Latest Cyber Security News

Telegram Platform is being Exploited by ToxicEye Rat


ToxicEye operators are making use of an instant messaging app named Telegram to control and maintain their malware. This RAT exploits this app as a part of C2 infrastructure, and they are able to conduct data threats excessively due to this.

What has happened?

A researcher from Check Point Research has been tracking the RAT and has detected it in the wild associated with around 1300 attacks in the past three months.

Emotet’s days are now over, due to Recent Law Enforcement


The law enforcement agencies delivered a malware module earlier in January. This caused all the Emotet, one of the most active spam email botnets to be uninstalled from all the infected devices. This takedown was the result of a coordinated international law enforcement action.

What is happening?

There have been few attempts to takedown the botnets and in this attempt, the law enforcement agencies have delivered a new configuration to the currently active emotet infection. Here the spam botnet would automatically use the C2 servers that are controlled by the Germany’s federal police agency, the Bundeskr……..

Spyware Named Flubot I Spreading Through Android Devices


This malware is spreading very rapidly through missed delivery package notification SMS text. The main target of the nasty spyware named FluBot is the mobile phone users all over the UK. 

The message containing text and links notifying about a missed package delivery is sent to the mobile phone users. On clicking on the link, the users are redirected to a malicious website, where they download the application containing the spyware. After completion of the installation, the application asks for various permission to access the data, starts stealing bank credentials and information. They try to steal various sensitive information of the user. 

Guilderland Central School District near Albany was hit by Ransomware


Officials of the school district near Albany revealed that they were targeted by a ransomware and the students of class 7 to class 12 were forced into all-remote learning on Monday.

The school announced the incident in their website and revealed that the malware encrypted some of its information that were available in the system.

WhatsApp Pink: A New Malware That Can Reply to Multiple Messaging App


A new android worm has been detected to be spreading and targeting WhatsApp users all over the Indian subcontinent. This app has been added with advanced capabilities where it can respond to messages automatically that are received on multiple such instant messaging app.

What Happened?

QNAP devices Around the World Are Getting Targeted by Qlocker


Qlocker is an active ransomware group and it is detected to be targeting and attacking QNAP devices all over the world. This campaign started on April 19. The infected user’s files are stored in a password protected 7zip archives. 

The Campaign-

The US is getting targeted increasingly by the State-Sponsored Adversaries


The intelligence community has warned in the recent reports that US adversaries are increasingly using cyberattacks to attack the country. Critical infrastructures are targeted by the Nation-States by using cyber operations. All these raises the probability of cyber attacks that may have the potential to cause more destruction.

The Tale of a Ransomware Cartel


Recent research revealed that a Cartel of four gang allegedly has been distributing and posting the collected data across the leak website. The suspected four gangs that were thought to be working in a cartel include Wizard Spider, Viking Spider, Twisted Spider, and LockBit.

What was discovered?

Phishing campaign pushes malware by impersonating as Global recruitment firm


An ongoing phishing campaign is pushing Ursnif data stealing malware by posing as Michael Page consultant. This malware capable of harvesting credentials and sensitive data from the target system.

Michael Page is a renowned and leading employment agency which focus on recruiting professionals for permanent, contract, temporary or interim positions.

Phishing campaign pushes malware by impersonating as Global recruitment firm


An ongoing phishing campaign is pushing Ursnif data stealing malware by posing as Michael Page consultant. This malware capable of harvesting credentials and sensitive data from the target system.

Michael Page is a renowned and leading employment agency which focus on recruiting professionals for permanent, contract, temporary or interim positions.

Discord Gift Codes is being demanded by NitroRansomware


The newest ransomware block named NitroRansomware has been detected to be demanding Discord Nitro gift codes as ransom from there victims. 

A twist in the tale of Ransomware-

This ransomware was detected first by MalwareHunterTeam and the other researchers helped in analysis of the working of the code.

Another Malware Has Entered the Google Play Store


It is not new that malicious android application posing as legitimate application are found in the Google Play Store. We use to have a notion that any app that is on the Play Store is safe to be downloaded and install. But that is not the case these days, various malware disguise themselves among the application that are there in the play store and lure android users to download and install them.

There are too many Cybercriminal Groups Active Currently


FireEye’s research has revealed that currently there are hundreds of unique hacking groups consisting of active cybercriminals these days.


  • There are more than 1900 active hacker groups which includes APTs, threat actors ho are financially motivated, and other uncategorized groups.
  • In 2020 itself, 514 new malwares were deployed with the top categories among the being backdoors (36%), downloaders (16%), droppers (8%), launchers (7%), and ransomware (5%).
  • 81% of these tools were developed privately while 19% of them were made public.

