Summary: A Russian hacktivist crew threatens to attack European internet infrastructure in retaliation for European Parliament-issued sanctions and opposition to the invasion of Ukraine. Threat Actor: NoName57(16) | NoName57(16) Victim: European Union (EU) | European Union Key Point : A Russian hack…
Tag: DARK WEB
A threat actor on a dark web forum has announced WebShell access to the web systems of four universities in Egypt. According to the threat actor, each WebShell grants NT Authority or www-data access. They claim that with each WebShell, credentials for the SQL server or an additional shell that connects…
eSentire’s Threat Response Unit (TRU) detected a more_eggs campaign targeting an industrial services customer, delivered via a fake resume loader after the victim clicked a LinkedIn job listing. The campaign uses obfuscated Windows loader techniques, a malicio…
Summary: A Romanian citizen named Vlad Terebes has been charged with identity theft and bank fraud for conducting card skimming at several large retail stores in Puerto Rico. Threat Actor: Vlad Terebes | Vlad Terebes Victim: Multiple customers of large retail stores in Manatí, Canóvanas, Caguas, and…
DID YOU KNOW A CYBERATTACK HAPPENS EVERY 39 SECONDS? This staggering amount underscores the imminent need for cyber security to be treated as a global priority. Moreover, with the explosion of generative AI (besides chatGPT as well!), the current 2200 daily attacks, are expected to not only mul…
Qilin, also known as Agenda ransomware, is a sophisticated RaaS group that targets healthcare, education, and public administration with cross-platform Go and Rust malware designed to evade detection and enable lateral movement. This profile outlines Qilin’s i…
Today I have uploaded the Indonesian Ministry of Transportation Database for you to download, thanks for reading and enjoy! Kementrian Perhubungan IndonesiaThe Ministry of Transportation of the Republic of Indonesia is a ministry in the Indonesian Government in charge of transportation affairs, is l…
BlackSuit ransomware is a rebranded version of the Royal ransomware, aimed at evading detection and sustaining operations after heightened law enforcement actions. It leverages phishing, exploits software vulnerabilities, and uses legitimate remote tools to in…
A threat actor has claimed to have leaked a database of Facebook users from 2024. The alleged database contains 100,000 lines of data, including full names, profiles, emails, phone numbers, DR (date of registration), and locations. The leak poses significant risks to affected users, including identity theft, phishing scams, and social…
Summary: This article discusses the cost of a phishing-as-a-service platform and how cybercriminals are targeting European banking clients with this method. Threat Actor: Cybercriminals | Cybercriminals Victim: European banking clients | European banking clients Key Point : Cybercriminals are using…
Types of cyberattack include not only Advanced Persistent Threat (APT) attacks targeting a few specific companies or organizations but also scan attacks targeting multiple random servers connected to the Internet. This means that the infrastructures of threat actors can become the targets of cyberattack alongside companies, organizations, and personal users. AhnLab…
Cyberthreat intelligence (CTI) can be a powerful weapon for protecting an organization from cyberattack, enabling teams to understand both the threats they face and the tactics, techniques, and procedures of their adversaries. Derek Fisher, executive director of product security at JPMorgan Chase &a…
Sonatype uncovered a counterfeit PyPI package named crytic-compilers that imitates crytic-compile and secretly steals cryptocurrency, highlighting a supply-chain abuse of open-source components. The report also profiles Lumma/ Lummac2 Windows stealer with its …
Arctic Wolf Labs tracked Fog, a new ransomware variant active in the U.S. education and recreation sectors starting in May 2024, with rapid encryption and limited exfiltration observed. The operations exploited compromised VPN credentials, carried out lateral …
Live Nation disclosed unauthorized activity in a Snowflake-based third-party cloud database, exposing Ticketmaster and other client data. In the following days, threat actors traded or offered Snowflake-related data on the Dark Web, with Snowflake linking the …