VelvetSweatshop Technique Used by Attack Campaign to Deliver LimeRAT

An attack campaign leveraged the Excel VelvetSweatshop encryption technique to deliver samples of the LimeRAT malware family. According to Mimecast, those responsible for this attack campaign turned to VelvetSweatshop to enhance the efficacy of their e… Continue reading VelvetSweatshop Technique Used by Attack Campaign to Deliver LimeRAT

Tupperware Website Compromised with Credit Card Skimmer

Digital attackers compromised the website of kitchen and household products manufacturer Tupperware with a credit card skimmer. On March 20, researchers at Malwarebytes observed that attackers had compromised tupperware[.]com by hiding malicious code w… Continue reading Tupperware Website Compromised with Credit Card Skimmer

Food Delivery Website in Germany Targeted by DDoS Attackers

Malicious individuals targeted a food delivery website located in Germany with a distributed denial-of-service (DDoS) attack. Jitse Groen, founder and CEO of the Germany-based food delivery service Takeaway (Lieferando.de), announced on March 18 that h… Continue reading Food Delivery Website in Germany Targeted by DDoS Attackers

Nefilim Ransomware Threatens to Release Victims’ Data within a Week

A newly discovered ransomware family called “Nefilim” told its victims that it would publish their stolen data within a week unless they paid their ransom. According to Bleeping Computer, Nefilim started up near the end of February 2020. Th… Continue reading Nefilim Ransomware Threatens to Release Victims’ Data within a Week

Cloudflare Worker Employed as C&C Server by BlackWater Malware

Security researchers spotted BlackWater malware leveraging a Cloudflare Worker for command-and-control (C&C) functionality. MalwareHunterTeam observed that the threat activity began with an RAR file called “Important – COVID-19.rar.&#82… Continue reading Cloudflare Worker Employed as C&C Server by BlackWater Malware

Chatbot Used by Phishing Scammers to Help Victims Provide Their Data

Digital fraudsters incorporated a chatbot into their phishing scam for the purpose of helping victims hand over their personal information. In a scam discovered by MalwareHunterTeam and shared with Bleeping Computer, digital attackers targeted Russian … Continue reading Chatbot Used by Phishing Scammers to Help Victims Provide Their Data

Facebook Sued by OAIC for Allegedly Violating Over 300K Aussies’ Privacy

The Office of Australian Information Commissioner (OAIC) filed a lawsuit alleging that Facebook violated the privacy of over 300,000 of its Australian users. On March 9, OAIC announced that it had submitted court documents against Facebook. In those ma… Continue reading Facebook Sued by OAIC for Allegedly Violating Over 300K Aussies’ Privacy

Expired Certificates Used as Disguise to Spread Buerak, Mokes Malware

Researchers observed digital attackers employing expired security certificates as a disguise to distribute the Buerak downloader and Mokes malware. Kaspersky Lab learned of a new attack method in which malicious actors leveraged infected websites to wa… Continue reading Expired Certificates Used as Disguise to Spread Buerak, Mokes Malware

Let’s Encrypt Says It Will Revoke 3M Certificates Due to Software Bug

Non-profit certificate authority (CA) Let’s Encrypt announced it will revoke more than three million digital certificates due to a software bug. On March 3, Let’s Encrypt revealed its plan to revoke 3,048,289 currently-valid certificates. T… Continue reading Let’s Encrypt Says It Will Revoke 3M Certificates Due to Software Bug

PwndLocker Ransomware Targeting Municipalities, Enterprise Networks

Security researchers discovered a new ransomware family called “PwndLocker” targeting municipalities and enterprise networks. Bleeping Computer learned that PwndLocker has been active since late 2019 and has targeted a variety of U.S. citie… Continue reading PwndLocker Ransomware Targeting Municipalities, Enterprise Networks