FlixOnline Poses as a Legitimate app and is Stealing WhatsApp Conversation


A new variant of Android has been detected lurking in the internet. This malware is luring mobile
users by promising free subscription of Netflix. This malware is names FlixOnline and it poses a very
legitimate Netflix Application.
What happened?

FormBook Malware Learns New Trick


Formbook is a commercially available malware service that has come back into action. This is an information stealer that has been available as a service in secret forums since 2016, the latest variants are equipped with new capabilities of obfuscation.

An Unsecured Cloud Server Caused Data Breach of Eversource Energy


The largest energy supplier in New England Eversource suffered a data breach after a customer’s personal information got exposed in an unsecured cloud server.

Eversource is the largest and the latest energy delivery company which currently powers 4.3 million electric and natural gas customers throughout Connecticut, Massachusetts, and New Hampshire.

Manhunt, An Online Dating Application Suffered A Data Breach Which Impacted Several of Its Users.


A Men’s social networking website and the application called Manhunt suffered a data breach that has impacted its customers.

This website has been in the market for 20 years and the data of this website was compromised due to a cyber-attack that it faced in February 2021. This information is according to the security notice filed with the Washington attorney general on April 1.

An unauthorized third party gained access to the database containing the credentials of Manhunt and downloaded some of the information about the users like the username, email address, password.

Google Patched Seven Security Vulnerabilities in Chrome Through Its Issued Update


On Wednesday, Google released version 90.0.4430.85 of the Chrome Web Browser for the OS Windows, Mac, and Linux. This version contains fixes for seven vulnerabilities that were earlier present. The vulnerabilities include the one for a zero-day vulnerability that was exploited in the wild.

Kaspersky Reports That ICS Computer is Facing Increase Number of Ransomware Attacks


Kaspersky has reported that it has detected high number of Ransomware attacks on ICS computers.
The analysis was made from the statistical data that was gathered by the distributed antivirus
Kaspersky Security Network.

Iron Tiger APT Group is using New and Advanced Toolkit


Iron Tiger is a threat group which has upgraded their tool kit. They are now using an updated
SysUpdate variant of their malware. This malware is capable of using more files in its routine of
infection, and it also uses some updated tactics.

The national State cyber criminals are taking over the Global Cyber Realm.


An academia group have found out that the cyber-attack from the nation state is becoming very common nowadays. They analyzed over 200 incidents of cyber-attack since 2009 and revealed that there has been a massive rise in the number of nation-state incidents since between the years 2017 and 2020.

A Casino gets hacked through a fish Tank Thermometer


We have been warned repeatedly to secure our mobile, tablet, computers, etc. But have you ever thought of securing your fish tank? You should have. A casino in North America faced attacked from cyber criminals by using the fish tank thermometer.

Mount Locker and AstroLocker Team Ransomware Groups had a Close Ties Surface


A Threat Response team managed by Sophos revealed a number of close ties between the Mount Locker team and the AstroLocker Team. The security expert teams suspects that these were an effort towards increasing the scale of payouts by rebranding themselves and striking fear among the targets.

REvil Again Breas Safe Mode with Auto-Login Features


The REvil Ransomware has received an update where there are added new features which enables the operators to automate file encryption in Safe Mode after changing the password of the windows. This feature is an addition to the Safe Mode encryption program added last month.

What has happened?

Cyber criminal evades detection of Microsoft Office 365 phishing with HTML Lego pieces.


One of the most recent phishing campaign has used a trick of using chunks of HTML code that are stored remotely and locally to build fraudulent web pages that can collect Microsoft Office 365 credentials.

BazarCall Trojan: A Malware Backed by Call Centres


Cybercriminals have started using call centers as a new technique for conducting attacks. The security researchers have detected a new malware distribution campaign named malware. The malware here is a RAT that has the ability to control the PC of the users and the attackers have devised new tricks to achieve their goal.

Cyber Criminals Target Gamers by Cracking Cheat Codes and Mods to Inject Trojan


The cheat codes that are used by gamers to boost their performance when the games get tough., are getting famous among cybercriminals too. Not only the cheat codes but cybercriminals have also found many other ways to mess with the gamers.

Asteelflash electronics suffers a hit by REvil ransomware attack


Asteelflash, one of the leading electronics manufacturing services faced cyber-attack by the REvil Ransomeware gang. They demanded $24 million ransom. 

The leading company is an electronics manufacturing services (EMS) and it specializes in the designing, engineering, and printing circuit boards. 

Security Researchers are again targeted by North Korean hackers.


North Korean hackers are creating fake accounts in LinkedIn and Twitter and targeting security researchers using them. Google’s Threat Analysis Group (TAG) reported that the attackers have been creating websites of fake company which offers offensive security services.

