Security News > 2023 > July

A financially motivated cybercrime gang has been observed deploying BlackCat ransomware payloads on networks backdoored using a revamped Sardonic malware version. While their attacks' end goal revolves around stealing payment card data from Point-of-Sale systems, FIN8 has expanded from point-of-sale to ransomware attacks to maximize profits.

A critical design flaw in the Google Cloud Build service discovered by cloud security firm Orca Security can let attackers escalate privileges, providing them with almost nearly-full and unauthorized access to Google Artifact Registry code repositories. Dubbed Bad.Build, this flaw could enable the threat actors to impersonate the service account for the Google Cloud Build managed continuous integration and delivery service to run API calls against the artifact registry and take control over application images.

Norwegian mining and recycling giant TOMRA says it has isolated tech systems as it deals with an "Extensive cyberattack."TOMRA has multiple divisions that focus on areas including waste and recycling solutions, metal sorting systems, mining machine systems and food sorting equipment.

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that's commonly associated with Chinese hacking crews. The cybersecurity company said the incident could be the result of a supply-chain attack, in which a legitimate piece of software used by targets of interest is trojanized to deploy malware capable of gathering sensitive information from compromised systems.

VirusTotal has suffered a data leak that exposed the names and email addresses of 5,600 of its registered users. VirusTotal data leak exposed exploitable information.

Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, have leaked on the internet. The security incident, which comprises a database of 5,600 names in a 313KB file, was first disclosed by Der Spiegel and Der Standard yesterday.

The person claims a few of them walking together one night saw a cone on the hood of an AV, which appeared disabled. They weren't sure at the time which came first; perhaps someone had placed the cone on the AV's hood to signify it was disabled rather than the other way around.

Discover stories about threat actors' latest tactics, techniques, and procedures from Cybersixgill's threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks.

The financially motivated threat actor known as FIN8 has been observed using a "Revamped" version of a backdoor called Sardonic to deliver the BlackCat ransomware. Known to be active since at least 2016, the adversary was originally attributed to attacks targeting point-of-sale systems using malware such as PUNCHTRACK and BADHATCH. The group resurfaced after more than a year in March 2021 with an updated version of BADHATCH, following it up with a completely new bespoke implant called Sardonic, which was disclosed by Bitdefender in August 2021.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.