Cybercrime/malcode – Lifeboat News: The Blog

Sep 16
2024

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

It also follows the discovery of a stealthy threat actor that presents itself as a legitimate enterprise and has been advertising automated CAPTCHA-solving services at scale to other cybercriminals and helping them infiltrate IT networks.

Dubbed Greasy Opal by Arkose Labs, the Czech Republic-based “cyber attack enablement business” is believed to have been operational since 2009, offering to customers a toolkit of sorts for credential stuffing, mass fake account creation, browser automation, and social media spam at a price point of $190 and an additional $10 for a monthly subscription.

The product portfolio runs the cybercrime gamut, allowing them to develop a sophisticated business model by packaging several services together. The entity’s revenues for 2023 alone are said to be no less than $1.7 million.

Sep 16
2024

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Discover how Beyond Identity’s deterministic security approach eliminates phishing, credential theft, and other cyber threats with passwordless, phish.

Sep 13
2024

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

New Linux malware ‘Hadooken’ targets Oracle Weblogic, deploys crypto miners and DDoS botnet. Exploits vulnerabilities for lateral movement.

Sep 13
2024

New Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram

New Android malware ‘Ajina. Banker’ targets bank customers in Central Asia, stealing financial data and intercepting 2FA messages via Telegram channels.

Sep 13
2024

Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide

Vo1d malware infects 1.3M Android TV boxes in 197 countries. Learn about this new backdoor threat and how it compromises device security.

Sep 13
2024

New PIXHELL acoustic attack leaks secrets from LCD screen noise

A novel acoustic attack named ‘PIXHELL’ can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to.

In a PIXHELL attack, malware modulates the pixel patterns on LCD screens to induce noise in the frequency range of 0–22 kHz, carrying encoded signals within those acoustic waves that can be captured by nearby devices such as smartphones.

The researchers’ tests showed that data exfiltration is possible at a maximum distance of 2 meters (6.5 ft), achieving a data rate of 20 bits per second (bps).

Sep 4
2024

When Cyber Security Breaches Are Inevitable, It’s Time To Call For A New Approach

We need to do more than deflect cyberattacks. We must build the capacity to sustain operations during and after a cyberattack. We need to bounce back stronger than ever.

Sep 4
2024

Insurance software giant reveals nearly a million customers hit by ransomware risk

Young Consulting has confirmed it lost sensitive data on almost a million people in a ransomware attack that happened earlier in 2024.

The company confirmed the news by sending out data breach notification letters to exactly 954,177 customers, which said it became aware of “technical difficulties” in its computer environment in mid-April 2024.

Sep 3
2024

Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign

Cyberattackers leverage Google Sheets for command control in a global espionage campaign targeting 70+ organizations.

Sep 3
2024

RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors

US government warns of rising attacks on infrastructure using advanced tactics.