Phishing scam targets SBI, ICICI, HDFC, Axis Bank, PNB and the Indian IT department


Recently, the security researchers have detected an ongoing phishing campaign where cybercriminals are trying to extract personal and financial information from the Indian users. The targeted banks in the campaign include the State Bank of India, Punjab National Bank, HDFC, ICICI, and Axis Bank.


Phishing scam targets SBI, ICICI, HDFC, Axis Bank, PNB and the Indian IT department

FBI warns Educational organizations about Pysa ransomware attacks


Amid this ongoing pandemic situation, educational organizations are becoming the prime targets for cyber attackers. Recently, the Federal Bureau of Investigation (FBI) Cyber Division has warned the educational institutions about the escalating malicious actions of Pysa ransomware operators. 

FBI warns Educational organizations about Pysa ransomware attacks

Whatsapp, Facebook and Instagram suffers an outage


WhatsApp, Instagram and Facebook suffered a global outage on the night of 19th March, Friday. Users were unable to send or receive messages. Some of them could not even log in to WhatsApp Web. According to Downdetector (a site that monitors outages by collating status reports from users and some other sources)outage took place at around 10:40PM in India and prevented WhatsApp users from sending or receiving messages on the service for more than an hour.

Whatsapp, Facebook and Instagram suffers an outage

Unpatched Vulnerabilities in Cloud Servers gets targeted by Cryptomining Botnet


Security experts have detected that crypto mining botnets are exploiting unpatched vulnerabilities. Attackers are constantly upgrading their tools to scan unpatched vulnerabilities and infect new devices by exploiting those vulnerabilities.

Actively Exploited Windows Kernel EoP Bug Allows Takeover


Recently, Microsoft has addressed 56 security vulnerabilities for February Patch which includes 11 critical and 6 publicly acknowledged. According to security updates, nine critical-severity cybersecurity bugs in February’s Patch have been tackled by Microsoft. Six of the security holes including one particular of the critical bugs have been now publicly disclosed.

Windows Kernel EoP Blogs | IEMLabs

How Social Media leads to Cyber Attacks


In recent times, Social media has become an integral part of our lives. It plays a crucial role in connecting people and developing relationships, not only with key influencers and journalists, but also provides a great opportunity to establish customer service by gathering input, answering questions and listening to their feedback.

Cyber Attacks Blogs | IEMLabs

Microsoft warns about increasing OAuth Office 365 phishing attacks


Microsoft has raised its voice of concern over the issue of increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers in the past few months. An APT known as TA2552 has been spotted using OAuth2 or other token-based authorization methods to access Office 365 accounts, in order to steal users’ contacts and mail.

OAuth Blogs | IEMLabs

Germany Government seize a digital wallet carrying $60 million bitcoins


Recently, Microsoft has addressed 56 security vulnerabilities for February Patch which includes 11 critical and 6 publicly acknowledged. According to security updates, nine critical-severity cybersecurity bugs in February’s Patch have been tackled by Microsoft. Six of the security holes including one particular of the critical bugs have been now publicly disclosed.

$60 million Blogs | IEMLabs

Trickbot Trojan has added network scanning module


Recently, the Trickbot Trojan has added a new network scanning module to scan local network systems with open ports for quick lateral movement. The module uses the Masscan open-source tool to look for open ports with lightning-fast results.

Trickbot Trojan Blogs | IEMLabs

Retail Sector as the favorite target for cybercriminals


Day by day, the retail sectors are becoming the favorite target of cybercriminals. Amid the COVID-19 pandemic, when there is a rapid increase in online purchasing and the major retail firms are using digital platforms to carry out their business, Cybercriminals are more likely to attack these sectors.

Retail Sector Blogs | IEMLabs

Critical Vulnerabilities detected in Realtek Wi-Fi module


Recently, security experts have detected critical vulnerabilities in the Realtek RTL8195A Wi-Fi module that could be exploited by attackers to take complete control of a device’s wireless communications.

Realtek Wi-Fi Blogs | IEMLabs

Zero-Day Vulnerability in SonicWall security products exploited


The cybersecurity firm, NCC Group has identified a Zero-day vulnerability in SonicWall enterprise security products. SonicWall, is a private company headquartered in Silicon Valley that sells a range of Internet appliances primarily directed at content control and network security. These include devices providing services for network firewalls, unified threat management (UTM), virtual private networks (VPNs) and anti-spam for email.

