Threat Intelligence

Threat Actor Targets Russian Gaming Community With WannaCry-Imitator

Crypter Ransomware, cybercrime, Darkflow Software, data breach, Data leak, Discord, Encryption, Enlisted, Gaijin Entertainment, GitHub, GitLab, GUI, JSON, Malware, Mutex, phishing, Python, Ransomware, Russia, Threat Intelligence, WannaCry 3.0, WannaCry 3.0 Crypter, Windows /

Threat Actor Targets Russian Gaming Community With WannaCry-Imitator 13/06/2023 at 19:21 By cybleinc CRIL analyzes WannaCry-Imitator Ransomware, a phishing gaming site targeting the Russian Gaming community The post Threat Actor Targets Russian Gaming Community With WannaCry-Imitator appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

Threat Actor Targets Russian Gaming Community With WannaCry-Imitator Read More »

Over 45 thousand Users Fell Victim to Malicious PyPI Packages

All, Creal Stealer, Credit card, darkweb, Discord Webhook, Evilpip, GitHub, Google Chrome, Hazard Token Grabber, HTTP GET, infostealer, KEKW, Malware, phishing, PyPI, Python Package Index, Python Packages, Reaquests, Requests, Third party software, Threat Actors, Threat Intelligence, Tikcock Grabber, W4SP Stealer /

Over 45 thousand Users Fell Victim to Malicious PyPI Packages 09/06/2023 at 12:31 By cybleinc Through the analysis of more than 160 malicious Python packages, CRIL reveals insights into the threat landscape associated with Python packages. The post Over 45 thousand Users Fell Victim to Malicious PyPI Packages appeared first on Cyble. This article is

React to this headline:

Loading spinner

Over 45 thousand Users Fell Victim to Malicious PyPI Packages Read More »

Unmasking the Darkrace Ransomware Gang

cybercrime, cybersecurity, Darkrace, Darkrace Ransomware, darkweb, Data leak, Double extortion, Lockbit 3.0, LockBit Ransomware, Malware, Mutex, Ransomware, Threat Actors, Threat Intelligence, Windows /

Unmasking the Darkrace Ransomware Gang 08/06/2023 at 15:02 By cybleinc New Ransomware Holds Similarities with LockBit Ransomware Ransomware continues to pose the most critical cybersecurity threat to organizations’ infrastructure. This malicious software encrypts victims’ files and extorts payment in return for the decryption key. The consequences of ransomware attacks can be severe, including financial losses,

React to this headline:

Loading spinner

Unmasking the Darkrace Ransomware Gang Read More »

 LockBit 2.0 Ransomware Resurfaces

CVE-2017-0199, cybercrime, darkweb, Korea, Lockbit 3.0, LockBit Ransomware 2.0, Malware, phishing, Ransomware, Threat Actor, Threat Intelligence /

 LockBit 2.0 Ransomware Resurfaces 07/06/2023 at 15:15 By cybleinc Cyble analyzes LockBit Ransomware, which is distributed via malicious documents, specifically targeting users in Korea. The post  LockBit 2.0 Ransomware Resurfaces appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

 LockBit 2.0 Ransomware Resurfaces Read More »

 LockBit Ransomware 2.0 Resurfaces

CVE-2017-0199, cybercrime, darkweb, Korea, Lockbit 3.0, LockBit Ransomware 2.0, Malware, phishing, Ransomware, Threat Actor, Threat Intelligence /

 LockBit Ransomware 2.0 Resurfaces 06/06/2023 at 15:02 By cybleinc Cyble Research and Intelligence Labs analyzes LockBit ransomware which uses malicious documents to specifically target users in Korea. The post  LockBit Ransomware 2.0 Resurfaces appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

 LockBit Ransomware 2.0 Resurfaces Read More »

HelloTeacher: New Android Malware Targeting Banking Users In Vietnam

All, Android malware, Banking Trojan, HelloTeacher Malware, Kik Messenger, Malware, MB Bank, spyware, Threat Actor, Threat Intelligence, TPBank Mobile, Viber, VietinBank iPay, Vietnam /

