Pierluigi Paganini
March 21, 2022
Microsoft is investigating claims that the Lapsus$ hacking group breached its internal Azure DevOps source code repositories. Microsoft announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. Over the last months, the gang compromised other prominent companies such as NVIDIA, Samsung, Ubisoft, Mercado […]
Pierluigi Paganini
March 21, 2022
A Ukrainian security researcher has leaked more source code from the Conti ransomware operation to protest the gang’s position on the conflict. Hacker leaked a new version of the Conti ransomware source code on Twitter as retaliation of the gang’s support to Russia The attack against the Conti ransomware and the data leak is retaliation […]
Pierluigi Paganini
March 21, 2022
The DirtyMoe botnet continues to evolve and now includes a module that implements wormable propagation capabilities. In June 2021, researchers from Avast warned of the rapid growth of the DirtyMoe botnet (PurpleFox, Perkiler, and NuggetPhantom), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a […]
Pierluigi Paganini
March 19, 2022
The Federal Bureau of Investigation (FBI) reported that AvosLocker ransomware is being used in attacks targeting US critical infrastructure. The Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory warning of AvosLocker ransomware attacks targeting multiple US critical infrastructure. The advisory was published in coordination with the US Treasury Department and the Financial Crimes Enforcement Network […]
Pierluigi Paganini
March 19, 2022
TransUnion South Africa discloses a data breach, threat actors who stolen sensitive data, demanded a ransom payment not to release stolen data. TransUnion South Africa announced that threat actors compromised a company server based in South Africa using stolen credentials. Threat actors have stolen company data and demanded a ransom payment not to release stolen […]
Pierluigi Paganini
March 19, 2022
Google’s Threat Analysis Group (TAG) uncovered a new initial access broker, named Exotic Lily, that is closely affiliated with the Conti ransomware gang. Google’s Threat Analysis Group (TAG) researchers linked a new initial access broker, named Exotic Lily, to the Conti ransomware operation. Initial access brokers play an essential role in the cybercrime ecosystem, they provide access to previously […]
Pierluigi Paganini
March 18, 2022
Experts spotted a new Unix rootkit, called Caketap, that was used to steal ATM banking data. Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945). The China-linked hacking group has been active since at least 2016, according […]
Pierluigi Paganini
March 17, 2022
Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured […]
Pierluigi Paganini
March 14, 2022
Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats Introduction A new variant of a Brazilian trojan has impacted Internet end users in Portugal since last month (February 2022). Although there are no significant differences and sophistication in contrast to other well-known trojans such as Maxtrilha, URSA, and Javali, an analysis […]
Pierluigi Paganini
March 13, 2022
The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years. Lampion trojan is one of the most active banking trojans impacting Portuguese Internet end users since 2019. This piece of malware is known for the usage of the Portuguese Government Finance & Tax (Autoridade Tributária e Aduaneira) email […]
