Invoice Phishing Alert: TA866 Deploys WasabiSeed and Screenshotter Malware

By External News-Site | January 20, 2024 |

The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter.
The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files.
“The PDFs

Russian hackers stole Microsoft corporate emails in month-long breach

By External News-Site | January 20, 2024 |

Microsoft warned Friday night that some of its corporate email accounts were breached and data stolen by a Russian state-sponsored hacking group known as Midnight Blizzard. […]

Citrix Discovers 2 Vulnerabilities, Both Exploited in the Wild

By External News-Site | January 18, 2024 |

These vulnerabilities are the second and third for Citrix but are not expected to be as detrimental as “CitrixBleed.”

TeamViewer abused to breach networks in new ransomware attacks

By External News-Site | January 18, 2024 |

Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. […]

Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims

By External News-Site | January 16, 2024 |

The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023.
The scheme “leveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackers’ infrastructure that spoofed Web3 protocols to trick victims into authorizing transactions,”

Windows SmartScreen flaw exploited to drop Phemedrone malware

By External News-Site | January 15, 2024 |

A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files. […]

Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks

By External News-Site | January 15, 2024 |

Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks. […]

Fidelity National Financial acknowledges data breach affecting 1.3 million customers

By John Reeman | January 15, 2024 |

Fidelity National Financial has suffered a ransomware attack and resulting data breach which involved 1.3 million of its customers’ data.

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

By External News-Site | January 15, 2024 |

Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector.
First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws WordPress plugins to inject backdoor designed to redirect visitors of infected sites to bogus tech

Hacker spins up 1 million virtual servers to illegally mine crypto

By External News-Site | January 13, 2024 |

A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency. […]