GreyNoise reports 400+ IPs exploiting multiple SSRF vulnerabilities, targeting cloud services and global networks. Patch now.
Category: cybercrime/malcode
So far, 20 pipo don share ova $4m in rewards afta dem find $40m of di stolen money and call di crypto companies make dem block di transfer.
But sabi pipo no dey optimistic again say dem go fit recover di rest of di money becos of di North Korean knowledge for hacking and laundering of di money.
Dr Dorit Dor from cyber security company Check Point tok say, “North Korea na veri closed system and closed economy so dem don create successful industry of hacking and laundering and dem no care about di negative impression of cyber crime”
Ballista botnet exploits TP-Link router flaw CVE-2023–1389, infecting 6,000+ devices worldwide and evolving to use TOR.
SideWinder APT expands attacks on maritime, nuclear, and IT sectors, rapidly modifying malware to evade detection.
A new AsyncRAT malware variant has infected 900 victims in MENA via Facebook ads and Telegram links.
The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare.
While X owner Elon Musk did not specifically state that DDoS attacks were behind the outages, he did confirm that it was caused by a “massive cyberattack.”
“There was (still is) a massive cyberattack against X,” Musk posted on X.
A new mass malware campaign is infecting users with a cryptocurrency miner named SilentCryptoMiner by masquerading it as a tool designed to circumvent internet blocks and restrictions around online services.
Russian cybersecurity company Kaspersky said the activity is part of a larger trend where cybercriminals are increasingly leveraging Windows Packet Divert (WPD) tools to distribute malware under the guise of restriction bypass programs.
“Such software is often distributed in the form of archives with text installation instructions, in which the developers recommend disabling security solutions, citing false positives,” researchers Leonid Bezvershenko, Dmitry Pikush, and Oleg Kupreev said. “This plays into the hands of attackers by allowing them to persist in an unprotected system without the risk of detection.”
Ragnar Loader malware enables ransomware groups to maintain stealthy access, evade detection, and execute remote control operations.
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim’s network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows.
Cybersecurity firm S-RM team discovered the unusual attack method during a recent incident response at one of their clients.
Notably, Akira only pivoted to the webcam after attempting to deploy encryptors on Windows, which were blocked by the victim’s EDR solution.
Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide.
The company’s threat analysts detected these attacks in early December 2024 after observing multiple devices downloading malware from GitHub repos, malware that was later used to deploy a string of various other payloads on compromised systems.
After analyzing the campaign, they discovered that the attackers injected ads into videos on illegal pirated streaming websites that redirect potential victims to malicious GitHub repositories under their control.