KillNet Claims DDoS Attack Against Royal Family Website
The official website of the UK royal family was subject to a distributed denial-of-service (DDoS) attack on the morning of Sunday, Oct. 1, thanks to pro-Russian hacktivists. The resulting downtime for royal.uk began around 10 a.m. BST, and only lasted for around 90 minutes. As of this writing, though, visitors to the site are still…
Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an “evolved version” of another loader malware known as DoubleFinger. “The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.,” Kaspersky said in…
Breach Roundup: Johnson Controls Suffers Ransomware Attack
Johnson Controls Suffers Ransomware Attack Global smart building and security systems maker Johnson Controls faces a major cybersecurity incident, it disclosed in a regulatory filing. “The incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations,” it told the U.S. Securities and Exchange Commission. Bleeping Computer reports…
Chinese Hackers Target Routers in IP Theft Campaign
A Chinese hacking group linked to state authorities in Beijing has upgraded its espionage capabilities to target companies with headquarters in the United States and East Asia, warned an alert from Japanese and American cyber agencies. The latest campaign from BlackTech has targeted networks of regional subsidiaries across government, industrial, technology and defense industrial base…
A phishing campaign targets Ukrainian military entities with drone manual lures
Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. The campaign, codenamed STARK#VORTEX by Securonix, targets Ukrainian military entities and CERT-UA attributed it to a threat actor tracked as UAC-0154. The MerlinAgent is an open-source C2 toolkit written in Go, it…
Fake WinRAR PoC Exploit Conceals VenomRAT Malware
In a new twist on the cybercrime penchant for trojanizing things, a threat actor recently pounced upon a “hot” vulnerability disclosure to create a fake proof of concept (PoC) exploit that concealed the VenomRAT malware. According to research from Palo Alto Networks, the cyberattacker, who goes by “whalersplonk,” took advantage of a very real remote…
FBI, CISA Issue Joint Warning on ‘Snatch’ Ransomware-as-a-Service
Cybersecurity advisories from the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) are usually a good indication that a particular threat merits priority attention from organizations in the crosshairs. That would appear to be the case with “Snatch,” a ransomware-as-a-service (RaaS) operation that has been active since at least 2018 and is the…
Caesars Confirms Ransomware Payoff and Customer Data Breach
Casino and hotel giant Caesars Entertainment is warning customers that their personal details were stolen in a recent hack attack. After successfully shaking down Caesars for a ransom, the same attackers are continuing to extort MGM Resorts, claiming to have crypto-locked its EXSi hypervisors. Both attacks by the Alphv ransomware group, which spun off from…
Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors
Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name Peach Sandstorm (formerly Holmium), said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate intelligence…
Zero Day Summer: Microsoft Warns of Fresh New Software Exploits
As part of its scheduled batch of Patch Tuesday security fixes, Redmond’s security response team flagged the two zero-days — CVE-2023-36761 and CVE-2023-36802 — in the “exploitation detected” category and urged Windows sysadmins to urgently apply available fixes. The most serious of the two bugs is described as a privilege escalation flaw in Microsoft Streaming…