HelloTeacher: New Android Malware Targeting Banking Users In Vietnam 05/06/2023 at 17:23 By cybleinc Cyble analyzes a new malware “HelloTeacher” masquerading as popular messaging app to target banking users from Vietnam and steals sensitive data. The post HelloTeacher: New Android Malware Targeting Banking Users In Vietnam appeared first on Cyble. This article is an excerpt

React to this headline:

Loading spinner

HelloTeacher: New Android Malware Targeting Banking Users In Vietnam Read More »

MOVEit Transfer Vulnerability Actively Exploited

All, Azure SQL, CGSI, Clop ransomware, cybercriminals, darkweb, Germany, Managed File Transfer, MFT, Microsoft SQL, Moveit Transfer, MySQL, Threat Actors, Threat Intelligence, United Kingdom, United States, vulnerability /

MOVEit Transfer Vulnerability Actively Exploited 02/06/2023 at 17:04 By cybleinc Cyble analyzes MOVEit Transfer vulnerability and observes active exploitation in the Cyble Global Intelligence Sensors (CGSI). The post MOVEit Transfer Vulnerability Actively Exploited appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

MOVEit Transfer Vulnerability Actively Exploited Read More »

‘NoEscape’ Ransomware-as-a-Service (RaaS)

C, ChaCha20, CIS, Commonwealth of Independent States, cybercrime, darkweb, data breach, Data leak, Malware, NoEscape, RaaS, Ransomware, Ransomware Affiliate, Russia, Safe Mode, Server Message Block, Threat Intelligence, Triple-Extortion, Windows, Windows NT 10.0 /

‘NoEscape’ Ransomware-as-a-Service (RaaS) 01/06/2023 at 18:32 By cybleinc CRIL analyzes the newly advertised ‘NoEscape’ Ransomware-as-a-Service (RaaS) program that claims to facilitate sophisticated extortion operations using an advanced, indigenously developed ransomware strain. The post ‘NoEscape’ Ransomware-as-a-Service (RaaS) appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

‘NoEscape’ Ransomware-as-a-Service (RaaS) Read More »

SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations

APT, Argentina, Australia, backdoor, Brazil, Canada, China, CVE-2017-11882, CVE-2018-0798, CVE-2018-0802, cyberattack, cybercrime, data breach, Data leak, DLL Downloader, Equation Editor, France, G20, G7, Germany, Hiroshima, India, Indonesia, Initial access, Italy, Japan, Malware, Microsoft Office, RTF, Saudi Arabia, SharpPanda, South Africa, South Korea, Threat Intelligence, Turkey, United Kingdom, United States, Vulnerabilities /

SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations 01/06/2023 at 08:36 By cybleinc Cyble analyzes SharpPanda, a highly sophisticated APT group utilizing spear-phishing tactics to launch cyberattacks on G20 Nation officials. The post SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations appeared first on Cyble. This article is an excerpt from Cyble View

React to this headline:

Loading spinner

SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations Read More »

Evolving Threat Landscape of Hacktivism in Colombia

#OpColombia, Berghof, Berghof Web Panel, critical infrastructure, cybercrime, darkweb, data breach, Data leak, DDoS Attack, Fueling Systems, GhostSec, GNSS, Government, Hacktivism, HMI, Human Machine Interface, Industrial Control Systems, Israel, Malware, National Critical Infrastructure, OpIsrael, OSINT, Power Supply Controllers, Radio Broadcast, Satellite Receivers, SiegedSec, Threat Intelligence, Zero-Day /

Evolving Threat Landscape of Hacktivism in Colombia 31/05/2023 at 11:22 By cybleinc CRIL investigates the evolving threat landscape of hacktivism leading to cyberattacks on Colombian Critical Infrastructure and Zero-day Sales by Hacktivists. The post Evolving Threat Landscape of Hacktivism in Colombia appeared first on Cyble. This article is an excerpt from Cyble View Original Source

