Npav Lab

A ransomware attack on Comtel Data Centre has severely impacted around 16 stockbrokers, including prominent names like IIFL Securities, 5Paisa, and Axis Securities. The breach has led to blocked exchange access and raised concerns over client data and order flow security. Exchanges have mandated strict security certifications before resuming operations.

Two women in Mumbai, including a 61-year-old homemaker, lost a combined Rs 4.7 lakh to cyber fraudsters. These cases underline the growing sophistication of online scams, including KYC updates and fraudulent advertisements.

A four-month-long cyberattack targeted a major U.S. organization, compromising its network and extracting sensitive data. The breach is attributed to a Chinese state-sponsored group, employing advanced techniques like DLL side-loading, living-off-the-land tools, and targeting Exchange servers.

Chinese state-backed hacking group Salt Typhoon has breached telecommunications companies in dozens of countries, including eight firms in the U.S., exploiting vulnerabilities in private communication networks. This long-running campaign raises alarms about critical infrastructure security and highlights the urgent need for encrypted communications and robust system defenses.

The Horns and Hooves campaign, active since March 2023, has targeted over 1,000 victims with phishing emails containing JavaScript payloads that deploy sophisticated RAT malware like NetSupport RAT and BurnsRAT. This attack primarily targets private users, retailers, and service businesses in Russia, leveraging remote access tools for data theft, ransomware, and malware deployment.

Over 8 million Android users across nine countries have been impacted by SpyLoan malware embedded in loan apps downloaded from the Google Play Store. These apps exploit user trust, financial desperation, and intrusive permissions to harvest sensitive data, leading to extortion, harassment, and financial loss.

Bologna Football Club 1909 has confirmed a ransomware attack by the RansomHub gang, resulting in the theft and public release of sensitive data. The leaked information includes sponsorship contracts, financial records, and personal data of players, employees, and fans, emphasizing the rising cyber threat to sports organizations.

Hackers have leveraged the popular Godot game engine to spread GodLoader malware, infecting over 17,000 systems within three months. By exploiting Godot’s scripting language and packaging capabilities, cybercriminals bypass detection and deliver payloads like the XMRig crypto miner. This attack highlights the need for vigilance within open-source communities and enhanced protection against malware disguised as legitimate tools.

Researchers have discovered "Bootkitty," the first-ever UEFI bootkit targeting Linux systems. Although currently a proof-of-concept, this development signals a critical shift in the UEFI threat landscape, historically dominated by Windows-focused attacks. Bootkitty demonstrates advanced capabilities, including bypassing Secure Boot protocols and disabling kernel integrity checks, emphasizing the need for robust cybersecurity measures to protect Linux environments.

A Russia-aligned cybercrime group, RomCom, has leveraged two zero-day vulnerabilities in Firefox and Windows to deploy its backdoor malware, RomCom RAT, in a series of sophisticated attacks. These vulnerabilities allow remote code execution with no user interaction, escalating the threat posed by this group in both espionage and cybercrime operations.