UK regulators are investigating a cyberattack against financial technology firm ION, while the LockBit ransomware gang has threatened to publish the stolen data on February 4 if the software provider doesn't pay up. According to a statement posted on ION Market's website, its ION Cleared Derivatives division "experienced a cybersecurity event" on January 31. "The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing," the notice said. READ MORE...
A new cyber espionage campaign dubbed 'No Pineapple!' has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction. The campaign lasted between August and November 2022, targeting organizations in medical research, healthcare, chemical engineering, energy, defense, and a leading research university. READ MORE...
An Iranian cybersecurity company sanctioned by the U.S. government for meddling in U.S. elections was responsible for stealing and attempting to sell subscriber data from the French satirical magazine Charlie Hebdo, Microsoft researchers said Friday. The hackers, believed to be affiliated with the sanctioned Iranian cybersecurity company Emennet Pasargad, breached Charlie Hebdo's systems after the publication announced in December a contest for caricatures of Supreme Leader Ayatollah Ali Khamenei. READ MORE...
Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is. In a Feb. 1 blog post, Crane Hassold, director of threat intelligence at Abnormal Security, profiled "Firebrick Ostrich" a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns. READ MORE...
Cisco has released security updates this week to address a high-severity vulnerability in the Cisco IOx application hosting environment that can be exploited in command injection attacks. The security flaw (CVE-2023-20076) is due to the incomplete sanitization of parameters passed during the app activation process. It was found and reported by security researchers Sam Quinn and Kasimir Schulz with the Trellix Advanced Research Center. READ MORE...
An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer. KoiVM is a plugin for the ConfuserEx .NET protector that obfuscates a program's opcodes so that the virtual machine only understands them. Then, when launched, the virtual machine translates the opcodes back to their original form so that the application can be executed. READ MORE...
A former Ubiquiti Networks employee accused of hatching an elaborate plot to first steal nearly $2 million from his employer, extort more, then later orchestrating a smear campaign against the company pleaded guilty to multiple felony charges Thursday. Nickolas Sharp, 36, of Portland Oregon now faces a maximum of 35 years in prison after pleading to one count of transmitting a program to a protected computer that intentionally caused damage, one count of wire fraud, and one count of making false statements to the FBI. READ MORE...