Cyber Bites

Threat actors are distributing the Dharma Ransomware in a new spam campaign targeting Windows users in Italy.  The Dharma Ransomware has been active for many years and is based on another ransomware family called Crysis. It is not common, though, to see this ransomware family distributed through malspam as it is more commonly installed via hacked remote desktop services. Source: Bleeping Computer

  A recent ransomware attack caused a U.S. natural gas compressor facility to shut for two days, the latest in a string of attacks targeting the country’s energy infrastructure over the past few years. Hackers sent emails with a malicious link to gain control of the facility’s information technology system, the Department of Homeland Security said Tuesday in an alert. The agency didn’t say which facility was targeted, when the attack occurred or who was...

At least 80 companies based in Turkey have been dealing with an ongoing threat that is constantly evolving to become more persistent and dangerous. This massive phishing campaign was given the name “The Turkish Rat” by Sophos and Talos researchers, who have been following it for a while. Researchers from Check Point now report that the same actors have added the ‘Adwind RAT’ into the mix. This multi-platform malware can establish remote access to the...

The World Health Organization (WHO) warns of ongoing Coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware. "Criminals are disguising themselves as WHO to steal money or sensitive information," the United Nations agency says in the Coronavirus scam alert. Source: Bleeping Computer

Researchers have discovered that a popular photo app leaked the personal data and images of thousands of customers as a result of an unsecured Amazon Web Services (AWS) storage bucket. The discovery was made by vpnMentor whose researchers found that a misconfigured S3 database belonging to the company PhotoSquared, which creates printed photo boards from customers' digital images, was left online without any password protection. Source: TechRadar

Android smartphone owners must be getting pretty used to the daily warnings about malware-filled apps and device-infecting adware. Threats continue to arrive thick and fast but the latest alert could be one the most concerning to date. A new report from the team at Malwarebytes has uncovered a new attack which is able to reinfect a phone even after everything is deleted and a full factory reset has been performed. Source: Express

A hacking group compromised mobile phones belonging to soldiers in the Israel Defence Forces (IDF) using pics of young girls and directing them to download malware disguised as chat apps. Behind this endeavour is an actor identified as APT-C-23, known for cyberattacks in the Middle East and associated with the Hamas militant group. Source: Bleeping Computer

A second and more serious data breach has been uncovered in the Elector firm’s election software that Likud has been using in its Knesset campaign, as reported by the Calcalist business daily on Sunday. Both hacking incidents, which occurred within a week of one another, involved the leak of the entire registry of Israeli voters for the March 2 Knesset election, but the latest breach compromised details beyond the voter rolls. Source: Haaretz

A handful of Canadian government departments and agencies have reportedly compromised the personal information of 144,000 individuals across 7,992 breaches experienced over the past two years. As reported by the Canadian Broadcasting Corporation (CBC), the Canadian government revealed the information in an answer to an order paper question filed by Conservative MP Dean Allison late last month. Source: ZD Net

The official Twitter accounts for the Olympics and FC Barcelona were hacked Saturday by the same group responsible for years of other prominent Twitter account hacks. A Twitter spokesperson confirmed to Business Insider that both the Olympics and FC Barcelona accounts were hacked by a group called OurMine and through a "third-party platform." Source: Business Insider