News

Police from South America and Europe have teamed up to take action against an organised crime group involved in human trafficking for sexual exploitation. Between the 20th and 23rd June, the police swooped on 14 locations, arrested 10 and interviewed eight victims. Among the items seized in the searches were vehicles, hard drives, electronic equipment, over 40 mobile phones, SIM cards, payment cards, and documents. Europol supported the French Border Police, the Portuguese Judicial Police,...

On Tuesday President Biden signed two pieces of legislation into law which were aimed at enhancing the cybersecurity capabilities of federal, state and local governments. The signing was preceded by an earlier law which increased the ability of the federal government to collect data about cyberattacks. These laws are a direct response to the marked increase in cybersecurity attacks following the Covid-19 pandemic and the rise in the digital marketplace as well as the infamous...

A "dangerous piece of functionality" has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure. The cloud ransomware attack allows file-encrypting malware to launch and "encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker," according to a Proofpoint report. The...

Israeli cybersecurity company Check point said in a report that they had found a threat cluster, tied to the hacking group Tropic Trooper, which had been spotted using a previously undocumented malware coded in Nim language. Tropic Trooper, also known by the monikers Earth Centaur, KeyBoy, and Pirate Panda, has a track record of striking targets located in Taiwan, Hong Kong, and the Philippines, primarily focusing on government, healthcare, transportation, and high-tech industries. The novel malware, dubbed...

Cybersecurity officials from the Computer Emergency Response Team of Ukraine (CERT-UA) exposed two new hacking campaigns against targets there this week. One utilized a phony tax collection document purportedly sent by the national tax agency and the other using a malicious document that discussed the threat of nuclear attack from Russia. The officials warned that malicious Microsoft Word documents were being distributed by emails supposedly from the State Tax Service of Ukraine. Once opened, the...

Malwarebytes announced in a Tuesday analysis that two malware domains of the newly discovered Magecart skimming campaign, "scanalyticorg" and "js.staticounternet" , are part of a broader infrastructure used to carry out intrusions. The earliest evidence of the campaign's activity, based on the additional domains uncovered, suggests it dates back to at least May 2020. Jérôme Segura, director of Threat Intelligence at Crunchbase said: "We were able to connect these two domains with a previous campaign...

Researchers at SentinelLabs announced on June 9th that they had identified a small but potent APT (Advanced Persistent Threat) with links to the Chinese state. Researchers say one of the tactics and techniques of Aoqin Dragon include using pornographic themed malicious documents as bait to entice victims to download them. The APT, named Aoqin Dragon by researchers, has flown under the radar for nearly a decade by using evolving stealth tactics. In the first years...

Security researchers have discovered a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. Cobalt Strike is a penetration testing suite that is frequently used by threat actors for lateral movement and to drop additional payloads. First spotted in February 2021 in advertisements on the dark web, Matanbuchus is a malware-as-a-service (MaaS) project that was promoted as a $2,500 loader that launches executables directly into system memory....

A former software engineer at Amazon Web Services was convicted of wire fraud and computer intrusions in the U.S. for her role in the 2019 theft of personal data of nearly 100 million people in the Capital One Data Breach. Paige Thomson was found guilty of wire fraud and five counts of unauthorized access to a protected computer and damaging a protected computer. She was acquitted of other charges which included aggravated identity theft and...

The UK government has proposed new data laws that are designed to boost economic growth and innovation, in addition to clamp down on nuisance calls and minimise cookie pop-ups online. The Data Reform Bill, published after a consultation period, is designed to update the UK's existing data rules, post Brexit. It is designed to unlock organisations' ability to use data more "dynamically," with the government arguing that the EU's GDPR is holding back innovative use...