Attacks

In order to address two actively exploited zero-day vulnerabilities discovered by Google’s Threat Analysis Group and Amnesty International’s Security Lab that also affect earlier iPhones, iPads, and Macs, Apple has published emergency updates to backport security patches that were announced on Friday. Apple stated in security advisories posted on Monday that it was “aware of a report that this problem may have been actively exploited.” The first is an out-of-bounds write vulnerability in IOSurfaceAccelerator that…

Read More

Over the past week, Israel has experienced significant cyber attacks on the Israel Post and irrigation systems in the North. The Israel Postal Company detected and prevented an attack on their computer servers by a “hostile party” and shut down part of their systems in response. This did not affect banking services, which operate on a separate system. While the attack was stopped early and did not result in any damage or information leaks, some…

Read More

A threat group known as ARES is becoming well-known on the cybercrime scene due to selling and leaking databases stolen from businesses and government agencies. The actor first appeared on Telegram in late 2021 and has since been linked to the RansomHouse ransomware operation, the KelvinSecurity data leak platform, and the network access group Adrastea. In order to fill the hole left by the now-defunct Breached forum, ARES Group administers its own website with database…

Read More

The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That’s according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed DEV-1084. MuddyWater is the name assigned to an Iran-based actor that the U.S. government has publicly connected to the country’s Ministry of Intelligence and Security (MOIS).…

Read More

A coordinated international law enforcement operation has dismantled Genesis Market, an illegal online marketplace that specialized in the sale of stolen credentials associated with email, bank accounts, and social media platforms. Coinciding with the infrastructure seizure, the major crackdown, which involved authorities from 17 countries, culminated in 119 arrests and 208 property searches in 13 nations. The “unprecedented” law enforcement exercise has been codenamed Operation Cookie Monster. Genesis Market, since its inception in March 2018, evolved into a major hub…

Read More

Typhon, a C# based information stealing malware that was first discovered in mid-2022, has had a new version released by the threat actors behind it. Dubbed Typhon Reborn, the new malware has a heavily modified codebase from its original version, containing many new features and evasive techniques. String obfuscation techniques, using Base64 and XOR, within the malware payloads has improved, making it more difficult to analyze samples. A wide range of checks, such as looking…

Read More

A new phishing scam on YouTube has been uncovered, where hackers are using authentic-looking email addresses to trick users into giving away their account login information. The scam starts with a fraudulent email claiming to be from YouTube’s support team, stating that the user’s account is in violation of the platform’s policies and will be suspended if the issue is not resolved. The email contains a link that appears to take the user to YouTube’s…

Read More