Ukrainian State Authorities are being alerted to Remcos software-driven cyberattacks

The Ukrainian Computer Emergency Response Team (CERT-UA) has issued a warning about ongoing cyber attacks targeting state authorities in the country that use a legitimate remote access software named Remcos. The widespread phishing campaign has been traced back to a threat actor known as UAC-0050, and the agency has described the nature of the attacks

Tagged under: ,

Joint law enforcement cracks encrypted messaging app used by criminal groups

A collaborative law enforcement effort by Germany, the Netherlands, and Poland resulted in the dismantling of the encrypted messaging platform Exclu.Eurojust reported the arrests of 45 individuals in Belgium and the Netherlands, including users, administrators, and owners of the service. During raids in 79 locations, authorities seized €5.5 million, 300,000 ecstasy tablets, 20 firearms, and

Tagged under:

The GitHub Desktop and Atom Code-Signing Certificates were stolen by hackers

GitHub, a subsidiary of Microsoft, announced that unknown attackers managed to extract encrypted code signing certificates related to some versions of GitHub Desktop for Mac and Atom applications. To ensure security, the company is revoking the affected certificates. As a result, certain versions of GitHub Desktop for Mac, including 3.0.2 to 3.1.2 and Atom versions

Tagged under: ,

Components and obfuscations of Gootkit malware continue to evolve

The actors responsible for the Gootkit malware have made significant modifications to their toolset, incorporating new components and obfuscations into their infection methods. The Google-owned cybersecurity firm, Mandiant, is keeping a close eye on the cluster of activity known as UNC2565 and has determined that the usage of the Gootkit malware is exclusive to this

Tagged under: ,

New Golang-based ‘SwiftSlicer’ malware attacks Ukraine

Ukraine has been the target of a recent cyber attack from Russia, utilizing a previously unseen data wiper called SwiftSlicer. The attack was attributed to Sandworm, a state-sponsored group linked to Military Unit 74455 of the GRU, the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation. ESET disclosed

Tagged under: ,

1,700 spoof apps targeted over 11 million devices in massive ad fraud scheme

Researchers have successfully dismantled an extensive ad fraud scheme, known as VASTFLUX, that affected over 1,700 applications from 120 publishers and impacted around 11 million devices. According to fraud prevention firm HUMAN, VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack multiple invisible video ad

Tagged under: , ,

Cyberattacks launched against Ukraine by Gamaredon Group through Telegram

According to a report by the BlackBerry Research and Intelligence Team, the Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital attacks against Ukraine, utilizing the popular messaging app Telegram to target the country’s military and law enforcement sectors. The group, also known by various other names such as Actinium, Armageddon, Iron

Tagged under: , ,

Researchers discover 3 PyPI packages that spread malware to developer systems

An individual going by the name of Lolip0p has uploaded three malicious packages to the Python Package Index (PyPI) repository, which are designed to install malware on developer systems that download them. The packages, named color slab (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12), were uploaded by the author

Tagged under: ,

An attacker targeted a CircleCI engineer’s laptop, causing a recent security incident

On Friday, DevOps platform CircleCI announced that it had experienced a data breach as a result of a “sophisticated attack” on December 16, 2022. The incident involved an employee’s laptop being compromised by unknown actors, who then used malware to steal the employee’s two-factor authentication-backed credentials to gain access to the company’s systems and data.

Tagged under: , ,

The majority of Cacti servers fail to patch critical vulnerabilities, leaving them vulnerable to attack

A significant portion of internet-exposed Cacti servers remain unpatched against a recently discovered critical security vulnerability that has been actively exploited in the wild, according to attack surface management platform Censys. Out of a total of 6,427 servers, only 26 were found to be running a patched version of Cacti (1.2.23 and 1.3.0). The vulnerability

Tagged under: , ,