Russian hacker pleads guilty to money laundering using Ryuk Ransomware attacks

On February 7, 2023, a Russian national, Denis Mihaqlovic Dubnikov, admitted to money laundering and concealing the source of funds obtained through Ryuk ransomware attacks in a U.S. court. Dubnikov, who was arrested in Amsterdam in November 2021 and later extradited from the Netherlands in August 2022, will be sentenced on April 11, 2023. According

Tagged under: ,

Ukrainian State Authorities are being alerted to Remcos software-driven cyberattacks

The Ukrainian Computer Emergency Response Team (CERT-UA) has issued a warning about ongoing cyber attacks targeting state authorities in the country that use a legitimate remote access software named Remcos. The widespread phishing campaign has been traced back to a threat actor known as UAC-0050, and the agency has described the nature of the attacks

Tagged under: ,

Joint law enforcement cracks encrypted messaging app used by criminal groups

A collaborative law enforcement effort by Germany, the Netherlands, and Poland resulted in the dismantling of the encrypted messaging platform Exclu.Eurojust reported the arrests of 45 individuals in Belgium and the Netherlands, including users, administrators, and owners of the service. During raids in 79 locations, authorities seized €5.5 million, 300,000 ecstasy tablets, 20 firearms, and

Tagged under:

Sliver C2 Framework is exploited by hackers through Sunlogin vulnerabilities

Cybercriminals are exploiting known weaknesses in the Sunlogin software to deploy the Sliver Command-and-Control (C2) framework for post-exploitation activities. This was uncovered by the AhnLab Security Emergency Response Center (ASEC), which discovered that security flaws in the Chinese-developed remote desktop program, Sunlogin, are being taken advantage of to launch a wide range of malicious payloads.

The GitHub Desktop and Atom Code-Signing Certificates were stolen by hackers

GitHub, a subsidiary of Microsoft, announced that unknown attackers managed to extract encrypted code signing certificates related to some versions of GitHub Desktop for Mac and Atom applications. To ensure security, the company is revoking the affected certificates. As a result, certain versions of GitHub Desktop for Mac, including 3.0.2 to 3.1.2 and Atom versions

Tagged under: ,

Russian and Iranian hackers target key industries according to British Cyber Agency

The National Cyber Security Centre (NCSC) of the United Kingdom has issued a warning about spear-phishing attacks orchestrated by state-sponsored actors from Russia and Iran. The attacks are aimed at specific sectors, including academia, defense, government organizations, NGOs, and think tanks, as well as politicians, journalists, and activists, and are not directed toward the general

Components and obfuscations of Gootkit malware continue to evolve

The actors responsible for the Gootkit malware have made significant modifications to their toolset, incorporating new components and obfuscations into their infection methods. The Google-owned cybersecurity firm, Mandiant, is keeping a close eye on the cluster of activity known as UNC2565 and has determined that the usage of the Gootkit malware is exclusive to this

Tagged under: ,

New Golang-based ‘SwiftSlicer’ malware attacks Ukraine

Ukraine has been the target of a recent cyber attack from Russia, utilizing a previously unseen data wiper called SwiftSlicer. The attack was attributed to Sandworm, a state-sponsored group linked to Military Unit 74455 of the GRU, the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation. ESET disclosed

Tagged under: ,

GoTo, the parent company of LastPass, suffers a data breach, and customers’ backups Compromised

On Tuesday, GoTo (formerly LogMeIn), the parent company of LastPass, announced that an unknown party had successfully accessed encrypted backups of certain customers’ data, along with the encryption key for some of these backups, in a November 2022 incident. The company has identified that a third-party cloud storage service was targeted, which has impacted the

The Samsung Galaxy Store app is susceptible to sneaky app installations and fraud

Two security vulnerabilities have been identified in the Samsung Galaxy Store application for Android devices that could potentially be exploited by a local attacker to install arbitrary applications or redirect potential victims to fraudulent web pages. The vulnerabilities, designated as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Group and reported to Samsung in November and