Operations of the Grandoreiro banking trojan have been dismantled by the Federal Police of Brazil with the help of Interpol, the Spanish National Police, ESET, and Caixa Bank, BleepingComputer reports.
This week in the Security Weekly News: the NSA admits to secretly buying your internet browsing data, malicious Google ads target Chinese users, Juniper releases update for Junos OS flaws, Outlook could be leaking your NTLM passwords, WhiteSnake malware on Windows, Jason Wood discusses new guidance on the Microsoft "Midnight Blizzard" attack, and m...
Malicious Google ads for Telegram, LINE, and other messaging apps banned in China have been used to facilitate a malvertising campaign against Chinese-speaking users, which is part of a series of attacks involving fraudulent WhatsApp and Telegram ads aimed at Hong Kong-based users in October, reports The Hacker News.
More than 2,000 Windows and Linux systems were estimated to have been targeted by information-stealing malware deployed via nine malicious Python Package Index packages, according to Hackread.
BleepingComputer reports that organizations and individuals in China, Japan, and the UK have been targeted by the newly discovered sophisticated China-linked Blackwood threat operation in cyberespionage attacks deploying the advanced NSPX30 malware via update mechanisms for legitimate software.
Mexican enterprises subjected to AllaKore RAT attacks Agriculture, banking, capital goods, commercial services, manufacturing, public sector, retail, and transportation companies across Mexico with annual revenues exceeding $100 million have been targeted with attacks deploying the AllaKore RAT malware to facilitate banking credential and authentication data exfiltration since late 2021, reports The Record, a news site by cybersecurity firm Recorded Future.
Spear-phishing attacks deployed by Chinese state-sponsored threat operation APT10 also known as Stone Panda, Cicada, Bronze Riverside, Potassium, Earth Tengshe, and MirrorFace involved the distribution of continuously updated iterations of the LODEINFO fileless backdoor, first identified in November 2022, The Hacker News reports.
Cryptocurrency platforms have lost $1.7 billion worth of assets from cyberattacks last year, representing a nearly $2 billion drop from 2022, which had the highest-ever losses from cryptocurrency heists, despite a slight increase in attack volume, according to The Record, a news site by cybersecurity firm Recorded Future.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
