Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 47

Global Fintech Giant Finastra Investigating Data Breach

Finastra, a global leader in financial technology that serves 45 of the world’s top 50 banks, has confirmed a major data breach impacting its internal file transfer system. The London-based firm, which facilitates vital banking and wire transfers for over 8,100 financial institutions worldwide, detected the breach on Nov. 7.

The breach targeted Finastra’s internally hosted Secure File Transfer Platform, or SFTP, which was exploited using stolen credentials—essentially, a username and password. The attacker claims to have leveraged IBM Aspera, a high-speed file transfer tool to exfiltrate data from Finastra’s systems.

The cybercriminal, known by the alias “abyss0,” first advertised the stolen data for sale on BreachForums, a notorious online marketplace for cybercrime, on October 31. Initially priced at $20,000, the data’s asking price was later halved to $10,000. After gaining attention, “abyss0” disappeared, erasing their presence on both BreachForums and Telegram. This sudden retreat suggests they either secured a buyer or sought to avoid further scrutiny.

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza.

BabbleLoader is an “extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory,” Intezer security researcher Ryan Robinson said in a report published Sunday.

Evidence shows that the loader is being used in several campaigns targeting both English and Russian-speaking individuals, primarily singling out users looking for generic cracked software as well as business professionals in finance and administration by passing it off as accounting software.

Identity Security Is The Cornerstone Of Modern Cyber Defense

The Semperis Hybrid Identity Protection conference kicked off today in New Orleans, gathering identity security experts, practitioners, and thought leaders to explore the evolving world of hybrid identity. This year’s conference, more relevant than ever, highlights a fundamental shift in how organizations approach identity—not just as a tool for managing user access but as a critical layer of cybersecurity that shapes an organization’s defensive posture. In an era of remote work, cloud adoption, and advanced cyber threats, identity has become the new perimeter, making events like HIP essential for fostering innovation, resilience, and collective knowledge in the industry.

Historically, identity management was an IT utility—a straightforward way to grant employees access to necessary resources. However, as digital transformations swept through organizations, the role of identity shifted dramatically. Identity is now central to security strategies, especially with the explosion of SaaS applications, remote access, and mobile workforces. For many organizations, identity is not just about provisioning accounts; it’s the first and last line of defense against unauthorized access and data breaches.

This transition has led to a realignment within organizations, where identity management is increasingly overseen by CISOs rather than traditional IT teams. CISOs recognize that identity management is a security function with direct implications on risk mitigation, compliance, and resilience.

You Can Lock Your Social Security Number After a Data Breach. Here’s How

Your Social Security number is essential for finding employment, filing taxes and applying for credit. It can also be a nightmare to recover if thieves get a hold of your SSN and use it to apply for jobs, open accounts in your name and steal your tax refund.

Blocking electronic access to your SSN may feel extreme — it’s certainly inconvenient. But if you’ve been a victim of identity theft or your personal identifiable information was compromised in a recent data breach, like the hacks of Change Healthcare or National Public Data, where hundreds of millions of people were impacted, locking your SSN may protect you from future harm.

Blocking access or “locking” your SSN will make it extremely difficult for an identity thief to use your SSN for malicious actions. This, coupled with a credit freeze, can help stop identity thieves in their tracks.

Hackers use macOS extended file attributes to hide malicious code

Hackers are using a novel technique that abuses extended attributes for macOS files to deliver a new trojan that researchers call RustyAttr.

The threat actor is hiding malicious code in custom file metadata and also uses decoy PDF documents to help evade detection.

The new technique is similar to how the Bundlore adware in 2020 hid its payloads in resource forks to hide payloads for macOS. It was discovered in a few malware samples in the wild by researchers at cybersecurity company Group-IB.

/* */