Internet threat news

In what is most likely the first criminal case involving artificially increasing music streams, one musician has been charged with fraudulently inflating music streams. Michael Smith was charged with developing a scheme to create hundreds of thousands of songs with artificial intelligence and using bots to stream the AI-generated songs billions of times.

As a result of the scheme, Smith fraudulently garnered more than 10 million USD in royalties resulting from the automated streams of AI-generated music.

MacroPack, a framework developed by security researchers for red team exercises, has been abused by various threat actors to deliver several malware payloads to victims. Cisco Talos discovered that threat actors were using MacroPack to deploy malicious payloads that included Havoc, Brute Ratel, and PhatomCore.

In a recent filing to the U.S. Securities and Exchange Commission (SEC), oil and gas services giant Halliburton revealed they had suffered a cyberattack that disrupted the company's IT systems and business operations. According to the filing, the company reported the attack on August 21, 2024.

In recently published research, researchers at security firm ESET discovered a zero-day vulnerability impacting WPS Office for Windows. WPS Office, developed by Chinese firm Kingsoft, is incredibly popular in Asia.

Reportedly, it has over 500 million active users worldwide. ESET researchers discovered two zero-day vulnerabilities that would allow a threat actor to execute malicious code.

Threat actors have begun using progressive web applications (PWA) to impersonate banking apps with the goal of tricking victims into unwillingly handing over online banking credentials.

Kootenai Health, a not-for-profit healthcare provider in Idaho, operating the largest hospital in the region, offering a wide range of medical services, including emergency care, surgery, cancer treatment, cardiac care, and orthopedics, disclosed they had suffered a data breach.

Approximately over 464,000 patients after their personal information was stolen and leaked, with the 3AM Ransomware gang being the culprits.

A recent article published by Reuters shows a marked increase in GPS Spoofing attacks targeting airlines. GPS spoofing is a malicious attack in which Global Positioning System (GPS) data is manipulated to mislead a GPS receiver about its actual location.

This could cause significant disruptions, as it can misdirect navigation systems, mislead delivery vehicles, or even trick smartphone apps. The attack methodology also tricks commercial airplanes into their exact location.

In a statement released by INTERPOL, it was revealed the international policing agency helped recover 40 million USD stolen from a victim who suffered a Business Email Compromise (BEC) attack.

These are attacks where threat actors compromise an enterprises' email service, then trick employees to pay invoices from suppliers into accounts controlled by the threat actor.

A recent report by Zscaler revealed that the Dark Angels ransomware gang received a record-breaking 75 million USD ransom payment from a Fortune 50 company.

According to a recent report by Microsoft Threat Intelligence, researchers discovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors.

In practice, these hypervisors are installed on server hardware, which further enables the installation of virtual machines using server resources.

To say that the financially motivated, advanced persistent threat group FIN7 is notorious is an understatement. The Russian-speaking group of hackers has been active since 2013 and primarily focused on financial fraud and stealing credit card details. The group then moved to the ransomware game in a big way.

MuddyWater, also tracked as Earth Vetala, MERCURY, Static Kitten, and Seedworm, is an Iranian state-sponsored threat actor that has been active since 2017. In the past, we have seen the group extensively use zero-day exploits on several separate occasions.

The group has also proven highly capable of developing and deploying its custom malware strains to further its objectives and those of the Iranian state. The newly discovered BugSleep malware indicates this group's malware development capability.

On July 2, 2024, Ethereum disclosed that a threat actor compromised Ethereum's mailing list provider and sent to over 35,000 addresses a phishing email with a link to a malicious site running a crypto drainer.

A banking trojan first discovered in 2020 has made a comeback, according to threat intelligence firm Cleafy. Called Medusa, not to be confused by the ransomware gang or the botnet going by the same name, the malware targets Android devices and is offered as a Malware-as-a-Service to other threat actors for a fee.

In the most recent campaign discovered by security researchers, a new version of Medusa is being used to target Android users in France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey.