Luna Moth Cybercriminals Impersonate IT Support to Steal Data
In a rapidly evolving threat landscape, a cybercrime group known as Luna Moth - also referred to as the Silent Ransom Group (SRG) - has been targeting organizations in the United States using a cunning form of social engineering. Their latest campaign involves impersonating internal IT support teams. They manage to trick employees into granting remote access to corporate systems,
Fake WordPress Security Plugin Grants Access to Attackers
A new and highly deceptive cybersecurity threat has emerged targeting WordPress websites. Cybercriminals have developed a fake WordPress security plugin that not only pretends to protect websites but in reality, grants attackers remote administrative access. How the Attack Works The fake WordPress security plugin masquerades as a legitimate security tool. One of the known malicious files is named WP-antymalwary-bot.php. This
Co-Op Shuts Down IT Systems After Attempted Hack
The Co-Op shuts down IT systems as a precautionary measure. One of the UK’s largest consumer co-operatives, was forced to shut down parts of its IT infrastructure after detecting a potential cyberattack attempt. While services are gradually being restored, the proactive move was made to safeguard customer data and prevent further risks. What Made Co-Op Shut Down IT Systems? Co-op
Banking Credentials of 30,000 Australians Stolen: What You Need to Know
A wave of cyberattacks has compromised the banking credentials of over 30,000 Australians. This breach wasn’t the result of a direct attack on banks, but rather malware installed on users' own devices. Known as infostealers, this malware silently collects login credentials and personal data, often without users realizing it. This information comes from a recent report by Australian cybersecurity company
Fortinet Exposes Persistent Post-Exploitation Threat
Fortinet has issued a new security warning. Hackers still have access to patched FortiGate VPN devices. They use a hidden method that bypasses traditional detection. Compromise Notification Sent to Customers The company alerted affected customers via email. The message was titled: “Notification of device compromise – FortiGate / FortiOS – Urgent action required.” This notification carried a TLP:AMBER+STRICT label, showing
IKEA Operator Suffers $23 Million Loss After Ransomware Attack in Eastern Europe
Fourlis Group, which operates IKEA in Greece, Cyprus, Romania, and Bulgaria, faced a major ransomware attack. The breach happened just before Black Friday, on November 27, 2024. The company reported losses of nearly €20 million or $23 million. The public first learned about the incident on December 3, 2024. At the time, IKEA’s online stores experienced severe technical issues. Fourlis
Europcar GitLab Hack Compromises Source Code and Customer Data
A recent cyberattack has exposed customer data at Europcar Mobility Group. Hackers accessed the company's private GitLab repositories and stole sensitive files. The breach revealed source code from mobile apps and personal data from up to 200,000 customers. The threat actor behind the attack attempted extortion. They threatened to leak 37GB of stolen data unless demands were met. The exposed
Oracle Cloud Breach Allegations Disputed Amid Confirmed Data Leaks
Oracle faces renewed scrutiny after a threat actor claimed to breach its Oracle Cloud SSO infrastructure. Despite the company’s strong denial, leaked data appears to be real, raising questions about the security of cloud authentication systems. Threat Actor Claims Access to 6 Million Accounts A user named ‘rose87168’ announced they had infiltrated Oracle Cloud’s federated SSO servers. They claimed to
RansomHub Ransomware Affiliates Adopt New ‘Betruger’ Backdoor in Attacks
Cybersecurity researchers from Symantec have uncovered a sophisticated new backdoor named Betruger, recently deployed by affiliates of the notorious RansomHub ransomware-as-a-service (RaaS) group. This custom-built malware significantly enhances the efficiency and stealth of ransomware attacks. What is the Betruger Backdoor? Symantec describes Betruger as an advanced "multi-function" malware, uniquely designed to consolidate several malicious tools into one powerful package. This
CISA Warns of Active Exploitation in NAKIVO Backup Software Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted federal agencies about active exploitation of a severe vulnerability in NAKIVO’s Backup & Replication software. Identified as CVE-2024-48248, the flaw allows attackers to access sensitive files remotely, potentially compromising entire infrastructures. Vulnerability Details: CVE-2024-48248 Explained This vulnerability is classified as an absolute path traversal flaw, meaning unauthenticated attackers could remotely