SonicWall Blogs | IEMLabs

DARPA Bug Bounty strengthens military research agency’s security defenses


The Defense Advanced Research Projects Agency (DARPA) has finalized the results of a recent bug bounty event that tested the effectiveness of new hardware- and firmware-based security technologies. Initially, the bug bounty was set up to evaluate the hardware architectures developed under DARPA’s System Security Integration Through Hardware and Firmware (SSITH) program.

DARPA Blogs | IEMLabs

Pan-Asian Retail Giant Dairy Farm suffers REvil ransomware attack


Recently, the retail giant, pan-Asian Dairy Farm Group has suffered a ransomware attack REvil ransomware operation group. The attackers have compromised Dairy Farm Group’s network and encrypted devices claim to have demanded a $30 million ransom.

pan-Asian Dairy Blogs | IEMLabs

VIP games suffers a Data breach exposing 23 million user data


Online gaming platform VIP games suffered a data breach and more than 23 million records were left exposed on a misconfigured server. VIP Games owned by software development company Casualino JSC is a free to play online card and board game platform, with an internet website and a mobile app.

VIP games Blogs | IEMLabs

New Android Malware is spreading through WhatsApp


Recently, security experts have detected a new Android malware that spreads through WhatsApp. The malware takes advantage of WhatsApp’s quick reply feature that permits users to respond to incoming messages directly from notifications and send out replies immediately.

WhatsApp Blogs | IEMLabs

Microsoft Edge and Google Chrome will notify users about compromised passwords


The two well-known browsers of Microsoft Edge and Google Chrome are implementing new features that will make it easier for browser users to discover compromised passwords and will notify the users if their password has been compromised as part of a breach or database exposure.

Microsoft Edge and Google Chrome Blogs | IEMLabs

Telegram-Based Classiscam Operation targets European Market users


Recently, security experts have detected a Telegram based scam named Classiscam mainly initiated by Russian-speaking scammers. The Classiscam scheme has been taking advantage of Telegram bots that provide scammers with ready-to-use phishing pages under the name of popular marketplaces and delivery services to steal money and payment data.

Blackbaud Blogs | IEMLabs

Signal faces Technical Difficulties just days after it was downloaded by millions of new users.


Recently, Whatsapp has updated its privacy policy that will be effective from 8th Feb 2021 and it is mandatory for all the users to agree to the terms and conditions of this new privacy policy in order to use the app in future.

Signal Blogs | IEMLabs

Security experts warned gaming companies to improve their security measures


Researchers have discovered 500,000 breached stolen credentials of employees from gaming companies and a million compromised internal accounts related to employee and customer-facing resources on the dark web. The compromised accounts were linked to internal resources like admin panels, VPNs, Jira instances, FTPs, SSOs, developer-related environments and more were found in virtually all of the top 25 gaming companies studied.

Gaming Blogs | IEMLabs

Antwerp laboratory hit by ransomware attack


Recently, the General Medical Laboratory (AML) in the Antwerp district of Hoboken which was working for the management of Covid-19 pandemic has been the victim of ransomware attack. The attackers installed ransomware on the lab’s website and the website stopped working. The hackers demanded a large amount of ransom in order to make the site function normally.

Antwerp Blogs | IEMLabs

Attackers misuse Facebook ads for Phishing Scams and steal users’ Login Credentials


Security experts from ThreatNix have detected that attackers have misused Facebook attacks in order to run a phishing campaign. These Facebook ads redirected the users to GitHub where the actual phishing pages resided. More than 6 lakhs of people belonging to different countries like Egypt, Philippines, Pakistan and Nepal fell into the trap of this phishing campaign.

threatnix Blogs | IEMLabs

Whirlpool suffers Nefilim ransomware attack


Recently, Whirlpool has suffered a ransomware attack by Nefilim ransomware gang and the attackers stole the data before encrypting devices. The Whirlpool Corporation is an American multinational manufacturer and marketer of home appliances that has generated approximately $20 billion revenue in the year 2019.

Whirlpool Blogs | IEMLabs

Hackers can steal our private information with the help of Google Docs Bug


Recently Google has fixed a bug in its feedback tool incorporated across its services as the tool could be exploited by an attacker to steal screenshots of sensitive Google Docs documents simply by exposing them in a malicious website

Hackers Blogs | IEMLabs

Shopping ads promoted on Google may lead to phishing site


Online shopping has become very popular in modern times and amid this festive season millions of users are searching for the best deals on online shopping platforms. However, it should be noted that all the shopping ads promoted on Google are not created by legitimate advisers. Some of these ads are created by cybercriminals and may lead to malicious phishing websites. These phishing websites are usually responsible for stealing the login credentials of users and the users fall into the trap of financial scams.

