Skip to content
Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group

Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group

Aug 19, 2024Ravie LakshmananCybercrime / Network Security Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7. The two clusters of potential FIN7 activity “indicate communications inbound to FIN7… 

Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts

Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts

Aug 16, 2024Ravie LakshmananCloud Security / Application Security A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media… 

Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web

Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web

Aug 16, 2024Ravie LakshmananDark Web / Data Breach A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a… 

Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware

Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware

Aug 16, 2024Ravie LakshmananMalware / Data Theft Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC. The activity cluster, orchestrated by Russian-speaking… 

Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics

Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics

Aug 16, 2024Ravie LakshmananCyber Attack / Malware Chinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT. “ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control… 

The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?

The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?

SaaS applications have become indispensable for organizations aiming to enhance productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited.… 

New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems

New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems

Aug 16, 2024Ravie LakshmananMalware / Browser Security Cybersecurity researchers have uncovered new stealer malware that’s designed to specifically target Apple macOS systems. Dubbed Banshee Stealer, it’s offered for sale in the cybercrime underground for a… 

Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk

Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk

Aug 16, 2024Ravie LakshmananMobile Security / Software Security A large percentage of Google’s own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various… 

SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software

SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software

Aug 15, 2024Ravie LakshmananEnterprise Security / Vulnerability SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The…