DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls
Well known for targeting victims with fake job postings, North Korea state-sponsored hackers have been discovered using a new variant of their BeaverTail malware to trick macOS users into downloading a malicious version of Microtalk, a video-calling service. Details about the latest campaign were published by cybersecurity researcher Patrick Wardle, who explained in his writeup that the threat actors likely lured their victims into downloading the updated BeaverTail-infected version of Microtalk by asking them to join a job interview.
How did the auto dealer outage end? CDK almost certainly paid a $25 million ransom
CDK Global, a software firm serving car dealerships across the US that was roiled by a cyberattack last month, appears to have paid a $25 million ransom to the hackers, multiple sources familiar with the matter told CNN. The company has declined to discuss the matter. Pinpointing exactly who sends a cryptocurrency payment can be complicated by the relative anonymity that some crypto services offer. But data on the blockchain that underpins cryptocurrency payments also tells its own story. On June 21, about 387 bitcoin — then the equivalent of roughly $25 million — was sent to a cryptocurrency account controlled by hackers affiliated with a type of ransomware called BlackSuit, Chris Janczewski, head of global investigations at crypto-tracking firm TRM Labs, told CNN.
Qilin Ransomware’s Sophisticated Tactics Unveiled By Experts
Security researchers have unveiled more information about the Qilin ransomware group, which recently targeted the healthcare sector with a $50 million ransom demand. The attack on Synnovis, a pathology services provider, significantly impacted several key NHS hospitals in London earlier this month. Since its identification in July 2022, Qilin has gained notoriety for offering Ransomware-as-a-Service (RaaS) on underground forums, starting in February 2023. Initially evolving from the Agenda ransomware written in Go, Qilin has since transitioned to Rust, reflecting a shift towards more robust and efficient malware construction.
Family Location Tracker App Life360 Breach: 443,000 Users’ Data Leaked
Hackers have dumped the personal details of over half a million users of Life360, a popular family safety and location-sharing app for Android and iOS. The data breach occurred in March 2024, but the database was only leaked on the notorious Breach Forums on Wednesday, July 17, 2024. It is worth noting that Life360 is not new to cybersecurity incidents. In June 2024, location tracker firm Tile, whose parent company is Life360, also suffered a massive data breach in which a hacker not only managed to steal sensitive data but also accessed internal tools. Although both incidents appear to be linked, the actual hacker(s) responsible for this breach remain unknown. However, the data was leaked on the forum by another hacker using the alias “Emo.” Emo is the same hacker who recently leaked over 15 million Trello customer accounts in a breach that took place in January 2024.
Automated Threats Pose Increasing Risk to the Travel Industry
As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That’s according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry’s web traffic in 2023—a significant jump from 37.4% in 2022. The summer travel season and major European sporting events are expected to drive increased consumer demand for flights, accommodation, and other travel-related services. As a result, Imperva warns that the industry could see a surge in bot activity. These bots target the industry through unauthorized scraping, seat spinning, account takeover, and fraud.