Online shopping Blogs | IEMLabs

The video game company, Koei Tecmo suffers a data breach


Koei Tecmo Holdings Co. Ltd, is a Japanese video game and anime holding company created in 2009 by the merger of Koei and Tecmo. Koei Tecmo Holdings owns several companies, the biggest one of those being its flagship game developer and publisher Koei Tecmo Games. The company is famous for releasing popular games such as Nioh 2, Hyrule Warriors, Dead or Alive, Atelier Ryza, etc.

Koei Tecmo Blogs | IEMLabs

More than 15 Billion Login data and Passwords were released on the Dark Web


Recently, more than 15 billion login credentials have been discovered by researchers and cyber security experts that were released on the Dark we for sale.  The released database included usernames, passwords, login data from online bank accounts, and from online music & video streaming services. 

15 Billion Blogs | IEMLabs

Chrome extensions can be too dangerous when used for malicious activities


Recently, researchers and experts at Kapersky have detected that popular Google Chrome Extensions have been used to play videos in user’s browsers and increase the view counts. More than twenty Browser extensions have been used by the culprits to use chrome on user’s devices with malicious intentions.

Chrome extensions Blogs | IEMLabs

Ransomware attacks are increasing in Indian pharma sectors


Recently, researchers have highlighted the issue of rapid increment in ransomware attacks on healthcare and pharma companies. Amid this pandemic situation, these healthcare sectors have tried their best to fight COVID-19 and look after the well being of the people. But new reports suggest that there has been a rapid increment in ransomware attacks on the Indian pharma firms towards the end of 2020 as these companies finalise the vaccine of Covid-19.

Pharma Sectors Blogs | IEMLabs

Tech giants join legal battle against hacking company NSO


Microsoft, Google, Cisco, Dell and other well known tech companies have recently joined Facebook’s legal battle against the hacking company NSO. A legal complaint was filed against NSO as the company had exploited a bug in Whatsapp, an American freeware, cross-platform messaging and Voice over IP service owned by Facebook.

Tech Giants Blogs | IEMLabs

Russia Denies Large Scale US Hack


Russia has completely denied the recent cyber-attack that impacted at least six federal agencies in the United States. In the last week, America’s Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive after cyber-criminals trojanized updates to SolarWinds’ Orion IT monitoring and management software to launch a large-scale cyber-attack. 

VS Blogs | IEMLabs

Roanoke College delays spring semester after cyberattack


Roanoke College has postponed their spring semester by almost a month as a cyberattack has impacted files and data access. It is a private liberal arts college located in Salem, Virginia, with approximately 2,000 students. The semester was delayed in order to ensure that all network outages that the college is currently experiencing are resolved.
Roanoke Blogs | IEMLabs

Facebook Bug Exposed Personal Information of Instagram Users


According to the researcher, the private information of Instagram users was just a DM away as a Facebook bug  exposed the private data of Instagram users, including their email addresses and birthdays. Ironically, the service promises users that such information won’t be disclosed to the public at the time of registration.

Telangana Government Site Flaw Exposed Sensitive Data of All Its Employees and Pensioners


In August, a server misconfiguration was found on the Telangana  government site that risked exposing over 130,000 official files. Those files included thousands of government employee payslips, income tax details, and pension documents that had information including full names, addresses, bank account numbers along with IFSC codes, phone numbers, and salaries drawn, among other data

Telangana Government Blogs | IEMLabs

France based hardware wallet provider Ledger suffered a data breach in July 2020


France based hardware wallet provider Ledger suffered a data breach back in July this year. Ledger develops security and infrastructure solutions for cryptocurrencies as well as blockchain applications for individuals and companies, by leveraging a distinctive, proprietary technology. The incident took place on July 25th, 2020 in which attackers stole the personal data of customers and subscribers.

Ledger Blogs | IEMLabs

Malicious gems steal user's cryptocurrency


Open-source security firm Sonatype reported that new malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users.

RubyGems Blogs | IEMLabs

India approves a secured framework against cyber threats


Recently, India introduced its first and biggest framework to protect itself from cyber attacks, data theft and other virtual vulnerabilities threatening its national security. The Union cabinet has approved the ‘National Security Directive on Telecom Sector’ in view of the alarming magnitude of cyber threats to India, official sources said.

Framework Blogs | IEMLabs

Google Chrome and Edge users at risk from new extensions


 Cybersecurity Research and Provider company Avast, has recently discovered about 28 new browser extensions, both in Google Web Store and in Microsoft Edge add-ons portal. These extensions are considered highly dangerous by Avast. Once these extensions have been downloaded in the browser, the malware starts to work on stealing sensitive private data from your browser as well as it can take you to various phishing websites


45 million medical scans from hospitals all over the world left exposed


Nearly two thousand servers containing 45 million images of X-rays and other medical scans were left exposed on online platforms within the past twelve months. These scans and medical reports could be freely accessed by anyone, without any security protections. As reported by CybelAngel (a Digital Risk Protection Platform), these sensitive personal information were not only exposed to the public but also accessed by malicious folk.

