AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. The campaign has been active since at least 2021. “Lures use Mexican

Tagged under: , , , , , , , , , , , , , , , , , , , , ,

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. “UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected,

Tagged under: , , , , , , , , , , , , , ,

29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services

Introduction A 29-year-old Ukrainian national has been apprehended in Mykolaiv, Ukraine, in connection with a highly sophisticated cryptojacking operation. The suspect allegedly earned over $2 million (€1.8 million) in illicit profits through unauthorized use of computing resources for cryptocurrency mining. The arrest was made possible through a collaborative effort between the National Police of Ukraine,

Tagged under: , , , , , , , , ,

Three Ways To Supercharge Your Software Supply Chain Security

Section four of the “Executive Order on Improving the Nation’s Cybersecurity” introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan

Tagged under: , , , , , , , ,

Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide

According to a new joint cybersecurity advisory from Australia and the U.S., the threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023. “Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations

Tagged under: , , , , , , ,

New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. “PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577,” Malwarebytes’ Jérôme Segura said. The malware family, which first appeared in early 2023,

Tagged under: , , , , , , ,

Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds

Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it’s tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. The goal of the attacks is to propagate booby-trapped links that direct victims to adversary-in-the-middle (AiTM)

Tagged under: , , , , , , , , ,

SLAM Attack: New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs

Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new feature in Intel CPUs called Linear Address Masking (LAM) as well as

Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.

In a recent analysis, Palo Alto Networks Unit 42 researcher Chema Garcia revealed a targeted cyber threat affecting organizations in the Middle East, Africa, and the United States. The unknown threat actor is distributing a sophisticated backdoor named Agent Racoon, developed using the .NET framework. The malware exploits the domain name service (DNS) protocol to

Tagged under: , , , , , , , , , , , , , , , , , , , , , ,

Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale

More details have emerged about a malicious Telegram bot called Telekopye that’s used by threat actors to pull off large-scale phishing scams. “Telekopye can craft phishing websites, emails, SMS messages, and more,” ESET security researcher Radek Jizba said in a new analysis. The threat actors behind the operation – codenamed Neanderthals – are known to run the criminal enterprise as a

Tagged under: , , , , , ,