Arrested Russian hacker Pavel Sitnikov looks to start a new chapter
Editor’s Note: In December 2020, The Record published an interview between Recorded Future’s Dmitry Smilyanets and Russian hacker Pavel Sitnikov about ransomware, cybercrime, and his self-proclaimed connection with the...
Stealthy Cyber-Campaign Ditches Cobalt Strike for Rival ‘Brute Ratel’ Pen Test Tool
In a fresh campaign that takes a page from the advanced persistent threat known as APT29, hackers are shifting away from the Cobalt Strike post-exploitation toolkit, instead embracing Brute Ratel...
China’s Tonto Team APT Ramps Up Spy Operations Against Russia
Representing a significant increase in activity, a campaign linked to China started targeting Russia-linked organizations in June with malware designed to collect intelligence on government activities, according to analyses by security...
North Korean State Actors Deploy Surgical Ransomware in Ongoing Cyberattacks on US Healthcare Orgs
The FBI, US Cybersecurity and Infrastructure Security Agency (CISA), and the Treasury Department on Wednesday warned about North Korean state-sponsored threat actors targeting organizations in the US healthcare and...
PennyWise crypto-stealing malware spreads through YouTube
A new strain of crypto-malware is being spread via YouTube, tricking users to download software that’s designed to steal data from 30 crypto wallets and crypto-browser extensions.Cyber intelligence company...
Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data
A routine scan of the NPM open source code repository in April turned up several packages using a JavaScript obfuscator to hide their true function.
After further investigation, analysts with ReversingLabs reported...
Google Chrome WebRTC Zero-Day Faces Active Exploitation
A zero-day security vulnerability in Google Chrome for Android is being actively exploited in the wild, the Internet giant says.
The issue is a high-severity heap-buffer overflow bug (tracked as...
SQL injection, XSS vulnerabilities continue to plague organizations
Despite years topping vulnerability lists, SQL injection and cross-site scripting errors (XSS) remain the bane of security teams, according to a new report by a penetration-testing-as-a-service company.The report by...
Dutch University set to recover more than twice the paid BTC ransom in 2019
Netherland-based Maastricht University (UM) is set to recover nearly €500,000 ($512,150) worth of Bitcoin (BTC) after the police authorities managed to solve the infamous ransomware attack in December 2019.In...
British Army’s social media accounts hacked by crypto scammers
The British Army’s official Twitter, Facebook and YouTube accounts were breached on Sunday for almost four hours, with scammers promoting rip-off nonfungible token (NFT) collections and cryptocurrency scams.Just after...