45-Million | Blogs

Researchers at Kaspersky detected 360,000 malicious files per day in 2020


Over the past 12 months, researchers at Kaspersky (the multinational cybersecurity and anti-virus provider) discovered an average of 360,000 new malicious files every day. There has been an increment of 5.2% than the previous year i.e 18,000 more malicious files per day have been discovered.

Kaspersky Blogs | IEMLabs

Adrozek Malware Delivers Fake Ads to 30K Devices


Adrozek is a new ad-injecting browser modifier malware that is capable of extracting device data and stealing credentials. Hence it has become a dangerous threat in recent times. According to researchers, the malware was at its peak in August 2020 when it targeted more than 30,000 devices per day affecting multiple browsers.

Adrozek Blogs | IEMLabs

Google Gives New Perspective to Web Security Threats via XS-Leaks


In a recent article, Google revealed that attackers are taking advantage of a specific class of vulnerabilities derived from side-channels built into the web platform, to extract sensitive information from various web applications. Dubbed cross-site leaks (XS-Leaks), this new class of vulnerability highlights new challenges for the security of web infrastructure.

Google Blogs | IEMLabs

Google server crashed on 14th Dec affecting more than 40,000 people worldwide


Services provided by Google abruptly went down on Monday evening affecting more than 40,000 people worldwide. Many of the services which went down include Google Search, YouTube, Gmail, etc. The affected apps also included Google maps, Google Calendar, Google Docs, Google Slides. The latest outage started at approximately 5pm (IST) today. 

Google Crash Blogs | IEMLabs

IBM says “Companies involved with Covid vaccine 'cold chain' supply process will be the next target of hackers”


In a recent report published by IBM the company informed about “a global phishing campaign” focused on organizations associated with the COVID-19 vaccine “cold chain” process. “Cold chain” is the process of keeping the vaccine doses at extremely cold temperatures (minus 70 degrees Celsius or below) while transporting them from manufacturers to people’s arms in order to prevent spoiling.

IBM Blogs | IEMLabs

Cybercriminals target Media Agencies


Media agencies have become one of the major targets for cybercriminals. In recent times ransomware attacks on media agencies have been very common. LockBit ransomware gang attacked the Press Trust of India and due to the attack the agency was prevented from delivering news to its subscribers. The largest independent news agency in Denmark, named Ritzau suffered a ransomware attack that led to the compromise and encryption of more than one-quarter of its 100 network servers.

Media Agencies Blogs | IEMLabs

IT Firms are at a Greater Risk of Cyberattacks


Amid this ongoing pandemic situation IT companies are at high risk of cyberattacks. Within the last few weeks several IT firms witnessed direct cyberattacks which affected both their reputation and business.

IT FIRM Blogs | IEMLabs

Transportation Technology Firm Rand McNally hit by cyberattack


Recently the firm, Rand McNally has suffered cyberattack and is currently working on restoring its network functionality. Rand McNally is a Chicago-based transportation technology firm founded in 1856. It provides leading route mileage optimization and fleet management software to carriers, shipping companies, and third-party logistics providers. The firm also owns a cloud-based telematics platform and distributes connected vehicle technology, consumer travel, and education products it produces.

McNally Blogs | IEMLabs

Back-to-Work Phishing Campaign Targets Corporate Email Accounts


Towards the end of November, ‘Abnormal Security’ detected one of the phishing campaign’s attack emails. The phishing campaign used back-to-work notifications in order to compromise recipients’ corporate email accounts.

That message involved an internal notification from the recipient’s company. It did so by using spoofing techniques to disguise the sender address. The email didn’t originate from inside the company. However in its research Abnormal Security explained that email instructed the recipient to open an HTML attachment containing the recipient’s name in its title.

warning Blogs | IEMLabs

Cyberattack on Brazilian Plane Maker Embraer


Recently, The Brazillian airplane maker company Embraer disclosed a ransomware attack. According to Embraer website it is the third largest commercial jets maker with more than 8000 airplanes manufactured till date. Embraer manufactures commercial, executive, military, and agricultural aircraft.
Brazillian Blogs | IEMLabs

Online Learning Company K12 suffered Ransomware Attack


Recently, online learning solutions provider K12 Inc faced a ransomware attack and had to pay a ransom to cybercriminals who managed to breach its systems and deploy a piece of ransomware.

