Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. https://threatpost.com/reservation-links-prey-on-travelers/180462/

The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data. https://threatpost.com/water-supplier-hit-clop-ransomware/180422/

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings. https://threatpost.com/black-hat-and-def-con-roundup/180409/

The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities. https://threatpost.com/zeppelin-ransomware-resurfaces/180405/

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads. https://threatpost.com/threat-pivot-microsofts-macro/180319/

Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes. https://threatpost.com/messaging-apps-cybercriminals/180303/

Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain. https://threatpost.com/malware-hijacks-facebook/180285/

Aamir Lakhani, with FortiGuard Labs, answers the question; Why is the Conti ransomware gang targeting people and businesses in Costa Rica? https://threatpost.com/contis-costa-rica/180258/

300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services. https://threatpost.com/magecart-restaurant-ordering-systems/180254/

Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant. https://threatpost.com/google-boots-malware-marketplace/180241/

Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530. https://threatpost.com/h0lygh0st-ransomware-north-korea/180232/

Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials and also track them. https://threatpost.com/journalists-target-apts/180224/

Victims instructed to make a phone call that will direct them to a link for downloading malware. https://threatpost.com/callback-phishing-security-firms/180182/

The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine. https://threatpost.com/sneaky-malware-backdoors-linux/180158/

State-sponsored actors are deploying the unique malware–which targets specific files and leaves no ransomware note–in ongoing attacks. https://threatpost.com/healthcare-maui-ransomware/180154/

Iran’s steel manufacturing industry is victim to ongoing cyberattacks that previously impacted the country’s rail system. https://threatpost.com/cyberattack-iran-campaign/180122/

Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor. https://threatpost.com/zuorat-soho-routers/180113/

Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture. https://threatpost.com/a-guide-to-surviving-a-ransomware-attack/180110/