Weekly highlights include: An additional 30 organizations were reportedly compromised alongside Capital One in the July 2019 breach; the “Danabot” banking trojan has been targeting financial, retail, and travel organizations in Germany; and a new version of the “Remcos” remote-access trojan (RAT) has been focusing on obfuscation, increasing the tool’s capabilities.
Check out this week's ShadowTalk podcast episode as well here:
A cyber-espionage campaign was found targeting the Vietnamese military and government, as well as other sectors and some entities in Thailand and Central Asia.
A user of the cybercriminal forum RaidForums has offered 533 million records of Facebook user data for only a few US dollars.
Insurance provider CNA Financial has announced it was targeted in a cyber attack, later confirmed as involving the newly identified “Phoenix Cryptolocker” ransomware.
The new Internet of Things (IoT) botnet ZHtrap has been turning devices it has infected into honeypots, in a novel technique that highlights yet another risk presented by exposed IoT devices.
Four zero-day vulnerabilities in Microsoft Exchange Servers have been linked to more than 30,000 cyber attacks taking place in the week following their discovery.
A new round of software attacks has raised another red flag concerning supply-chain security and the prevalence of third-party supply-chain targeting.
The French National Cybersecurity Agency (ANSSI) identified a new “Ryuk” ransomware variant that has the capability to self-propagate across victim networks.
The People’s Republic of China-linked advanced persistent threat group “APT31” reportedly cloned and deployed a zero-day exploit developed by NSA's Equation Group in 2013.
An unidentified attacker accessed the computer systems of a water treatment facility in the US, altering sodium hydroxide levels in the potable water supply.
Following the disclosure of the SolarWinds supply-chain compromise in December 2020, details continue to emerge about the scale of the attack.
The North Korean advanced persistent threat (APT) group “ZINC” has been targeting cyber-security professionals with social engineering that leads to malware delivery.
A new web portal is aiding cyber-threat incident responders by detailing vulnerabilities in popular malware.
Technical analysis of a cyber-threat campaign using the dangerous and widespread “Lokibot” malware has revealed an updated method being used to conduct sophisticated attacks.
A cyber-security firm released a free decryptor for the popular and sophisticated “DarkSide” ransomware.
The cyber-security industry learned some valuable lessons during the unique and unprecedented year of 2020.
The notorious Automated Vending Cart (AVC) website Joker’s Stash allegedly displayed a notification that the site was seized by law-enforcement agencies.
SolarWinds confirmed that its network management system, Orion Platform, was exploited to conduct a highly sophisticated, manual supply-chain attack.
A global spearphishing campaign targeted organizations associated with a COVID-19 vaccine cold chain.
A threat actor recently hijacked a vulnerable WordPress website set up by a security researcher.
The operators of the “RagnarLocker” ransomware began an advertising campaign on Facebook to further extort the victim of one of their recent attacks.
