500K+ records of C-level people from Capital Economics leaked online

Experts from Cyble recently found a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum. During a routine Darkweb monitoring, researchers from Cyble found a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum.   CapitalEconomics.com is one of the leading independent economic research companies in the world that provides macroeconomic, financial market and sectoral forecasts and consultancy. “Upon…

FBI warns of vishing attacks stealing corporate accounts

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees. Vishing (also known as voice phishing) is a social engineering attack where attackers impersonate a trusted entity during a voice call to persuade their targets into…

Joker Malware Hits Google Play with 17 Variants

Digital attackers uploaded 17 versions of the Joker malware family to Google’s Play Store in September 2020 as part of an ongoing effort to target Android users. How the Attackers Bypassed Google’s Vetting Process The Zscaler ThreatLabZ research team found on Sept. 24, 2020, that digital attackers had concealed the Joker malware versions in applications ranging from…

Confucius APT deploys Warzone RAT

Uptycs’ threat research team published a piece about Warzone RAT and its advanced capabilities in November 2020. During the first week of January 2021, we discovered an ongoing targeted attack campaign related to Confucius APT, a threat actor / group primarily targeting government sectors in South Asia. This attack was identified by our in-house osquery-based sandbox that…

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian entities exclusively.   The attacks aimed at government institutions and private companies, most of them in the energy and metallurgical sectors.  The campaign has…

CISA warns of recent successful cyberattacks against cloud service accounts

The US CISA revealed that several recent successful cyberattacks against various organizations’ cloud services.  The Cybersecurity and Infrastructure Security Agency (CISA) announced that several recent successful cyberattacks hit various organizations’ cloud services.   According to the agency, the attackers conducted phishing campaigns and exploited poor cyber hygiene practices of the victims in the management of…

Rogue Android RAT emerges from the darkweb

Experts discovered an Android Remote Access Trojan, dubbed Rogue, that can allow to take over infected devices and steal user data. Rogue is a new mobile RAT discovered by researchers from Check Point while investigating the activity of the darknet threat actors known as Triangulum and HeXaGoN Dev. Both actors are Android malware authors that are…

New Variant of Ursnif Continuously Targeting Italy

Ursnif (also known as Gozi) is identified as a banking Trojan, but its variants also include components (backdoors, spyware, file injectors, etc.) capable of a wide variety of behaviors.  The Ursnif Trojan has been observed targeting Italy over the past year. A few days ago, FortiGuard Labs detected a phishing campaign in the wild that was spreading a fresh…

The Lokibot malware is used by cyberattackers primarly for stealing credentials from a compromised system. In a recent campaign, a new version of the malware has been found equipped with more misdirection and anti-analysis features.   What happened? This new campaign uses a complex, multi-stage, multi-layered dropper to execute Lokibot on the target machine. The developers behind…