React to this headline:

Loading spinner

Evolving Threat Landscape of Hacktivism in Colombia Read More »

Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability

APT, Bl00dy, Bl00dy ransomware, CISA, Conti, CSA, CVE-2023-27350, cybercrime, darkweb, data breach, Data leak, ERP, Helpdesk, Lockbit 3.0, Malware, Moodle, PaperCut, PaperCut MF, PaperCut NG, Port 9191, Port 9192, Ransomware, RDP, Remote Desktop Protocol, Shodan, Telegram, Threat Intelligence, Twitter /

Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability 30/05/2023 at 14:46 By cybleinc CRIL analyzes Bl00dy Ransomware’s recent targeting of an Indian University via exploitation of the PaperCut vulnerability. The post Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability appeared first on Cyble. This article is an excerpt from Cyble View Original Source

React to this headline:

Loading spinner

Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability Read More »

PixBankBot: New ATS-Based Malware Poses Threat to the Brazilian Banking Sector

Android, Android Banking trojan, ATS, ATS Framework, Banco Central do Brasil, Banco Itaú, Bank fraud, Banking Sector, Banking Trojan, BFSI, Brazil, C6 Bank, cybercrime, darkweb, Data leak, fake app, fraud, GoatRAT, Malware, Mercado Pago, NUBank, Nubank: conta, PagBank Banco, PasteBin, PicPay, PIX, PixBankBot, PixPirate, R$, Threat Actors, Threat Intelligence /

PixBankBot: New ATS-Based Malware Poses Threat to the Brazilian Banking Sector 30/05/2023 at 12:36 By cybleinc Cyble analyzes PixBankBot, a new ATS-based malware that targets Brazilian banks through the popular Pix instant payment platform. The post PixBankBot: New ATS-Based Malware Poses Threat to the Brazilian Banking Sector appeared first on Cyble. This article is an

React to this headline:

Loading spinner

PixBankBot: New ATS-Based Malware Poses Threat to the Brazilian Banking Sector Read More »

Invicta Stealer Spreading Through Phony GoDaddy Refund Invoices

Blisk, BraveSoftware, ChromePlus, CocCoc Browser, Coowon, cybercrime, darkweb, Epic Privacy Browser, GoDaddy, Invicta, Iridium, Malware, QIP Surf, Sleipnir, Slimjet, Stealer, Steam, Threat Intelligence /

Invicta Stealer Spreading Through Phony GoDaddy Refund Invoices 25/05/2023 at 19:16 By cybleinc Cyble Research & Intelligence Labs analyzes Invicta, a new stealer that spreads via fake GoDaddy Refund invoices to infect users. The post Invicta Stealer Spreading Through Phony GoDaddy Refund Invoices appeared first on Cyble. This article is an excerpt from Cyble View

React to this headline:

Loading spinner

Invicta Stealer Spreading Through Phony GoDaddy Refund Invoices Read More »

Security Pros: Before You Do Anything, Understand Your Threat Landscape

Incident Response, Threat Intelligence /

Security Pros: Before You Do Anything, Understand Your Threat Landscape 25/05/2023 at 17:48 By Marc Solomon Regardless of the use case your security organization is focused on, you’ll likely waste time and resources and make poor decisions if you don’t start with understanding your threat landscape. The post Security Pros: Before You Do Anything, Understand

React to this headline:

Loading spinner

Security Pros: Before You Do Anything, Understand Your Threat Landscape Read More »

European Cybersecurity Firm Sekoia.io Raises $37.5 Million

Cybersecurity Funding, funding, Threat Intelligence, XDR /

European Cybersecurity Firm Sekoia.io Raises $37.5 Million 25/05/2023 at 16:03 By Ionut Arghire European XDR and threat intelligence provider Sekoia.io has raised €35 million ($37.5 million) in Series A funding. The post European Cybersecurity Firm Sekoia.io Raises $37.5 Million appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

European Cybersecurity Firm Sekoia.io Raises $37.5 Million Read More »