Initially, the company detected unauthorized activity on its network. The attackers deployed a piece of ransomware and accessed information stored on some corporate back-office systems. This includes student and employee information, but K12 has yet to determine exactly what type of information has been compromised.

K12 Blogs | IEMLabs

llinois Valley Community College warns students about data breach


Recently, Illinois Valley Community College has informed all its current and former students, faculty and applicants about a data breach that took place in April. More than 160,000 letters have been sent by the college to all the people who may get affected by the data breach.


Cybercriminals Attack Vulnerable WordPress Sites


WordPress is a free and open-source content management system (CMSes) with plugins architecture and a template system. It has schemes that allow professionals and novices alike to create amazing websites with ease. Because of great popularity and easily available development features WordPress is often a target of cybercriminals seeking ways to launch their malicious activities.

Wordpress Blogs | IEMLabs

Specialty networking solutions provider Belden suffers data breach


Recently, specialty networking solutions provider Belden disclosed a data breach resulting in the theft of employee and business information. The company reported that the hackers responsible for the incident got access to some current and former employee data, as well as limited and sensitive information of the company regarding some business partners.

belden Blogs | IEMLabs

Leakage of admin password through Symfony profiler fixed by


Over the last week, British music-streaming app suffered the leakage of several admin password credentials. The bug has been fixed but it posed an immense threat to all the users of of having their personal data exposed. 

The cause for this leakage, as discovered by security researchers Sebastien Kaul and Bob Diachenko, was a web app running in debug mode in the background.


Researcher earns nearly $4,000 from TikTok after discovering a couple of vulnerabilities


TikTok is a China-made global phenomenon mobile phone app used to create short lip-synced comedy or talent video clips of between 3 and 15 seconds or looped up to 60 seconds. It is highly popular among the youth who use it for self-publicity or showing off.

TikTok Blogs | IEMLabs

WhiteHat Jr admits a bug made their data vulnerable


WhiteHat Jr is an Indian startup and online education platform that offers Online coding classes and technical education. It is a highly popular online education platform with numerous users. However, security experts have detected vulnerability in this platform on 19th November. WhiteHat Jr had a bug in its system that made its data of over 2.8 lakh students vulnerable.

White Jr Blogs | IEMLabs

Russian Hacker group, REvil threatens Kenneth Copeland to release 1.2 terabytes of sensitive data


The Russian ransomware group known by the name of REvil has attacked Kenneth Copeland Ministry. Kenneth Copeland Ministry is an organization with a net worth of at least $300 million owned by the American televangelist Kenneth Copeland who has been recognized preaching the prosperity gospel. As part of his evangelism, he calls for donations to his church, with the suggestion that parishioners will get a “hundredfold” return on their investment.


Manchester United football club suffered a data breach


Of late, the extremely popular football club Manchester United has been hit by a cyber attack. The attack involved a breach of personal data of its fans. However, initially the club was not aware of any breach of personal data associated with its fans but later the club confirmed the security breach. As a result of the security breach the club had to shut down its systems to prevent the malware from spreading within.

Manchester Blogs | IEMLabs

Hacker leaks the user data of Peatix app


Peatix is one of the well-known online event management apps currently ranked among the Alexa Top 3,500 most popular sites on the internet with millions of users.  But, a hacker has leaked personal data of more than 4.2 million users registered on Peatix. The site’s user data was made available through ads posted via Instagram stories, on Telegram channels, and on several different hacking forums.

PEATX Blogs | IEMLabs

U.S tax payers targeted by Mount Locker ransomware


Ransomware attacks have become very common in 2020. The ransomware group named Mount Locker first came into action in July and it is now preparing to take advantage of the tax season in the U.S. Mount Locker operators have been observed specifically targeting Turbo Tax returns. Turbo tax is a software used for the preparation of American income tax returns

Ransomeware-detected Blogs | IEMLabs

Spotify users targeted by attackers


Spotify is one of the famous music streaming services with millions of users. However, users of the music streaming service were targeted by attackers using credential-stuffing approaches and due to this credential-stuffing operation, subscribers of Spotify streaming music service may have experienced some disruption

Attack Blogs | IEMLabs exposed personal data of 10 million users

Description is a popular Christian faith app used for daily prayers and biblical audio content. It has been downloaded by several million users from the Play Store. Recently, has exposed personal data of 10 million users dating back to 2016.

