Cybersecurity

New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks

Sep 22, 2023THNMalware / Cyber Threat An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. “The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering […]

Cybersecurity

Ohio Community College Data Theft Breach Affects Nearly 300K

Fraud Management & Cybercrime , Government , Healthcare Researchers Say Breach Illustrates Why Schools Are Major Targets for Cybercriminals Marianne Kolbasuk McGee (HealthInfoSec) • September 21, 2023     Image: Lakeland Community College An Ohio community college is notifying 290,000 people of a data theft breach this spring that may have compromised their personal, financial […]

Cybersecurity

Attacker Unleashes Stealthy Crypto Mining via Malicious Python Package

Key Points A malicious Python package, “Culturestreak”, hijacks system resources for unauthorized cryptocurrency mining. The malicious package utilizes obfuscated code and random filenames to evade detection. The code runs in an infinite loop, making it a relentless threat that continually exploits system resources. The malicious code originates from an active GitLab repository, underscoring the ongoing […]

Cybersecurity

Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit

By Aleksandar Milenkoski, in collaboration with QGroup Executive Summary SentinelLabs has observed a new threat activity cluster by an unknown threat actor we have dubbed Sandman. Sandman has been primarily targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent. The activities are characterized by strategic lateral movements and minimal engagements, […]

Cybersecurity

Rising OT/ICS cybersecurity incidents reveal alarming trend – Help Net Security

60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time), according to Rockwell Automation. This corroborates other industry research showing OT/ICS (Industrial Control Systems) cybersecurity incidents are increasing in volume and frequency, and are targeting critical infrastructure, such as energy producers. […]

Cybersecurity

Chinese-speaking Users Targeted with ValleyRAT and Sainbox RAT | Cyware Hacker News

Researchers have come across a new email phishing campaign that distributes a new ValleyRAT malware alongside Sainbox RAT and Purple Fox malware onto the victim’s systems.  Active since the beginning of 2023, the campaign has been targeting Chinese-speaking users. So far, the researchers have observed over 30 attack campaigns leveraging these malware families and 20 […]

Cybersecurity

How to Interpret the 2023 MITRE ATT&CK Evaluation Results

Sep 22, 2023The Hacker NewsMITRE ATT&CK / Cybersecurity Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluation. This testing is critical for evaluating vendors because it’s virtually impossible to […]