Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label News. Show all posts
Phishing Attacks
Cyber Attacks cyberattacks trending news Netflix cybersecurity News phishing Phishing Attacks

Netflix Users Warned About AI-Powered Phishing Scam

 

Netflix subscribers are being warned about a sophisticated phishing scam circulating via email, designed to steal personal and financial information. 

The deceptive email mimics an official Netflix communication, falsely claiming that the recipient’s account has been put on hold. It urges users to click a link to resolve the issue, which redirects them to a fraudulent login page that closely resembles Netflix’s official site. 

Unsuspecting users are then prompted to enter sensitive details, including their Netflix credentials, home address, and payment information. Cybersecurity experts caution that phishing scams have become more advanced with the rise of AI-driven tactics. 

According to Jake Moore, Global Cybersecurity Advisor at ESET, artificial intelligence has enabled cybercriminals to launch phishing campaigns at an unprecedented scale, making them appear more legitimate while targeting a larger number of users. 

“Despite these advancements, many scams still rely on urgency to pressure recipients into acting quickly without verifying the sender’s authenticity,” Moore explained. 

Users are advised to remain vigilant, double-check email sources, and avoid clicking on suspicious links. Instead, they should visit Netflix directly through its official website or app to verify any account-related issues.
Read more »
Ransomware
cyberattacks trending news Cybersecurity Attack malware News Ransomware

Cisco Talos Uncovers Lotus Blossom’s Multi-Campaign Cyber Espionage Operations

Cisco Talos has uncovered a series of cyber espionage campaigns attributed to the advanced persistent threat (APT) group Lotus Blossom, also known as Spring Dragon, Billbug, and Thrip. 

The group has been active since at least 2012, targeting government, manufacturing, telecommunications, and media sectors in regions such as the Philippines, Vietnam, Hong Kong, and Taiwan. Talos identified Sagerunex, a backdoor tool used exclusively by Lotus Blossom, as the core malware in these campaigns. 

The investigation revealed multiple variants of Sagerunex, evolving from its original form to leverage third-party cloud services such as Dropbox, Twitter, and Zimbra webmail as command-and-control (C2) tunnels, instead of traditional Virtual Private Servers (VPS). This shift helps the group evade detection while maintaining control over infected endpoints. 

The group has been observed gaining persistence on compromised systems by embedding Sagerunex into the system registry and configuring it to run as a service. The malware operates as a dynamic link library (DLL), executed directly in memory to avoid detection. The campaigns also showcase long-term persistence strategies, allowing attackers to remain undetected for months. 

Beyond Sagerunex, Lotus Blossom employs an arsenal of hacking tools to facilitate credential theft, privilege escalation, and data exfiltration. These include a Chrome cookie stealer from GitHub, a customized Venom proxy tool, a privilege adjustment tool, and an archiving tool for encrypting and stealing data. 

Additionally, the group utilizes mtrain V1.01, a modified HTran proxy relay tool, to route connections between compromised machines and external networks. The attack chain follows a structured multi-stage approach, starting with reconnaissance commands such as “net,” “tasklist,” “ipconfig,” and “netstat” to gather system details. 

If an infected machine lacks direct internet access, the attackers leverage proxy settings or the Venom tool to establish connectivity. A notable tactic involves storing malicious tools in the “public\pictures” subfolder, a non-restricted directory, to avoid detection.

Talos’ research underscores the growing sophistication of Lotus Blossom, which continues to refine its techniques and expand its capabilities. With high confidence, Cisco attributes these campaigns to Lotus Blossom, highlighting its sustained cyber espionage operations against high-value targets.
Read more »
News
Cyber Security Cyber Threats Cybersecurity Attack financial attack News

Lending App Data Breach Leaves Sensitive Customer Information Unprotected

 

A major digital lending platform has reportedly exposed sensitive customer data due to a misconfigured Amazon AWS S3 bucket that was left unsecured without authentication. Security researchers discovered the breach on November 28, 2024, but the issue remained unresolved until January 16, 2025, leaving the data vulnerable for over a month. While there is no direct evidence that cybercriminals accessed the information, experts warn that only a thorough forensic audit could confirm whether any unauthorized activity took place.  

The exposed data reportedly includes Know Your Customer (KYC) documents, which financial institutions use to verify identity, address, and income details. This type of information is particularly valuable to cybercriminals, as it can be exploited to fraudulently obtain loans, orchestrate identity theft, or carry out sophisticated social engineering attacks. 

According to researchers, attackers could leverage leaked loan agreements or bank details to manipulate victims into making unauthorized payments or providing further account verification. Furthermore, such personal data often ends up being aggregated and sold on the dark web, amplifying risks for affected individuals and making it harder to protect their privacy. 

To minimize the risks associated with such breaches, experts recommend monitoring bank statements and transaction histories for any suspicious activity and immediately reporting irregularities to financial institutions. Users are also advised to set strong, unique passwords for different accounts, especially those containing financial or sensitive information, and to update them immediately if a breach is suspected. Enabling multi-factor authentication (MFA) adds an extra layer of security and can significantly reduce the likelihood of unauthorized access. 

Another major concern following such incidents is the increased likelihood of social engineering attacks like phishing, where criminals use leaked data to craft convincing fraudulent messages. Attackers may impersonate banks, service providers, or even personal contacts to trick victims into revealing sensitive details, clicking malicious links, or scanning fraudulent QR codes. 

Users should remain cautious of unexpected emails or messages, verify the sender’s identity before clicking any links, and contact companies directly through their official websites. It is crucial to remember that banks and legitimate financial institutions will never request sensitive account details via phone or email or ask customers to transfer funds to another account.
Read more »
trending news
Cybersecurity Attack malware News online threats trending news

Beware of Fake Viral Video Links Spreading Malware

 

McAfee Labs has uncovered a rise in cyber scams where fraudsters use fake viral video links to trick people into downloading malware. These attacks rely on social engineering, enticing users with promises of exclusive or leaked content. 

Once a user clicks on the deceptive link, they are redirected through several malicious websites before unknowingly downloading a harmful file. The scheme typically begins with a fake message or document containing a link to a trending video. Clicking the link leads to an unsafe website filled with misleading advertisements, fake download buttons, and sometimes adult content. 

These sites trick users into downloading a file—often a ZIP folder—that seems harmless but actually contains malware hidden within a password-protected archive. Once downloaded and extracted, the file reveals a setup program that, when executed, launches the malware. To make it appear legitimate, a CAPTCHA screen is displayed first. 

However, once the user clicks “OK,” the malware installs itself discreetly, injecting harmful files into the system and running hidden processes that steal data or compromise the device. While McAfee’s security measures have intercepted many such attacks, experts warn that these scams continue to evolve. 

Cybercriminals use clickbait tactics to manipulate people’s curiosity, making it crucial to stay vigilant. To protect yourself, avoid clicking on links that claim to provide exclusive or leaked videos, as these are often traps designed to distribute malware. 

Be cautious of unfamiliar websites that prompt you to download files, as they may contain hidden threats. Always scan downloaded files with reliable security software before opening them. Additionally, keep your antivirus software updated to ensure real-time protection against emerging cyber threats. Since online scams are constantly evolving, staying informed and cautious is the best defense against potential cyber risks.
Read more »
News
Chinese Hackers cyber attack Cyber-Espionage cyberattacks trending news cybersecurity news News

Chinese Hackers Exploit SSH Daemon to Maintain Persistent Access in Cyber-Espionage Operations

 

A sophisticated cyber-espionage campaign attributed to the Chinese hacking group Evasive Panda, also known as DaggerFly, has been uncovered, targeting network appliances through a newly identified attack suite. According to cybersecurity researchers at Fortinet’s FortiGuard Labs, the attackers are leveraging a malicious toolkit named ELF/Sshdinjector.A!tr, injecting malware into the SSH daemon (SSHD) to establish long-term access and execute covert operations. 

Active since at least mid-November 2024, this attack method enables unauthorized control over compromised systems. While the initial entry point remains unclear, once infiltrated, a dropper module determines whether the device is already infected and assesses its privilege level. If running under root permissions, the malware deploys multiple binaries, including libssdh.so, which serves as the primary backdoor responsible for command-and-control (C2) communication and data exfiltration. 

Additional components such as “mainpasteheader” and “selfrecoverheader” are used to maintain persistence. The injected SSH library covertly monitors and executes commands received from a remote C2 server, allowing the attackers to conduct system reconnaissance, steal credentials, manipulate files, and execute arbitrary commands. 

The malware supports fifteen different functions, ranging from collecting system details and listing active processes to reading sensitive user data and gaining remote shell access. It can also upload and download files, delete specific records, rename files, and notify the attacker when the malware is active. 

Despite previous detections of similar threats, FortiGuard’s research is the first to provide a detailed analysis of how ELF/Sshdinjector.A!tr operates. The group behind this attack, Evasive Panda, has been active since 2012 and has previously conducted cyber-espionage campaigns, including supply chain attacks via ISPs in Asia and targeted intelligence collection from U.S. organizations. 

The group was also recently linked to deploying a novel macOS backdoor. Notably, Fortinet researchers leveraged AI-assisted tools to aid in the malware’s reverse engineering process. While challenges such as hallucinations, extrapolation errors, and omissions were encountered, the experiment demonstrated AI’s growing potential in cybersecurity research. 

Fortinet assures that its customers are already protected against this threat through its FortiGuard AntiVirus service, which detects the malware as ELF/Sshdinjector.A!tr and Linux/Agent.ACQ!tr. The company has also provided hashes of identified samples on VirusTotal for further investigation by the security community.
Read more »
News
Cyber Threats Cybersecurity Indian Government website News

Kaveri 2.0 Portal Hit by Massive DDoS Attack

 

Property registrations and citizen services in Karnataka have been severely affected since Monday due to a large-scale cyberattack on the Kaveri 2.0 portal. Initially suspected to be a technical glitch, the Revenue and E-Governance Departments have now confirmed that the disruptions are the result of a “motivated Distributed Denial of Service (DDoS) attack.” 

The Kaveri 2.0 portal, introduced in 2023 to streamline property registration and related services, has been facing issues since January 13, 2025, with attackers consistently exploiting vulnerabilities despite repeated fixes. Revenue Minister Krishna Byre Gowda stated that the evolving nature of these disruptions indicates a deliberate and sustained attempt to cripple the system. 

Officials revealed that bots are being used to conduct excessive searches for encumbrance certificates (ECs) through customer logins, overloading the system and causing it to crash. Even as authorities address certain weaknesses, attackers appear to be adapting in real-time to exploit new loopholes. 

For instance, on Monday, the system was restored by 1 p.m. after a complete outage, but it was down again by 3 p.m. The attack has had a severe impact on property registrations across the state, with daily registrations plummeting from an average of over 8,000 to just over 500 on Tuesday. 

Thousands of property transactions have been postponed indefinitely due to the disruption, leaving buyers and sellers in a state of uncertainty. Many users have been unable to log into the portal or upload necessary documents, causing widespread frustration. 

K.V. Govardhan of Arna Estates, who had registrations scheduled in Bagepalli and Banaswadi on Monday, expressed concerns over the lack of clarity on when the system would be fully restored. 
Read more »
Security threats
cyber attack Cyber Attacks Globe Life News Security threats

Globe Life Data Breach Affects 850,000 Customers, Investigation Reveals

Insurance provider Globe Life has revealed that a data breach from June 2024 was far more extensive than initially believed. While early reports in October 2024 suggested that around 5,000 customers were impacted, the company’s latest investigation indicates that approximately 850,000 policyholders may have had their personal data compromised. 

The breach was initially detected in a subsidiary, American Income Life Insurance Company. At the time, Globe Life reported a limited impact but acknowledged the possibility of more affected individuals. 

Further findings now confirm that an unidentified cybercriminal gained access to databases maintained by independent agency owners, exposing a wide range of sensitive customer information. Stolen data includes full names, Social Security numbers, phone numbers, email addresses, home addresses, birth dates, health records, and insurance policy details. 

In response, Globe Life took immediate action to secure its systems, restricting external access to the compromised portal. According to its SEC filing, the company was targeted by an extortion attempt but chose not to meet the ransom demands. The insurer maintains that its primary IT infrastructure and data encryption systems remained intact despite the breach. 

As a precaution, Globe Life is offering credit monitoring services to potentially affected customers. However, cybersecurity experts recommend that policyholders take extra steps to protect themselves, including signing up for identity theft protection, keeping a close watch on financial statements, and being alert to phishing attempts. Cybercriminals frequently use stolen data to create deceptive emails and messages aimed at obtaining further personal or financial information. 

Customers are advised to be cautious when receiving unexpected communications via email, text, or social media. Any unsolicited messages containing links or attachments should be avoided. Installing reliable antivirus software on personal devices can also help protect against malware that may be embedded in phishing attempts. 

Despite the scale of the breach, Globe Life has stated that it does not expect any disruptions to its business operations. However, customers should update their passwords and remain vigilant against potential fraud in the coming months.
Read more »
Ransomware attack
Attack on NYBC cyber attack Cyber Attacks News NYBC Ransomware attack

Ransomware Attack Disrupts New York Blood Center Operations Amid Critical Shortage

 

The New York Blood Center (NYBC), a major provider of blood products and transfusion services in the U.S., suffered a ransomware attack on Sunday, leading to operational disruptions and the cancellation of some donor appointments. 

The cyberattack comes at a time when the center is already struggling with a significant drop in blood donations, further straining supply levels. 

NYBC, which collects approximately 4,000 units of blood daily and supports over 500 hospitals across multiple states, detected the security breach over the weekend of January 26. 
After noticing unusual activity within its IT systems, the organization swiftly enlisted cybersecurity experts to investigate. Their findings confirmed that ransomware was responsible for the disruption. 

In response, NYBC took immediate measures to contain the attack, including temporarily shutting down certain systems while working toward a secure restoration. Despite the ongoing challenges, the organization continues to accept blood donations but warned that some appointments may need to be rescheduled. 

The attack comes just days after NYBC issued a blood emergency following a dramatic 30% decline in donations, resulting in 6,500 fewer units collected and severely impacting regional blood supplies. At this time, it remains unclear whether the attackers accessed or stole sensitive donor information. No ransomware group has claimed responsibility yet.

As NYBC works to restore its systems, it is urging donors to continue making appointments to help address the ongoing blood shortage and ensure hospitals receive the critical supplies they need.
Read more »
Subscribe to: Posts (Atom)