loading..

Product

Our Product

We are Reshaping the way companies find and fix critical vulnerabilities before they can be exploited.

loading..

Threatspy

Solutions

By Industry

Health Care

Education

IT & Telecom

By Role

Government

CISO/CTO

DevSecops

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

loading..

Threat Feeds

loading..

Threat Research

loading..

White Paper

loading..

SB Blogs

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..

Our Story

loading..

Our Team

loading..

Careers

Press & Media

loading..

Contact Us
loading..
loading..

Request Demo

loading..

By submitting this form, you agree to our Subscription Agreement and Legal Policies.

background
background
loading..
loading..
loading..
Loading...

Android

Scamware

Dark Herring

loading..
loading..
loading..

Dark Herring malware targeted over 105M android users in a app subscription fraud globally

Android users are falling prey to an active app subscription based fraud campaign involving a newly emerged Dark Herring malware...

loading..
  27-Jan-2022
loading..
 4 min read

Related Articles

loading..

Hacking

Hackers infiltrated Zola to initiate fraudulent cash transfers by accessing user...

Zola, a popular wedding registry, recently confirmed that hackers attempted to exfiltrate fraudulent cashouts after managing access to its users accounts but has denied a system breach. Many of its users took to social media to report about the suspicious incident that their accounts had been compromised, bringing the matter to the spotlight. While others began to complain that thousands of dollars had been unknowingly debited to their credit cards, moreover others also filed complaints that their Zola accounts had been exhausted. <br> Emily Forrest, a spokesperson for Zola, said in a statement to [TechCrunch](https://techcrunch.com/2022/05/23/zola-accounts-hacked/) that accounts had been compromised due to a credential stuffing attack, in which existing sets of exposed or compromised usernames and passwords were used to access accounts on different sites that share the same set of credentials. <br> _"While this attack did not vastly affect Zola couples, we extend our sincerest apologies to anyone who experienced any skeptical activity in their account,''_ stated Forrest. _"Our staff acted as swiftly as possible to protect our community of couples and guests, and we were able to prevent all fraudulent transfer attempts."_ <br> Telegram channel messages boasting about users discussing and spreading screenshots of unauthorized access to user accounts via the Zola app. The partially redacted screenshots depict hackers ordering gift cards from a user's account, including using the credit card on file with Zola. The gift cards are then delivered to the hackers' email address placing the order. Fraudsters frequently utilize gift cards due to their infamously difficult traceability. <br> Zola acknowledged the gift card orders and stated that the company is _"immediately working"_ to rectify the errors. The great majority of orders for gift cards have already been returned, according to Forrest. Any step a couple failed to take will be rectified. Zola stated that it briefly halted its iOS and Android apps during the incident and reset all user passwords out of _"an excess of caution."_ <br> Less than 0.1% of accounts were compromised, according to Zola, although the company would not specify how many users were affected. The wedding register also declined to respond to any additional inquiries regarding the lack of two-factor authentication (2FA) currently provided to users. _"Our support team is working feverishly to reply to every affected customer, and we really appreciate their patience,"_ Forrest added. <br> We guarantee that all unresolved customer concerns will be answered and addressed. In a tweet, the business asked consumers who had had funds stolen or fraudulent transactions to email its support team. Forrest informed TechCrunch that _"all monies, credit cards, and bank information remain secure"_ and _" all cash funds have been recovered."_

loading..
  24-May-2022
loading..
  3 min read
loading..

Ransomware

BlackBerry researchers linked Onyx and Yashma ransomware with the Chaos ransomwa...

