In addition to the new backConnect malware developed by Qbot operators, research has emerged tying zloader[4] activity to that of the BlackBasta ransomware operation. It is highly likely this new side loading backConnect malware has been or is going to be utilized to further ransomware attacks.
HPE investigating claims by the hacker IntelBroker, who is offering to sell source code and other data allegedly stolen from the tech giant.
The concept is simple, the FBI explains: “Scammers impersonate bank reps to convince victims that hackers have infiltrated their financial account. Victims are urged to move their money fast to protect their assets. In reality, there was never a hacker, and the money that was wired is now fully controlled by the scammer.”
In an incident response in Q4 of 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints. The threat actor later leveraged this access to deploy RansomHub encryptors throughout the entire impacted network. ReliaQuest documented an earlier version of this malware on their website in February 2024.
Online criminals are targeting individuals and businesses that advertise via Google Ads by phishing them for their credentials — ironically — via fraudulent Google ads.
The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages. We believe their goal is to resell those accounts on blackhat forums, while also keeping some to themselves to perpetuate these campaigns.
This is the most egregious malvertising operation we have ever tracked, getting to the core of Google’s business and likely affecting thousands of their customers worldwide. We have been reporting new incidents around the clock and yet keep identifying new ones, even at the time of publication.
Since September, Check Point Research has been monitoring a new version of the Banshee macOS stealer, a malware linked to Russian-speaking cyber criminals targeting macOS users.
This new version had been undetected for over two months until the original version of Banshee Stealer was leaked on XSS forums, which resembled similarities with the malware’s core functionality.
One notable difference between the leaked source code and the version discovered by Check Point Research is the use of a string encryption algorithm. This algorithm is the same as Apple uses in its Xprotect antivirus engine for MacOS.
One method of distributing Banshee Stealer involved malicious GitHub repositories, targeting Windows users with Lumma Stealer and macOS users with Banshee Stealer.
Banshee operated as a ‘stealer-as-a-service’, priced at $3,000, and was advertised through Telegram and forums such as XSS and Exploit. On November 23, 2024, the malware’s source code was leaked, leading the author to shut down the operations the following day.
Despite shutting down the operation, threat actors continue to distribute the new version of Banshee via phishing websites.
The Commission has presented an EU Action Plan to strengthen the cybersecurity of hospitals and healthcare providers. This initiative is a key priority within the first 100 days of the new mandate, aiming to create a safer and more secure environment for patients.
In 2023 alone, EU countries reported 309 significant cybersecurity incidents targeting the healthcare sector – more than any other critical sector. As healthcare providers increasingly use digital health records, the risk of data-related threats continues to rise. Many systems can be affected, including electronic health records, hospital workflow systems, and medical devices. Such threats can compromise patient care and even put lives at risk.
Now we’re in 2025, a lot more services are offering passkeys as a replacement for passwords and the NCSC believes they are the future of modern authentication. However, there are still some significant bumps in the road ahead. Here we set out the case for mass adoption of passkeys and outline the remaining issues which are hindering their widespread implementation. The NCSC will work alongside industry to help resolve these problems and help to get passkeys over the line.
ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate. Exploitation of this vulnerability leads to the execution of untrusted code during system boot, enabling potential attackers to easily deploy malicious UEFI bootkits (such as Bootkitty or BlackLotus) even on systems with UEFI Secure Boot enabled, regardless of the installed operating system.
Chinese hackers breached the US government office that reviews foreign investments for national security risks, three US officials familiar with the matter told CNN.
The theft, which has not previously been reported, underscores Beijing’s keen interest in spying on a US government office that has broad powers to block Chinese investment in the US as tensions between the world’s two superpowers remain high.
The breach was part of a broader incursion by the hackers into the Treasury Department’s unclassified system. The office targeted by the hackers, the Committee on Foreign Investment in the US (CFIUS), in December gained greater authority to scrutinize real estate sales near US military bases. US lawmakers and national security officials have grown increasingly worried that the Chinese government or its proxies could use land acquisitions to spy on those bases.
In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group. This is the first time we have identified a shift in Star Blizzard’s longstanding tactics, techniques, and procedures (TTPs) to leverage a […]