Check Point Research documented a liquidity-pool manipulation where an attacker used a hidden backdoor to burn WIZ tokens, inflating the WIZ/WETH price by ~22,000% and then sold into the spike to steal about $80,000. The operation involved two attacker wallets…
Tag: THREAT INTELLIGENCE
For the latest discoveries in cyber research for the week of 27th November, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Nevada-based medical transcription company, Perry Johnson & Associates (PJ&A), has disclosed a data breach that affected more than 9M patient…
Microsoft Threat Intelligence uncovered a Diamond Sleet supply chain attack that tampered with a CyberLink installer to deliver a second-stage payload. The malicious file is signed with a valid CyberLink certificate, hosted on CyberLink infrastructure, and inc…
A targeted disinformation operation aimed at Spanish Russian-speaking residents during the 2023 general elections used a fake website impersonating the Community of Madrid and Telegram messaging to discourage voting. The campaign demonstrates niche demographic…
SysAid’s on-premises software was found to have a zero-day path traversal vulnerability that allowed code execution, exploited by DEV-0950 (Lace Tempest). The attackers deployed a WebShell via a WAR file, loaded the GraceWire loader to inject into system proce…
GhostSec unveils GhostLocker, a Ransomware-as-a-Service framework, withsold through a dedicated Telegram channel and a current focus on Israel, signaling a shift in their activity. The report details GhostLocker’s build/operation, historical attacks against Is…
Prolific Puma is a DNS threat actor that has operated unnoticed for over four years, primarily focusing on domain generation and link shortening services for malicious activities. This underground network creates a vast number of domains using an RDGA to suppo…
Akira Stealer is a Python-based information stealer offered as Malware-as-a-Service (MaaS) via a dedicated portal at Akira.red, with Telegram used for updates and command-and-control. It harvests credentials, financial data, and system information, exfiltratin…
Threat hunting today blends structured methodologies, real-time data analysis, and adaptive automation to uncover anomalies, threats, and attacker activity across logs, networks, and endpoints. The article showcases traditional approaches, a modern futuristic …
Anomali’s Cyber Watch roundup covers multiple campaigns including ROMCOM 4.0 (PEAPOD) backdoors targeting defense and government sectors, a typosquatted RedAlert Android infostealer, EtherHiding via blockchain hosting, the NoEscape ransomware, and ShellBot DDo…
More than a week after it suffered a crippling ransomware attack, the hotel giant MGM is struggling to recover. The attack, linked to the ransomware-as-a-service (RaaS) group known as ALPHV, or BlackCat, caused slot machines and ATMs in MGM’s Las Vegas hotels to go dark and forced hotel staff to rev…
The article analyzes the malicious tactics, techniques and procedures (TTP) used by the operator of the Cuba ransomware, and details a Cuba attack incident.
Booking engines – they make the worlds of travel and hospitality spin around.
Estimated at over $US 500 billion
[https://www.grandviewresearch.com/industry-analysis/online-travel-booking-service-market-report]
, this market moves fast. These engines are a critical, nearly invisible part of
the hospitality industry, and their security is essential to protect guests’
personal and financial information. Occasionally, booking technology falls
victim to motivated threat actors who use vulnerabilities
Artificial intelligence (AI) and large language models (LLMs) can help threat intelligence teams to detect and understand novel threats at scale, reduce burnout-inducing toil, and grow their existing talent by democratizing access to subject matter expertise. However, broad access to foundational Open Source Intelligence (OSINT) data and AI/ML technologies has quickly…
Lumen Black Lotus Labs observed a renewed HiatusRAT campaign (mid‑June–August 2023) in which the actor recompiled binaries for multiple CPU architectures and hosted payloads on shifting VPS infrastructure. Telemetry linked the campaign to heavy targeting of Ta…