News

Several US authorities issued an alert warning of the threat to critical national infrastructure (CNI) providers from the AvosLocker ransomware group. The group is a ransomware-as-a-service affiliate operation known for targeting financial services, manufacturing and government entities, as well as other sectors, the report indicated. AvosLocker seems to be geographically indiscriminate, with some victims hailing from the US, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the UK, Canada, China and Taiwan....

The ultra-prolific ransomware group LAPSUS$ are now claiming to have breached Okta, an authentication services provider. The report comes after the hackers posted what they claim to be screenshots of Okta's internal company environment. Thousands of companies rely on Okta to manage access to their networks and applications, making the possibility of a breach especially concerning. The company was aware of the reports and was investigating, Okta official Chris Hollis said in a brief statement....

Luxury hotels in Macau were the target of malicious spear-phishing campaigns for nearly 3 months, according to research from security researchers at Trellix. The cybersecurity firm has attributed the campaign to the aptly named DarkHotel group, building on research published by Zscaler in December 2021.  DarkHotel is believed to have been access since 2007, with a history of striking  "senior business executives by uploading malicious code to their computers through infiltrated hotel Wi-Fi networks, as...

Hubspot, a widely used Customer Relationship Management (CRM) platform, was hacked on Friday by a threat actor accessing an employee account.  The hacker then used the account to target 30 as yet unnamed cryptocurrency stakeholders, with BlockFi and Swan Bitcoin confirming that they suffered a breach. As Hubspot is a third party vendor, the hacker did not gain access to any of the targeted organisation's internal systems. While user information was leaked, both BlockFi and...

A Ukrainian security researcher has released further source code from the Conti ransomware group in retaliation for their siding with Russia over the ongoing Russia-Ukraine conflict. Conti is a prolific ransomware operation run by Russia-based threat actors. The group has been involved in developing numerous malware families, and is considered one of the most active cybercrime operations on the planet. This isn't the first time the Ukrainian security researcher, named 'Conti Leaks', has sought revenge...

The National Cyber Security Centres's (NCSC) Suspicious Email Reporting Service is proving successful. Over 10 million emails have been reported to the service, leading to 76,000 online scams being taken down. The service has been operating for almost two years, enabling members of the public to alert the authorities regarding potential cyberattacks and scams. Scams that have been taken down include those relating to NHS, fake notifications from delivery companies, phony cryptocurrency investments. The service was launched...

Google's Threat Analysis Group (TAG) has new initial access broker that it alleges is closely affiliated to a Russian cyber-crime gang infamous for its Conti and Diavol ransomware operations. The financially motivated threat actor, dubbed Exotic Lily, has been detected exploiting a recently patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444). The exploit is part of phishing campaigns involving 5000 business proposal-themed emails every day to 650 targeted, global organisations. "Initial access brokers...

In the wake of the Ukraine-Russia conflict, cyber-criminals have begun to impersonate legitimate aid organisations in order to steal financial donations intended for the Ukrainian people. The discovery comes from new research by managed detection and response provider, Expel. The company's security operations centre (SOC) analysed attack vectors and incident trends for its February Attack Vectors Threat Report, finding several phishing emails referencing the invasion of Ukraine to target cryptocurrency. Subjects lines of malicious emails included "Help...

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has been positioned as a Leader in The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022 report. Using a 30-criteria evaluation, The Forrester Wave report ranks 11 vendors in the security awareness and training market based on their current offering, strategy and market presence. KnowBe4 received the highest scores possible in 16 of the 30 evaluation criteria.   “Being named as...

A relatively new Ransomware, LokiLocker, uses the standard extortion-through-encryption racket but also incorporates disk-wiper functionality. Double extortion soared in popularity last year, with ransomware gangs stealing files before encrypting them to threaten victims with a sensitive data leak if they didn't pay up. BlackBerry Threat Intelligence is warning that LokiLock, first seen in August 2021, now features an "optional wiper functionality" to put increased pressure on victims. Instead of using the threat of leaking a...