
A Mexican threat actor that goes online with the moniker Neo_Net is behind an Android malware campaign targeting banks worldwide. A joint study conducted by vx-underground and SentinelOne recently revealed that a Mexican threat actor that goes online with the moniker Neo_Net is behind an Android malware campaign targeting financial institutions worldwide. The case was […]
Cyber Security News
Neo_Net Hackers Group Targeting users of prominent banks globally
Neo_Net - a Spanish-based threat actor, has conducted campaigns against financial institutions and banks and achieved the highest success rate in spite of its unsophisticated tools.
The Hacker News
Mexico-Based Hacker Targets Global Banks with Android Malware
Neo_Net, a Mexican e-crime actor, is behind an Android malware campaign that's stolen €350,000+ and compromised PII data.
Infosecurity News
LockBit Claims TSMC Hack, Demands $70m Ransom
If confirmed, it could be the fourth-largest ransom demand of all time
The Record
Semiconductor giant says IT supplier was attacked; LockBit makes related claims
TSMC, considered the world’s most valuable semiconductor company, said there was an incident at IT supplier Kinmax. The LockBit cybercrime gang is claiming an attack against TSMC.
Security Affairs
Law enforcement shutdown a long-standing DDoS-for-hire service
Polish police, as part of the international law enforcement operation PowerOFF, dismantled a DDoS-for-hire service that has been active since at least 2013. An international operation codenamed PowerOff led to the shutdown of a DDoS-for-hire service that has been active since at least 2013. The operation was conducted by the Polish Central Bureau for Combating […]
Bleeping Computer
Police cracks down on DDoS-for-hire service active since 2013
Polish police officers part of the country's Central Cybercrime Bureau detained two suspects believed to have been involved in the operation of a long-running DDoS-for-hire service (aka booter or stresser) active since at least 2013.
The Hacker News
Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics
Sneakier & faster! New BlackCat ransomware variant Sphynx sharpening claws on evasion techniques & encryption
Infosecurity News
Dark Web Data Leak Exposes RaidForums Members
Cybercrime site was taken down by the authorities in 2022
Cyber Security News
Wireshark 4.0.6 Released - What's New!
Wireshark 4.0.6 released with fix for vulnerabilities, bug fixes, protocol updates, and a few improvements.
Latest Hacking News
Lockbit Ransomware Aims To Target macOS Systems – But May Not Be As Successful
After wreaking havoc with Windows and Linux systems, the LockBit ransomware gang now intends to target macOS devices. However, researchers believe the malware may not be as successful on Mac due to Mac’s innate security. LockBit
DarkReading
Researchers Discover First Ever Major Ransomware Targeting macOS
In targeting Apple users, LockBit is going where no major ransomware gang has gone before. But it's a warning shot, and Mac users need not worry yet.
The Hacker News
LockBit Ransomware Now Targeting Apple macOS Devices
A new LockBit ransomware operation has surfaced and this time, it's targeting macOS devices.
Security Affairs
Experts found the first LockBit encryptor that targets macOS systems
Researchers warn that the LockBit ransomware gang has developed encryptors to target macOS devices. The LockBit group is the first ransomware gang of all time that has created encryptors to target macOS systems, MalwareHunterTeam team warn. MalwareHunterTeam researchers discovered the LockBit encryptors in a ZIP archive uploaded to VirusTotal. The discovery is disconcerting and demonstrates […]
CSO
Amazon-owned Ring reportedly suffers ransomware attack
Russia-linked ALPHV ransomware gang has threatened to leak the stolen data if the company refuses to pay the ransom.
Security Affairs
Threat actors leak Activision employee data on hacking forum
Data allegedly stolen from the American gaming giant Activision in December security breach were leaked on a cybercrime forum. A threat actor leaked on the Breached hacking forum the data allegedly stolen from the gaming giant Activision in December 2022. The threat actors claim to have obtained 19,444 unique records from an Activision Azure database […]
Infosecurity News
Activision Confirms Phishing Attempt but Not Breach
Security researchers say hackers successfully exfiltrated content
Bleeping Computer
Activision confirms data breach exposing employee and game info
Activision has confirmed that it suffered a data breach in December 2022 after one of its employees fell victim to an SMS phishing attack, giving hackers access to its internal systems.
Bleeping Computer
Ransomware hits Technion university, protests tech layoffs and Israel
A new ransomware group going by the name 'DarkBit' has hit Technion - Israel Institute of Technology, one of Israel's leading research universities. The ransom note posted by DarkBit is littered with messaging protesting tech layoffs and promoting anti-Israel rhetoric, as well as the group demanding a $1.7 million payment.
Bleeping Computer
Ransomware hits Technion university to protest tech layoffs and Israel
A new ransomware group going by the name 'DarkBit' has hit Technion - Israel Institute of Technology, one of Israel's leading research universities. The ransom note posted by DarkBit is littered with messaging protesting tech layoffs and promoting anti-Israel rhetoric, as well as the group demanding a $1.7 million payment.
Security Affairs
The Israel Institute of Technology Technion suffered a ransomware attack
The Technion – Israel Institute of Technology was breached on Sunday by a new anti-Israel threat actor calling itself DarkBit. Technion – Israel Institute of Technology is Israel’s top technology research university and a leading center for cyber security education. A new anti-Israel threat actor calling itself DarkBit is claiming responsibility for the ransomware attack that breached the […]
Bleeping Computer
LockBit ransomware goes 'Green,' uses new Conti-based encryptor
The LockBit ransomware gang has again started using encryptors based on other operations, this time switching to one based on the leaked source code for the Conti ransomware.
