Pierluigi Paganini
May 22, 2024
A threat actor is targeting organizations in Africa and the Middle East by exploiting Microsoft Exchange Server flaws to deliver malware. Positive Technologies researchers observed while responding to a customer’s incident spotted an unknown keylogger embedded in the main Microsoft Exchange Server page. The keylogger was used to collect account credentials. Further investigation allowed to identify over […]
Pierluigi Paganini
May 22, 2024
The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. OmniVision Technologies is a company that specializes in developing advanced digital imaging solutions. In 2023, OmniVision employed 2,200 people and had an annual revenue of $1.4 billion. OmniVision Technologies Inc. is an American subsidiary of Chinese semiconductor device and mixed-signal integrated […]
Pierluigi Paganini
May 21, 2024
The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. Atlas is one of the largest national fuel distributors to 49 continental US States with over 1 billion gallons per year. The Blackbasta extortion group added the company to the list of victims on […]
Pierluigi Paganini
May 20, 2024
Researchers discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors that used GitHub to distribute malware. Recorded Future’s Insikt Group discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors from the Commonwealth of Independent States (CIS). The attackers, tracked as GitCaught, used a GitHub profile to impersonate legitimate software applications, including 1Password, Bartender 5, and […]
Pierluigi Paganini
May 20, 2024
A new Grandoreiro banking trojan campaign has been ongoing since March 2024, following the disruption by law enforcement in January. IBM X-Force warns of a new Grandoreiro banking trojan campaign that has been ongoing since March 2024. Operators behind the Grandoreiro banking trojan have resumed operations following a law enforcement takedown in January. The recent campaign is […]
Pierluigi Paganini
May 19, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. North Korea-linked IT workers infiltrated hundreds of US firms Turla APT used two new backdoors to […]
Pierluigi Paganini
May 17, 2024
Russia-linked Turla APT allegedly used two new backdoors, named Lunar malware and LunarMail, to target European government agencies. ESET researchers discovered two previously unknown backdoors named LunarWeb and LunarMail that were exploited to breach European ministry of foreign affairs. The two backdoors are designed to carry out a long-term compromise in the target network, data […]
Pierluigi Paganini
May 17, 2024
The City of Wichita disclosed a data breach after the ransomware attack that hit the Kansas’s city earlier this month. On May 5th, 2024, the City of Wichita, Kansas, was the victim of a ransomware attack and shut down its network to contain the threat. The city immediately started its incident response procedure to prevent […]
Pierluigi Paganini
May 16, 2024
Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party vendor. MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia. The company was forced to shut down its website and phone lines following a cyber attack, but it did not […]
Pierluigi Paganini
May 14, 2024
Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. New Jersey’s Cybersecurity and Communications Integration Cell (NJCCIC) reported that since April, threat actors used the the Phorpiex botnet to send millions of phishing emails as part of a LockBit Black ransomware campaign. The botnet has been active […]