Obsidian ORB Ransomware Demands Gift Cards as Payment

AES Cryptographic Provider, All, BlackSnake, Chaos Ransomware, cybercrime, darkweb, data breach, Data leak, Gift Card, Malware, Microsoft Enhanced RSA, Obsidian ORB, Obsidian ORB Ransomware, Onyx, Payday, Paysafe, Ransomware, Steam, Threat Intelligence /

Obsidian ORB Ransomware Demands Gift Cards as Payment 25/05/2023 at 09:16 By cybleinc Cyble Research & Intelligence Labs analyzes Obsidian ORB, a ransomware hybrid that demands ransom payments in the form of gift cards. The post Obsidian ORB Ransomware Demands Gift Cards as Payment appeared first on Cyble. This article is an excerpt from Cyble

React to this headline:

Loading spinner

Obsidian ORB Ransomware Demands Gift Cards as Payment Read More »

Notable DDoS Attack Tools and Services Supporting Hacktivist Operations in 2023

Artemis C2 DDoS Botnet, cybercrime, darkweb, DDoS, DDoS Attack, DDosia Project, Hacktivism, Killnet, Killnet DDoS, Malware, Neferian Empire DDoS Botnet, RedStress.io DDoS Panel, SkyElite-Net DDoS, Stressbot.io, Tesla Botnet, Threat Intelligence, Ziyaettin DDoS Botnet /

Notable DDoS Attack Tools and Services Supporting Hacktivist Operations in 2023 24/05/2023 at 18:26 By cybleinc Cyble Research & Intelligence Labs analyzes the growing use of DDoS attacks by Hacktivist groups across the world. The post Notable DDoS Attack Tools and Services Supporting Hacktivist Operations in 2023 appeared first on Cyble. This article is an

React to this headline:

Loading spinner

Notable DDoS Attack Tools and Services Supporting Hacktivist Operations in 2023 Read More »

Virtual Event Today: Threat Detection and Incident Response Summit

Featured, Malware & Threats, Threat Intelligence, Training & Awareness /

Virtual Event Today: Threat Detection and Incident Response Summit 24/05/2023 at 11:16 By Mike Lennon Join thousands of attendees as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack. (Register Now) The post Virtual Event Today: Threat Detection and Incident Response Summit appeared first

React to this headline:

Loading spinner

Virtual Event Today: Threat Detection and Incident Response Summit Read More »

New MDBotnet Unleashes DDoS Attacks

botnet DDoS, cybercrime, darkweb, DDoS, DDoS Attack, DDOS-as-a-Service, Hacktivism, Hacktivists, HTTPGetAttack, Malware, MDBotnet, MDBotnetUpdater, SlavaRussia, svhost.exe, SYN, SYNAttack, Threat Intelligence /

New MDBotnet Unleashes DDoS Attacks 23/05/2023 at 18:03 By cybleinc Cyble Research & Intelligence Labs analyzes MDBotnet, a malware variant of Russian origin, carrying out DDoS-as-a-Service attacks. The post New MDBotnet Unleashes DDoS Attacks appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

New MDBotnet Unleashes DDoS Attacks Read More »

New Ransomware Wave Engulfs over 200 Corporate Victims

8Base Ransomware, AES, cybercrime, darkweb, data breach, Data leak, Double encryption, Leak site, MalasLocker, Malware, MalwareHunterTeam, Ransomware, Rhysida, Threat Intelligence, Zscaler /

New Ransomware Wave Engulfs over 200 Corporate Victims 23/05/2023 at 17:34 By cybleinc CRIL analyzes multiple new Ransomware families that have affected over 200 firms, spearheaded by Rhysida, 8Base, and MalasLocker ransomware. The post New Ransomware Wave Engulfs over 200 Corporate Victims appeared first on Cyble. This article is an excerpt from Cyble View Original

React to this headline:

Loading spinner

New Ransomware Wave Engulfs over 200 Corporate Victims Read More »

Scroll to Top