Internet threat news

War Sees SysJoker Evolution

According to new research published by Check Point, the ongoing Israel-Hamas war has seen a new version of the SysJoker being actively deployed against targets.

The newly discovered version of SysJoker has been written in the Rust programming language, suggesting that it has been completely rewritten.

Researchers also noted that the new version was utilized in targeted attacks in 2023, similar in tactics and approach to known threat actors, such as the Gaza Cybergang.

   
Security Researchers And Law Enforcement Lift Lid On Rhysida Infections

The Rhysida ransomware strain was first brought to wider public attention when it was used in an attack on the Chilean Army in May 2023. Since then, Rhysida operators have claimed they have at least 50 victims worldwide on its data leak website.

Now, law enforcement agencies and security firm Fortinet have released reports to help inform network defenders about the ransomware's attack chain and to help prevent further infections.

   
ICBC Hack Raises Questions As To US Treasury Cyber Readiness

On November 10, 2023, news emerged that the Industrial and Commercial Bank of China (ICBC) had suffered a cyber incident. One of the results of the hack was that the bank was on the line for 9 billion USD in unsettled trades.

The immediate ramifications of the attack meant that BNY Mellon was owed 9 billion USD just so that normal business could resume. It was later discovered that the cyber incident was a ransomware attack.

   
Threat Intelligence Work Reveals Threat Actor Farnetwork Operations

Recently published research by Group IB’s threat intelligence team uncovered a threat actor related to five ransomware strains. It gave researchers insider knowledge of ransomware-as-a-service (RaaS) operations.

Security researchers looked to infiltrate the RaaS network by applying to be an affiliate. This required the researchers to be interviewed as one would be for a job.

   
Ragnar Locker's Extortion Website Seized

On October 20, 2023, Europol announced that authorities had seized Ragnar Locker's extortion and data leak website as part of an international law enforcement operation.

A day earlier, Bleeping Computer broke the news and confirmed the law enforcement operation did indeed occur, according to a Europol spokesperson. It was only the following day that Europol released an official statement.

   
Google, Cloudflare, And Amazon Prevent Record-Breaking DDoS Attack

Google, Cloudflare, and Amazon recently prevented the largest Distributed Denial of Service (DDoS) attack on record.

Moreover, the attack employed a new technique not seen before, making the attack's prevention even more special.

   
Magecart Card Skimmers Strike Again

Almost yearly, a major card skimming attack occurs that deserves media attention. Often simply referred to as Magecart attacks, central to these attacks is modifying JavaScript code on the end user side to steal the card data entered by the unsuspecting victim.

To carry out this primary function, hackers have developed several techniques, including, according to newly published research by Akamai, threat actors are hijacking the 404 error pages of online retailers' websites, hiding malicious code to steal customers' credit card information.

   
New Threat Actor AtlasCross Emerges

In a recent report by security firm NSFOCUS, details of a new threat actor emerged. Named AtlasCross by researchers, the attack campaign was discovered when researchers discovered suspicious documents that formed part of a phishing campaign.

Upon further investigation, researchers believed they stumbled on a new advanced persistent threat actor who is both skilled and cautious in their attack approach.

Along with discovering a new threat actor, two new trojans, DangerAds and AtlasAgent, have also been discovered.

   
BlackCat Shows Its Claws

On September 11, news reports began emerging stating that MGM Resorts International had suffered a cyber incident and had shut down several critical IT systems. This was soon followed by MGM posting to their Twitter account acknowledging they had suffered a cyber incident.

Still, the statement was light on details despite the company's main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines being taken offline.

   
MetaStealer Targets Intel-Based Macs

Following the publication of new research by security firm Sentinel One, a new infostealer has been seen in the wild. Titled MetaStealer, not to be confused with another info-stealer, META, targets Intel-based MacOS systems.

   
Flax Typhoon Adopts Living-of-the-Land Binaries

According to a recent report published by Microsoft, a series of attack campaigns targeting organizations in Taiwan.

Security researchers at the Redmond tech giant have attributed the attacks to an advanced persistent threat actor tracked by Microsoft as Flax Typhoon.

   
BlackCat Ransomware Seen Dropping Impacket and RemCom

According to Microsoft’s Threat Intelligence Team, a new version of the BlackCat ransomware, also tracked as ALPHV, has been seen dropping the Impacket networking framework and the Remcom hacking tool during the infection process.

Both the framework and the hacking tool can be used by threat actors to better spread laterally across a compromised network.

   
Raccoon Stealer Returns With Even Stealthier Version

At PCRisk, we have closely followed the trials and tribulations associated with the Raccoon Stealer spyware, also often referred to as an info stealer. The last time we covered the topic was when Raccoon Stealer 2.0 emerged.

   
Russian Missile Manufacturer Breached By North Korean Hackers

Based on a recent report published by Sentinel Labs, it seems North Korean state-sponsored hackers are fine with targeting critical infrastructure within an ally's borders.

The report shows that the North Korean government is prepared to target allies supporting its contentious missile program, including a Russian missile manufacturer.

   

Page 4 of 54

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal