Taking the shine off BreachForums
ShinyHunters threat group members were arrested in a coordinated law enforcement action for their association with BreachForums
Similar Posts
Supreme Court declines to weigh in on FQHC’s patient data security liability
Bys sDave Muoio reports: The Supreme Court has declined to hear a case on whether a Federally Qualified Health Center is immune from liability over a former patient’s stolen personally identifying information (PII). The class-action lawsuit stemmed from a patient who received care and provided that information to Sandhills Medical Foundation, an FQHC, in 2018. The…
ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More
Bys sFrom unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI…
Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
Bys sAn Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks against Israel and the U.S. The financially motivated scheme, now operating under the moniker Pay2Key.I2P, is assessed to be linked to a hacking group tracked as Fox Kitten (aka Lemon…
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
Bys sCybersecurity researchers have disclosed details of a malicious Go module that’s designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate “golang.org/x/crypto” codebase, but injects malicious code that’s responsible for exfiltrating secrets entered via terminal password
UK Considers Banning Ransomware Payment by Public Sector and CNI
Bys sSince no technical means have been found to curtail criminal extortion through prevention or attack, the new proposal is to eliminate its profitability. The post UK Considers Banning Ransomware Payment by Public Sector and CNI appeared first on SecurityWeek.
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Bys sCybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include – laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions “The timing and pattern of the newly published tags