Researchers publish new findings about the Chaos ransomware developer, revealing a tangled family tree that connects it to both the Onyx and Yashma ransomware strains. The BlackBerry research and intelligence team stated in a blog post that clues to the Chaos malware's links to Onyx and Yashma emerged via a conversation between a recent victim and the threat group behind Onyx ransomware. The conversation happened on the threat actor's leak site. According to the researchers, a person claiming to be the creator of the Chaos ransomware builder's kit entered the discussion and revealed that Onyx was built using the author's own Chaos v4.0 Ransomware Builder. The author then promoted the most recent version of the Chaos ransomware family, now known as Yashma. This was not the first time the link between Chaos and Onyx had been revealed. Onyx's wares were also found to be built on the Chaos ransomware creator, according to SC Media on April 29. Chaos-adaptability Yashma's and widespread availability, according to BlackBerry researchers, make it worrisome in the future. Because the malware is initially marketed and distributed as a malware builder, any threat actor who acquires it can mimic the actions of the threat group behind Onyx, generating their ransomware strains and targeting specific victims. "Our research delves into the mindset of these threat actors by showing an online exchange from someone claiming to be the very same Chaos ransomware builder author, in addition to the technical deep-dive provided on the Chaos malware family tree," said Ismael Valenzuela Espejo, BlackBerry's vice president of threat research and intelligence. "It's interesting to observe how, aside from the obvious money motivation, there's a sense of pride in their creations, even if this malware has been labeled as a 'proof of concept' and 'unsophisticated wiper' by several researchers in the last year," Espejo continued. "It's also fascinating to observe how this comes from someone who, approximately a year earlier, tried to steal the thunder from an existing threat group (Ryuk), but was enraged when their creation (Chaos/Yashma) was also stolen and utilized as the foundation of a new threat (Onyx)." According to John Hammond, senior security researcher at Huntress, the BlackBerry research provides a great historical perspective of the Chaos ransomware's roots and development leading up to its sixth iteration and new branding name, Yashma. According to Hammond, the newest crypter incorporates new features and functionalities to detect if the ransomware is being operated in a prohibited country, disable antivirus, and terminate services for other preventive measures. "It's a little frightening to see the rapid evolution of ransomware tooling becoming something so configurable and advanced," Hammons added. "A cybercriminal group, like a software firm, provides new features and upgrades to their product, making it faster, more versatile, and more accessible to their customers...but this time, with malicious purpose." The announcement of a new and improved Chaos ransomware variant isn't reason to raise the alarms and turn on the sirens, but it is another wind of warning: the adversaries are just getting stronger. A good security posture that includes monitoring, redundancy, and strong detection efforts remains the greatest basis for combating a threat actor's end-goal of ransomware." According to Nicole Hoffman, senior cyber threat intelligence analyst at Digital Shadows, the Maze ransomware gang changed everything in 2019 by introducing double-extortion, and now the majority of ransomware attacks result in data breaches. According to Hoffman, Chaos ransomware variants can erase files larger than about 2 gigabytes, resulting in a highly damaging attack for many enterprises. "It would be sad if destructive ransomware becomes a new industry trend, with more amateur crooks entering the picture," Hoffman said. "In any case, security teams should stay ahead of the threat by following the 3-2-1 back-up rule, which means three copies of the data, two media types used for back-ups, and one offsite backup." This is not a new rule, but it is more important than ever in combating destructive ransomware attacks."

loading..
  24-May-2022
loading..
  4 min read
loading..

Data Breach

Ophthalmology

More than 194,000 patients were notified by Regional Eye Associates that their d...

Regional Eye Associates in West Virginia has issued a [data breach alert](https://www.readocs.com/medical-record-breach-2021/) informing 194,035 patients that their personally identifiable information was unauthenticated accessed and erased from a third-party vendor's system in December 2021, before of a ransomware attack. <br> Although Eye Care Leaders is not explicitly mentioned in the letter, it is similar to several other provider notices related to a ransomware attack on the cloud-based electronic medical record company. In addition to the December event, ECL has been embroiled in provider-based litigation following a year of purported disruptions connected to various ransomware attacks and claims of an insider incident. <br> ECL notified Regional Eye on 1st March about the occurrence and its potential consequences. The warning, like the EvergreenHealth and Summit Eye Associates releases, was issued a month after the 60-day deadline mandated by The Health Insurance Portability and Accountability Act. <br> According to the Regional Eye notification, an attack gained access to ECL's system on December 4 and _"removed many databases between the hours of 7:18 p.m. and 10:13 p.m. before being found and locked out of the system."_ <br> So far, no evidence has been found that any health information was stolen before being destroyed. The probe, however, remains ongoing. As a result, Regional Eye advises patients to post fraud warnings on their credit reports to protect themselves against identity theft. <br> Notably, Regional Eye is still using ECL for its services and is collaborating with the vendor on the forensic inquiry. _"To prevent future attacks, ECL has installed technical, administrative, and physical precautions."_ Access restrictions, permissions, and data storage security protocols must be reviewed and updated.

loading..
  24-May-2022
loading..
  2 min read