Hackers Claim to Have Stolen 60 GB of Data From Acer
In a post on a publicly accessible hacker forum, a group calling itself “Desorden” claimed to have stolen databases and other files from breached Acer India servers. The hackers shared a link to a sample of the stolen data and they promised to leak more once they have analyzed it. They also published a video…
8 Ways to “Fight the Phish” this Cybersecurity Awareness Month
We’ve all been targeted in phishing attacks — fake messages from a seemingly trusted or reputable source designed to convince you to click on a malicious link, reveal information, give unauthorized access to a system or execute a financial transaction. During this second week of Cybersecurity Awareness Month, pay extra attention to those emails, text…
Extortionist Hacker Group SnapMC Breaches Networks in Under 30 Minutes
Dubbed SnapMC, the hacking group attempts to exploit multiple vulnerabilities in webserver and VPN applications for initial access and typically compromises victim networks in under 30 minutes. The group then exfiltrates victim data to leverage it for extortion, but doesn’t use ransomware or other means of disrupting the victim’s operations. SnapMC threatens to publish the…
Amnesty Links Indian Cybersecurity Firm to Spyware Attack on African Activist
In late 2019 and early 2020, ahead of the presidential elections in Togo, the Donot Team hacking group attempted to spy on a prominent Togolese human rights defender, but only managed to raise the victim’s suspicion. Active since at least 2012 and also tracked as APT-C-35, and SectorE02, Donot Team is mainly known for its…
Lots and Lots of Bots: Looking at Botnet Activity in 2021
Botnets continue to be a major problem for cybersecurity teams. With the growth in sophisticated threats, botnets are becoming more malicious, sometimes able to create hundreds of thousands of drones that can attack a variety of machines, including Mac systems, Linux, Windows systems, edge devices, IoT devices, and so on. Examining threat trends around botnet…
FontOnLake Linux Malware Used in Targeted Attacks
Dubbed FontOnLake, the malware family employs a rootkit to conceal its presence and uses different command and control servers for each sample, which shows how careful its operators are to maintain a low profile. What’s more, the malware developers are constantly modifying the FontOnLake modules, and use three categories of components that have been designed…
Iran-linked MalKamak Hackers Targeting Aerospace, Telcos With ShellClient RAT
Researchers have discovered a previously unknown advanced threat actor, probably of Iranian origin, using a previously undocumented RAT targeting largely aerospace and telecommunications organizations. They have named the group MalKamak, and the campaign Operation GhostShell. Cybereason first detected the threat actor engaged in cyber espionage with the unknown remote access trojan – which it called…
Aggressive Ransomware Group FIN12 Moves Fast, Targets Big Companies
The threat group, tracked until now by Mandiant as UNC1878, has been around since at least October 2018. The UNC classification is assigned to “uncategorized” entities before the cybersecurity firm can determine with certainty if it’s a financially-motivated group (FIN) or a state-sponsored advanced persistent threat actor (APT). The threat group, tracked until now by…
Neiman Marcus Confirms Payment Cards Compromised in Data Breach
During the incident, which occurred in May 2020, hackers were able to exfiltrate information associated with online customer accounts, including payment card data, the company says. A total of 4.6 million online customers were affected by the attack and Neiman Marcus is working on notifying them. The company also says that 3.1 million payment and…
Backblaze Instant Recovery in Any Cloud simplifies recovery after ransomware attack
Backblaze announced Instant Recovery in Any Cloud—a solution to make ransomware recovery into a VMware and Hyper-V based cloud easy for any IT team. Big ransomware payments gain a lot of attention—like the $5 million Colonial Pipeline recently paid. But few realize that ransomware victims often rely on backups to return to normal operations, not…
