Internet threat news

Microsoft 365 Users Beware The Mamba

Microsoft 365 users should be aware of a new threat actor offering their services as a phishing-as-a-service platform to conduct Adversary-in-the-Middle (AiTM) attacks for a monthly fee. Called Mamba2FA, not to be confused with Mamba ransomware, the malware targets Microsoft 365 users with well-crafted login pages.

However, the real danger to Microsoft 365 users is the ability to conduct AiTM attacks to capture the victim's authentication tokens and bypass multifactor authentication (MFA) protections on their accounts. The malware costs 250 USD per month, making it incredibly competitive and presenting a significant drop in the skill floor required for threat actors to carry out sophisticated attacks.

   
Law Enforcement Cracks Down On Ransomware

Law enforcement agencies from 12 countries have collaborated to arrest four individuals associated with the LockBit ransomware gang. Along with the arrests' law enforcement officials seized servers critical to the ransomware gang's operations.

Regarding the arrests, a suspected developer of LockBit was arrested at the request of the French authorities, while the British authorities arrested two individuals for supporting the activity of a LockBit affiliate. The Spanish officers seized nine servers, part of the ransomware's infrastructure, and arrested an administrator of a Bulletproof hosting service used by the ransomware group.

   
Threat Actors Seen Deploying AI-Written Malware

In HP Wolf Security's Threat Insights Report September 2024, security researchers detailed a targeted attack in which the threat actors used Generative Artificial Intelligence (AI) to write malware code. This trend has grown since AI tools like ChatGPT were released to the public.

   
Massive Info Stealer Campaign Targets Gamers, Streamers, And Crypto Investors

According to a recently published report by Recorded Future's Insikt Group, security researchers uncovered a massive info stealer malware operation encompassing approximately 30 campaigns.

The targets include a broad spectrum of demographics, including prominent gamers and online streamers. The campaigns also targeted multiple system platforms.

   
Pagers Explode In Lebanon And Syria

In a highly sophisticated remote attack, pagers used by Hezbollah members in both Lebanon and Syria exploded. The detonations happened almost simultaneously, killing at least nine people, including an 8-year-old girl, and wounding thousands more.

   
Windows Vulnerability Actively Exploited By Void Banshee

A recently discovered and patched Windows vulnerability, CVE-2024-43461, has been seen used in the wild by the advanced persistent threat (APT) group Void Banshee. Microsoft describes the vulnerability as a "Windows MSHTML spoofing vulnerability" and first disclosed it to the public following September's Patch Tuesday.

   
Musician Charged With Artificially Inflating Music Streams That Earned $10 Million

In what is most likely the first criminal case involving artificially increasing music streams, one musician has been charged with fraudulently inflating music streams. Michael Smith was charged with developing a scheme to create hundreds of thousands of songs with artificial intelligence and using bots to stream the AI-generated songs billions of times.

As a result of the scheme, Smith fraudulently garnered more than 10 million USD in royalties resulting from the automated streams of AI-generated music.

   
MacroPack Abused By Threat Actors To Deploy Brute Ratel

MacroPack, a framework developed by security researchers for red team exercises, has been abused by various threat actors to deliver several malware payloads to victims. Cisco Talos discovered that threat actors were using MacroPack to deploy malicious payloads that included Havoc, Brute Ratel, and PhatomCore.

   
Halliburton Cyberattack Linked To RansomHub

In a recent filing to the U.S. Securities and Exchange Commission (SEC), oil and gas services giant Halliburton revealed they had suffered a cyberattack that disrupted the company's IT systems and business operations. According to the filing, the company reported the attack on August 21, 2024.

   
South Korean APT Group Exploits WPS Office Zero-Day

In recently published research, researchers at security firm ESET discovered a zero-day vulnerability impacting WPS Office for Windows. WPS Office, developed by Chinese firm Kingsoft, is incredibly popular in Asia.

Reportedly, it has over 500 million active users worldwide. ESET researchers discovered two zero-day vulnerabilities that would allow a threat actor to execute malicious code.

   
Banking Credentials Stolen Via PWA Apps

Threat actors have begun using progressive web applications (PWA) to impersonate banking apps with the goal of tricking victims into unwillingly handing over online banking credentials.

   
3AM Ransomware Targets Non-Profit Healthcare

Kootenai Health, a not-for-profit healthcare provider in Idaho, operating the largest hospital in the region, offering a wide range of medical services, including emergency care, surgery, cancer treatment, cardiac care, and orthopedics, disclosed they had suffered a data breach.

Approximately over 464,000 patients after their personal information was stolen and leaked, with the 3AM Ransomware gang being the culprits.

   
GPS Spoofers "Hack Time"

A recent article published by Reuters shows a marked increase in GPS Spoofing attacks targeting airlines. GPS spoofing is a malicious attack in which Global Positioning System (GPS) data is manipulated to mislead a GPS receiver about its actual location.

This could cause significant disruptions, as it can misdirect navigation systems, mislead delivery vehicles, or even trick smartphone apps. The attack methodology also tricks commercial airplanes into their exact location.

   
INTERPOL Strikes Back And Recovers $40 Million From BEC Scammers

In a statement released by INTERPOL, it was revealed the international policing agency helped recover 40 million USD stolen from a victim who suffered a Business Email Compromise (BEC) attack.

These are attacks where threat actors compromise an enterprises' email service, then trick employees to pay invoices from suppliers into accounts controlled by the threat actor.

   

Page 1 of 54

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal