Category Security

UK investigators say they have sent a clear message that the country is “not a safe haven for money laundering,” after making scores of arrests and seizing millions from two major Russian criminal networks. The National Crime Agency (NCA) yesterday…

A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. “Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor…

A supply chain attack on the widely used @solana npm library, targeting private keys to steal funds, has put developers and cryptocurrency users at risk. The malicious versions, 1.95.6 and 1.95.7, were published briefly on December 2 2024, but have since been…

Dec 05, 2024Ravie LakshmananOnline Fraud / Cybercrime Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of…

Two severe vulnerabilities in Veeam Service Provider Console (VSPC) software have been patched, including one with a near-maximum CVSS score of 9.9. The issues, designated as CVE-2024-42448 and CVE-2024-42449, were identified during internal testing by Veeam. Both flaws pose significant…

Dec 05, 2024Ravie LakshmananCryptocurrency / Mobile Security As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. “DroidBot is a modern RAT that combines…

The UK’s National Crime Agency (NCA) has revealed details of Operation Destabilise, a years-long international law enforcement investigation into a giant Russian money laundering enterprise that handled billions of dollars for drug traffickers and ransomware gangs worldwide.  The multi-billion dollar…

Russian cyber espionage group Secret Blizzard has used the tools and infrastructure of at least six other threat actors during the past seven years, according to Microsoft. In a December 4 report, Microsoft Threat Intelligence shared new findings about Secret…

Dec 05, 2024Ravie LakshmananVulnerability / IoT Security Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files…

The FBI has warned that criminals are using generative AI to enhance financial fraud schemes, and the Bureau has issued new guidance for the public to protect themselves from these tactics. A new alert from the US government agency’s Internet…