According to the city of Philadelphia, cybersecurity recommendations have been issued in response to an Internal Revenue Service (IRS) warning against tax-based phishing attempts. On day two of the annual Dirty Dozen tax scams campaign, the IRS warns again about phishing and smishing schemes from cybercriminals trying to steal taxpayer information. The Dirty
On Friday, March 24th, Twitter sent GitHub a copyright infringement notice, claiming some of the platform`s users leaked parts of their source code.GitHub, the Microsoft-owned service for software developers, reacted promptly and took down the code the same day. According to researchers, the leaked code had been public for at least several months.Twitter als
New cyber attacks against Middle Eastern telecommunications operators emerged in the first quarter of 2023. Based on technical overlaps, the intrusion set was identified as being the work of a Chinese cyber espionage actor associated with a long-running campaign dubbed Operation Soft Cell.The initial attack phase involves infiltrating Internet-facing Microso
The City of Toronto announced a data breach caused by GoAnywhere attacks. Clop ransomware, the gang responsible for exploiting the vulnerability in GoAnywhere also impacted UK’s Virgin Red and Pension Protection Fund.This week’s victims ad up to the other 130 organizations that Clop claims to have breached until now.The Toronto Data BreachThe Clop rans
A new variant of the BlackGuard stealer has been discovered in the wild, with new features such as USB propagation, persistence mechanisms, the ability to inject more payloads into memory, and the ability to target more crypto wallets.BlackGuard’s New FeaturesBlackGuard continues to target a wide range of targets, including cookies and credentials saved in w
Cybersecurity researchers found that Lionsgate, an entertainment industry giant, exposed the IP addresses and viewing habits of its subscribers.The investigators from Cybernews uncovered that the video-streaming service Lionsgate Play had exposed user information via a publicly accessible ElasticSearch instance.20 GB of Server Logs, ExposedAn unsecured 20GB
Researchers discovered a new fake ChatGPT extension for Chrome in the official Chrome Store. This version steals Facebook session cookies, hijacking accounts.The malicious extension is a copy of “ChatGPT for Google”, a Chrome add-on, but with additional malicious code. Since its release, the trojanized version had over 9,000 downloads.Details Abo
A new credit card hacking campaign is wreaking havoc, but this time it’s a little bit different. Instead of injecting the JavaScript code into the HTML of the store or of the checkout pages, this time threat actors are hiding the malicious code inside the “Authorize.net” payment gateway module for WooCommerce. By doing so, the breach remains undetected by se
A new campaign is deploying variants of the ShellBot malware, specifically targeting poorly maintained Linux SSH servers.It seems the threat actors use scanner malware to find systems that have SSH port 22 open and proceed to install ShellBot on the servers that have weak credentials.ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl an
A new backdoor dubbed PowerMagic and “a previously unseen malicious framework” named CommonMagic were utilized in assaults by an advanced threat actor, according to security researchers.Both malware pieces have been used since at least September 2021 in operations that target organizations in the administrative, transportation, and agricultural s
Hitachi Energy confirmed that it was the victim of a data breach, part of the GoAnywhere attacks. The Clop ransomware gang exploited a Fortra GoAnywhere MFT (Managed File Transfer) zero-day vulnerability to gain access.The Japanese engineering and technology giant provides energy solutions and power systems. Hitachi Energy has a $10 billion yearly income.Det
Multiple spam campaigns targeting Bolivia, Chile, Mexico, Peru, and Portugal have been linked to a banking trojan called Mispadu that steals credentials and delivers other malicious payloads. Mispadu (aka URSA) can steal money, credentials, and act as a backdoor by taking screenshots and capturing keystrokes.In a report, Ocelot Team from Latin American cyber
On March 20th, Ferrari announced they were victims of a cyberattack that could result in customers` data leakage. Threat actors claimed to have breached some of the Ferrari IT systems and sent a ransom demand.Ferrari N.V. announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related
To avoid detection and launch of the payload, threat actors behind CatB ransomware used a technique called DLL search order hijacking.Based on code-level similarities, CatB, also known as CatB99 and Baxtoy, emerged late last year and is said to be an “evolution or direct rebrand” of another ransomware strain known as Pandora.The use of Pandora ha
A cancer patient whose naked medical photos and records were stolen by a ransomware gang and posted online has sued her healthcare provider for allowing the “preventable” and “seriously damaging” data leak.The proposed class-action lawsuit stems from a February intrusion in which ransomware crew BlackCat (also known as ALPHV) broke in
Announce
Share high-quality web security related articles with you:)