Cyber Attack

Hackers misuse Microsoft Entra ID accounts to steal data from Microsoft 365 and Azure. A very advanced cyberattack by a group called Storm-2949 is aiming at Microsoft Entra ID accounts to take sensitive data from Microsoft 365 and Azure. Storm-2949 used real cloud management tools to get deep access to …

BGD e-GOV CIRT found a cyber-attack campaign using AsyncRAT (Asynchronous Remote Access Trojan) aimed at Bangladesh. Threat analysis shows that the website ck44jili[.]com is a main Control Center (C2) for the AsyncRAT malware. The campaign mixes malware, remote access, and fake financial tricks. Attackers hide harmful files as real software …

BleepingComputer reported NVIDIA has confirmed in a statement that GeForce NOW user information has been exposed in a data breach. The big gaming and hardware company said the effect is only in Armenia and happened because a regional partner’s system was compromised. The company added that its own network was …

Trellix reported a security flaw that impacted part of its source code repository, but the company states there is no evidence of code being used wrongly. It quickly started a probe with experts and informed the law enforcement agency. “Trellix recently identified unauthorized access to a portion of our source …

A hacker claimed that 1.2TB of private data stolen from Standard Bank, including client credit card details, will be shared online in stages. The bank, the largest in South Africa by assets, was breached in late February, with the hacker known as “ROOTBOY” claiming that they spent “just over three …

Hackers are claiming that one of China’s most strategically important computing facilities suffered a massive cyber intrusion, with more than 10 petabytes of sensitive information allegedly taken from a state-run supercomputing environment that experts suspect is the National Supercomputing Center in Tianjin. If true, this event might be one of …

The EU’s cybersecurity agency said on Thursday that a recent hack and data leak at the EU was done by a cybercriminal group called TeamPCP. In a new report, CERT-EU said that hackers exfiltrated about 92 gigabytes of data from an Amazon Web Services (AWS) account linked to the European …

A bad actor named “Mr. Raccoon” claims to breach Adobe leaking 13 million support tickets with personal data, 15,000 employee records, all HackerOne bug bounty reports, and various internal documents, as stated in a report by International Cyber Digest. The threat actor said the intrusion didn’t start inside Adobe. Instead, …

ShinyHunters claim to compromise over 3 million Salesforce records with personal data, GitHub files, AWS storage, and other compromised company information. On March 31st, ShinyHunters posted extortion demands targeting Cisco Systems. The hackers are threatening the company with “several annoying (digital) problems,” unless their demands are met by April 3rd. “A …

There has been a sharp rise in malware linked to the Nymaim / Avalanche loader in Bangladesh. CIRT BD observed over 27,000 malware events, which means bad actors are trying to infect systems and there is ongoing contact with the botnet. Threat Overview Nymaim (also known as Gozi ISFB Loader) …