Security Affairs
New LockBit Green ransomware variant borrows code from Conti ransomware
Lockbit ransomware operators have released a new version of their malware, LockBit Green, that also targets cloud-based services. Lockbit ransomware operators have implemented a new version of their malware, dubbed LockBit Green, which was designed to include cloud-based services among its targets. This is the third version of the ransomware developed by the notorious gang, […]
Bleeping Computer
Hackers auction alleged source code for League of Legends
Threat actors are auctioning the alleged source code for Riot Game's League of Legends and the Packman anti-cheat software, confirmed to be stolen in a recent hack of the game company's developer environment.
Security Affairs
A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder
A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang. The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that the person who published it is a disgruntled developer. The latest version of […]
Bleeping Computer
LockBit ransomware builder leaked online by “angry developer”
The LockBit ransomware operation has suffered a breach, with an allegedly disgruntled developer leaking the builder for the gang's newest encryptor.
SecurityWeek
Uber Investigating Data Breach After Hacker Claims Extensive Compromise
Uber is investigating a data breach after a hacker claimed to have breached many of the ride sharing giant’s systems and posted screenshots as evidence
SecurityWeek
Hacker Claims to Have Breached Many Uber Systems
Uber is investigating after a hacker claimed to have breached many of the ride sharing giant’s systems.
Security Affairs
Uber hacked, internal systems and confidential documents were allegedly compromised
Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents, including vulnerability reports. According to the New York Times, the threat actors hacked an employee’s Slack account and […]
The Record
An interview with Ukrainian hacker 'Herm1t' on countering pro-Kremlin attacks
Andrey Baranovich, who is known online as "Herm1t," spent much of the '90s and '00s chronicling the history of malware development on a site known in the hacking community as VX Heaven.
Security Affairs
Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit
Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies. The Vx-undergroud researchers shared some images of several confidential documents that appear to be […]
SecurityWeek
Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million
Leaked documents appear to show a spyware firm offering Android and iOS exploits and other services for $8 million.
CyberNews
LockBit hit by DDoS after Entrust hack | Cybernews
A notorious ransomware gang, LockBit, suspects IT giant Entrust is behind a recent DDoS attack that knocked Lockbit's data leak site offline.
Security Affairs
Lockbit leak sites hit by mysterious DDoS attack after Entrust hack
LockBit ransomware gang claims to have hacked the IT giant Entrust and started leaking the stolen files. Entrust Corp., provides software and hardware used to issue financial cards, e-passport production, user authentication for those looking to access secure networks or conduct financial transactions, trust certificated for websites, mobile credentials, and connected devices. The Lockbit ransomware […]
Bleeping Computer
LockBit ransomware blames Entrust for DDoS attacks on leak sites
The LockBit ransomware operation's data leak sites have been shut down over the weekend due to a DDoS attack telling them to remove Entrust's allegedly stolen data.
SecurityWeek
LockBit 3.0 Ransomware Emerges With Bug Bounty Program
The LockBit 3.0 ransomware operation has been launched and it includes a bug bounty program offering up to $1 million.
CyberNews
Scammers mask LockBit ransomware with fake copyright infringement emails | CyberNews
LockBit affiliates mask ransomware as copyright claims, tricking victims into downloading the malware on their devices.
CyberScoop
Twitter may have given user's private data to a ransomware hacker, who then ran a researcher offline
If true, it's just the latest example of phony data requests used for illicit purposes.
The Record
How vx-underground is building a hacker's dream library
When malware repository vx-underground launched in 2019, it hardly made a splash in the hacking world. "I had no success really," said its founder, who goes by the online moniker smelly_vx.
DarkReading
Zero-Day Vulnerability Discovered in Java Spring Framework
A proof-of-concept exploit allows remote compromises of Spring Web applications.
ThreatPost
Lapsus$ ‘Back from Vacation’
Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers' DevOps platforms – to its hit list.
The Hacker News
LAPSUS$ Claims to Have Breached IT Firm Globant; Leaks 70GB of Data
LAPSUS$ data extortion gang claims to have breached Globant software services company, and leaks a large amount of data (70GB).
CyberSecurity Dive
Okta denies security incident as Lapsus$ group goes on a spree
The identity and access management firm believes screenshots connected with the breach are related to a January security incident that was contained.
ThreatPost
Conti Ransomware V. 3, Including Decryptor, Leaked
The latest is a fresher version of the ransomware pro-Ukraine researcher ContiLeaks already released, but it’s reportedly clunkier code.
ThreatPost
Nvidia’s Stolen Code-Signing Certs Used to Sign Malware
Nvidia certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines.
ThreatPost
Russia Leaks Data From a Thousand Cuts–Podcast
It’s not just Ukraine: There's a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.
ThreatPost
Conti Ransomware Decryptor, TrickBot Source Code Leaked
The decryptor spilled by ContiLeaks won’t work with recent victims. Conti couldn't care less: It's still operating just fine. Still, the dump is a bouquet’s worth of intel.
The Hacker News
Conti Ransomware Gang's Internal Chats Leaked Online After Siding With Russia
After siding with Russia, Conti Ransomware Gang's internal chats were published online.
ThreatPost
Ukraine-Russia Cyber Warzone Splits Cyber Underground
A pro-Ukraine Conti member spilled 13 months of the ransomware group's chats, while cyber actors are rushing to align with both sides.
CyberNews
Russian ransom gang's data leaked | Cybernews
Conti ransomware gang's personal data is leaked by possible insider sympathetic to Ukraine, as cyberwar with Russia escalates.
CyberSecurity Dive
Cyberattack on Nvidia results in data leak, credential theft
The incident took place as Russia's war in Ukraine unfolds against a backdrop of U.S. warnings to protect critical industries.
Bleeping Computer
Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS
Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga began last week, security experts have time and time again recommended version 2.16 as the safest release to be on. That changes today with version 2.17.0 out that fixes CVE-2021-45105, a DoS vulnerability.