Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 8

Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

Then last year, Trustwave SpiderLabs revealed details of another phishing campaign targeting the same region with malicious payloads which it said exhibits similarities with that of Horabot malware.

The latest set of attacks starts with a phishing email that employs invoice-themed lures to entice users into opening a ZIP archive containing a PDF document. However, in reality, the attached ZIP file contains a malicious HTML file with Base64-encoded HTML data that’s designed to reach out to a remote server and download the next-stage payload.

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

“Attackers can exploit the flaw via a malicious web page or script that causes the scripting engine to misinterpret object types, resulting in memory corruption and arbitrary code execution in the context of the current user. If the user has administrative privileges, attackers could gain full system control – enabling data theft, malware installation, and lateral movement across networks.”

CVE-2025–30400 is the third privilege escalation flaw in DWM Core Library to be weaponized in the wild since 2023. In May 2024, Microsoft issued patches for CVE-2024–30051, which Kaspersky said was used in attacks distributing QakBot (aka Qwaking Mantis) malware.

“Since 2022, Patch Tuesday has addressed 26 elevation of privilege vulnerabilities in DWM,” Satnam Narang, senior staff research engineer at Tenable, said in a statement shared with The Hacker News.

Ransomware attacks drive majority of US health data breaches, analysis shows

A new study led by researchers from Michigan State University, Yale University and Johns Hopkins University reveals that ransomware attacks—which involve a hacker putting encryption controls into a file and then demanding a ransom to unlock the files—have become the primary driver of health care data breaches in the United States, compromising 285 million patient records over 15 years.

Published May 14 in JAMA Network Open, the study provides the first comprehensive analysis of ransomware’s role in health care breaches across all entities covered by privacy laws—hospitals, physician practices, and data clearinghouses—from 2010 to 2024.

“Ransomware has become the most disruptive force in health care cybersecurity,” said John (Xuefeng) Jiang, Eli Broad Endowed Professor of accounting and in the MSU Broad College of Business and lead author of the study. “Hospitals have been forced to delay care, shut down systems and divert patients—all while sensitive patient data is held hostage.”

413,032 Americans Affected As Major Data Breach Leaks Customer Names, Social Security Numbers, Financial Records and More

Hundreds of thousands of Americans are now at risk of identity theft and fraud after a major data breach at a human resources firm.

In a new filing with the Office of the Maine Attorney General, Maryland-based Kelly Benefits says it has discovered a significant cybersecurity incident impacting 413,032 people.

The company says an internal investigation revealed that an unknown entity gained unauthorized access to its database and stole sensitive customer information, including names, dates of birth, Social Security numbers, tax ID numbers, medical and health insurance records and financial account datasets.

Google links new LostKeys data theft malware to Russian cyberspies

Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations.

In December, the United Kingdom and Five Eyes allies linked ColdRiver to Russia’s Federal Security Service (FSB), the country’s counterintelligence and internal security service.

Google Threat Intelligence Group (GTIG) first observed LostKeys being “deployed in highly selective cases” in January as part of ClickFix social engineering attacks, where the threat actors trick targets into running malicious PowerShell scripts.

New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims

Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems (TDSes).

The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS threat intelligence firm Infoblox.

The attacks have been observed to lure victims with bogus platforms, including cryptocurrency exchanges, which are then advertised on social media platforms. An important aspect of these scams is the use of web forms to collect user data.