infosec (11)

13698732068?profile=RESIZE_400xCybersecurity researcher Jeremiah Fowler identified two unprotected, misconfigured databases containing nearly one million records linked to Ohio Medical Alliance LLC, a company better known under its brand name Ohio Marijuana Card.  Fowler, who reported the exposure to Website Planet, found that the databases were left open without encryption or password protection, allowing anyone with an internet connection to access names, Social Security numbers (SSN), dates of birth, home addresses, and hi

13698736680?profile=RESIZE_400xWhy hack when hackers are willing to sell guaranteed access to breached networks?  Increasingly, cybercrooks agree they would rather outsource than bother with the tedium of actual network penetration, leading to a flourishing initial access market.  Remote access to a victim's network now retails for an average price of $2,700, although about 40% of what's being sold goes for much less $500 to $1,000, noted in a report from cybersecurity firm Rapid7.   Research is based on listings posted over

13695972075?profile=RESIZE_400xHomeland Security Investigations (HSI), in partnership with US and international law enforcement agencies, has dismantled the infrastructure behind BlackSuit ransomware, a major cybercriminal group and successor to Royal ransomware, in a coordinated global operation.  The action targeted the backbone of the group's operations, including servers, domains, and digital assets used to deploy ransomware, extort victims, and launder proceeds.  According to US Immigration and Customs Enforcement (ICE),

13695969292?profile=RESIZE_400xGoogle has announced a significant data breach that has hit its corporate Salesforce database, and Google sent email notifications to the affected users on 08 August 2025.  Earlier, Google had said that one of its corporate Salesforce instances was compromised in June 2025 by the notorious cybercriminal group known as ShinyHunters, officially tracked as UNC6040 by the Google Threat Intelligence Group.  “We believe threat actors using the 'ShinyHunters' brand may be preparing to escalate their ex

13695967497?profile=RESIZE_400xRemote Access Trojans, also known as RATs, have been around for years, although their prevalence in the market has surged recently.  RATs are digital skeleton keys, giving an attacker remote control over a system, often without the user ever knowing.  This kind of access often starts with someone clicking a malicious link or opening a rogue attachment in a phishing email or messaging app.  From there, the attacker can move laterally, steal data, monitor activity, or trigger ransomware.

RATs have

13674811660?profile=RESIZE_400xThe  Fortinet team recently investigated a cluster of virtual private servers (VPS) used for Monero mining.  The identified samples are associated with prior H2miner campaigns that researchers documented in 2020 and have since been updated with new configurations.  H2Miner is a Crypto mining botnet that has been active since late 2019.

Analysts also identified a new variant of the Lcryx ransomware, called Lcrypt0rx. Lcryx is a relatively new VBScript-based ransomware strain first observed in Nov

13674217693?profile=RESIZE_400xThe Cybersecurity Team at SafetyDetectives has uncovered a post on a clear web forum where a threat actor claimed to be selling a database containing 61 million records allegedly belonging to Verizon customers.  The data, packaged in a 3.1 GB CSV/JSON file and dated as “2025,” was offered for purchase on a platform known for hosting discussions on database leaks, cracks, and downloads.  Clear web forums, accessible to anyone with an internet connection, are popular among hackers for sharing and

13660413898?profile=RESIZE_400xThe month of July could barely have started any worse for some financial institutions in Brazil.  On 30 June 2025, C&M Software, a Brazilian company that provides a "bridge" helping the country's central bank connect to local banks, revealed that it had been hacked.  810,306,000 Brazilian reals (approximately US$140 million) were stolen from the reserve accounts of six financial institutions because of the security breach.

In the wake of the attack, which made news headlines in Brazil, the count

13661832872?profile=RESIZE_192XIn April 2025, Huntabil.IT observed a targeted attack on a Web3 startup, attributing the incident to a DPRK threat actor group.  Several reports on social media at the time described similar incidents at other Web3 and Crypto organizations.  Analysis revealed an attack chain consisting of an eclectic mix of scripts and binaries written in AppleScript, C++, and Nim.  Although the early stages of the attack follow a familiar DPRK pattern using social engineering, lure scripts, and fake updates, th

13660412470?profile=RESIZE_400xCybersecurity researchers have observed a surge in identity-driven cyberattacks targeting employee login credentials.   According to a new report by eSentire’s Threat Response Unit (TRU), between 2024 and the first quarter of 2025, 19,000 identity-related cyber investigations revealed a 156% increase in such threats compared to 2023.  These incidents now account for 59% of all confirmed threats across eSentire’s customer base of over 2000 organizations.[1]

One of the biggest enablers of this tre

10920542099?profile=RESIZE_192XI should not be writing this article in 2022, but sometimes the apparent need to be restated.  Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad.  For example, recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack.  See: https://www.bleepingcomputer.com/news/security/play-ransomware-claims-attack-on-belgium-city-of-antwerp/

As usual, all parties cried "foul play" and suggested that proper