Attacks

This threat actor has been seen running similar campaigns in the past, but these recent campaigns drew attention from German government authorities due to targeting “experts on issues relating to the Korean Peninsula.” Government bodies publicly speaking out regarding phishing campaigns is a major step in raising awareness about such attacks, which decreases their effectiveness. This campaign is ongoing, with the malicious domains still appearing to be active. To check for evidence of this attack,…

Read More

All affected customers are recommended to change their login credentials on the Ferrari site to a unique and complex password. With the possibility of financial information leak, it is also recommended that customers monitor their banking information for unusual activity. It would also be prudent to enable credit monitoring services to further protect themselves from fraud. https://www.bleepingcomputer.com/news/security/ferrari-discloses-data-breach-after-receiving-ransom-demand/

Read More

When Akamai benchmarked the botnet in 10-second HTTP and UDP attacks, the malware produced 20,430 requests with a combined size of 3.4 MB during the HTTP attack. There were 6,733 packets totaling 421 MB of data produced by the UDP deluge. The researchers calculated that the UDP flood might yield approximately 336 Gbps with 1,000 nodes and 3.3 Tbps with 10,000 nodes. While defending against a targeted DDoS attack can be difficult, if organizations mutually…

Read More

This incident highlights the importance of security measures when it comes to storing and managing cryptocurrency. Users should be careful when choosing where to store their funds and should always use secure storage options such as hardware wallets or cold storage. Additionally, companies that offer cloud-based cryptocurrency services must prioritize security to prevent unauthorized access and protect their customers’ funds. https://cointelegraph.com/news/bitcoin-atm-maker-shuts-cloud-service-after-user-hot-wallets-compromised

Read More

A separate BreachForums administrator under the alias Baphomet immediately posted a message following Pompompurin’s arrest. Baphomet claimed they retained control of the forum’s infrastructure and stated they would keep everyone updated on the situation. After the site went down, Baphomet began using the forum’s Telegram channel to provide updates to the forum’s community. On the morning of March 20th, Baphomet stated the migration process has slowed but claims the forum will return. In the meantime,…

Read More

According to Check Point’s study, “each dotRunpeX sample has an embedded payload of a certain malware family to be injected,” with the injector identifying a list of anti-malware processes that should be terminated. This is made possible by exploiting a weak process explorer driver (procexp.sys) built into dotRunpeX to gain kernel mode execution. The malware may be linked to Russian-speaking threat actors. This conclusion was made based on the language references in the code. The…

Read More

CPR’s analysis revealed that the gang has already targeted several organizations, including a large US-based medical testing laboratory, and a multinational pharmaceutical company, among others. The group’s modus operandi involves exfiltrating data, encrypting it, and then publishing it on their data leak site if the victim refuses to pay the ransom. CPR warns that BianLian’s shift in tactics could inspire other ransomware groups to follow suit, creating more problems for organizations already grappling with the…

Read More

Device owners should install patches for these vulnerabilities as soon as they are made available by the vendor. It was also recommended to disable Wi-Fi calling and Voice-over-LTE to mitigate the impact of the vulnerabilities until patches are released. https://www.bleepingcomputer.com/news/security/google-finds-18-zero-day-vulnerabilities-in-samsung-exynos-chipsets/

Read More