InfoSec News Nuggets 5/15/2024

Cybercriminal puts INC Ransom source code up for sale  A cybercriminal who has assumed the name "salfetka" is purportedly selling the source code for the INC Ransom ransomware-as-a-service operation, BleepingComputer reports. The sale was being advertised on the Exploit and XSS hacking forums for $300,000 and included both Windows and Linux/ESXi versions, with the seller restricting buyers to three. The legitimacy of the sale is bolstered by technical details and the inclusion of both old and new INC Ransom URLs in…
Read More

InfoSec News Nuggets 09/30/2022

Covert malware targets VMware for hypervisor-level espionage Emerging covert malware families that target VMware environments could allow criminals to gain persistent administrative access to the hypervisor, transfer files, and execute arbitrary commands between virtual machines, according to VMware and Mandiant, which discovered the software nasty earlier this year. The now-Google-owned threat intel team attributed the intrusions to an uncategorized group it calls UNC3886 and says it suspects the criminals' motivation to be espionage. It also asserts "with…
Read More

InfoSec News Nuggets 05/19/2022

Long lost @ symbol gets new life obscuring malicious URLs Threat actors have rediscovered an old and little-used feature of web URLs, the innocuous @ symbol we usually see in email addresses, and started using it to obscure links to their malicious websites. Researchers from Perception Point noticed it being used in a cyberattack against multiple organization recently. While the attackers are still unknown, Perception Point traced them to an IP in Japan. The attack started with a phishing…
Read More