Researchers at vpnMentor discovered four misconfigured AWS S3 buckets belonging to the company. Although it had made private around 80,000 files, it failed to replicate these security measures on its Cloudfront CDN, which also had access to the files. This means a hacker could have released personal information of 10 million people, most of whom were not even users. Blogs | IEMLabs

More than 80% of the companies restructured their cybersecurity infrastructure


Amid the pandemic situation of 2020, when everyone is getting accustomed to work from home, there has been a rapid increase in the rate of cyber attacks. The ongoing pandemic has increased the usage of the internet to a large extent in India. But at the same time the rate of Cyber crimes has also increased. Due to the increased rate of cyber attacks, over 80% of the companies have changed their approach to cyber security.

Over 40 percent of organizations sped up their cloud migration because of COVID-19. Some already used several cloud services, such as services to track employee productivity, cloud invoicing and accounting solutions, and videoconferencing programs.

Cyber Security Infrastructure Blogs | IEMLabs

American Bank Systems faces Ransomware attack


American Bank Systems (ABS) is a company that provides services to U.S. financial institutions and banks. Recently, the company has been hit by a ransomware attack. On analysis, researchers discovered that a ransomware group named Avaddon was responsible for the attack. They had acquired over 50 GB of the company’s proprietary data but had leaked only 4 GB of it initially. But after ABS refused to cooperate with Avaddon’s ransom demands, the threat actors have published the entire 52.57 GB worth of stolen data.

Ransomware Attack Blogs | IEMLabs

Cybercrime will cost the world $6 trillion annually by 2021


In recent times cybercrime has become one of the biggest problems with mankind and it is one the greatest threats in today’s world. According to Cybersecurity Ventures, cybercrimes had cost $3 trillion in 2015. But they predicted that Global Cybercrime Damages will reach $6 trillion annually by 2020. This prediction has been acknowledged by several major media outlets, senior government officials, tech-industry experts, world’s largest cybersecurity companies, and cyber fighters globally.

Cybercrime Blogs | IEMLabs

TroubleGrabber malware targets Discord users


TroubleGrabber is a recently discovered malware that spreads via Discord attachments and uses Discord webhooks for data exfiltration. The security researchers at Netskope, the American cyber security firm have spotted this new credential stealer TroubleGrabber that uses Discord webhooks to transfer stolen data to its operators. Several threat actors use the new info stealer to target gamers on Discord servers and to steal their passwords and other sensitive information. The functionalities of this malware is very similar to the AnarchyGrabber, another info stealer.

TroubleGabber Blogs | IEMLabs

Pluto TV suffers a data breach affecting 3.2 million accounts


Pluto TV is an American internet television service owned by Viacom CBS.  It is one of the leading free online TV service providers that offers several ad-supported channels corresponding to real-life networks (NBC, Nick, etc.) and various topics (old movies, gaming, etc.). Recently, Pluto TV has suffered a security breach and the hackers shared records of 3.2 millions of account details from 2018 for free. The well-known hacking group, ShinyHunters which has previously released customer data from over 17 companies and broke into microsoft’s private repository earlier this year, was responsible for the breach.

Pluto TV Blog | IEMLabs

Data breach incident involving covid-19 results


On September 16, 2020, the Department of Health and Social Services (DHSS) discovered that a Division of Public Health temporary staff member mistakenly sent two unencrypted emails, one on August 13, 2020, and one on August 20, 2020, to an unauthorized user.

These unencrypted emails involved COVID-19 test results for approximately 10,000 individuals. The email of August 13, 2020  included test results for individuals tested between July 16, 2020, and August 10, 2020 while the August 20, 2020 email included test results for individuals tested on August 15, 2020.

Health Industry Blogs | IEMLabs

$2 million stolen from cryptocurrency service Akropolis


Akropolis is a Defi (decentralized finance) lending and savings protocol which allows users to take loans and earn interest on crypto deposits. But recently, this cryptocurrency service faced a “flash loan” attack and the hacker stole around $2 million worth of cryptocurrency. Of late, flash loan attacks have become very common against cryptocurrency services running Defi platforms.

Crytocurrency Blogs | IEMLabs

ISPA is warning SA’s 11 million gamers


11 million gamers of South Africa were warned of targeted attacks by the local Internet industry representative body, the Internet Service Providers’ Association (ISPA). The global gaming industry has seen major growth in this lockdown and it was rated the third most popular entertainment genre in the world after books and gambling. But at the same time the gaming industry has become one of the major targets.

ISPA Blogs | IEMLabs

Malware attack disclosed by Milteni Biotec


With the spread of the Covid-19 pandemic, there has also been an increase in the number of ransomware attacks across the world. Many groups have come up who are constantly attacking and harassing various companies and infrastructure. Most of  these attacks have been targeted towards the health sectors across the world. The main reason for this is that because of the Covid the healthcare industry is slowly moving all of its functionalities to the online mode of service. This mode of service makes the data infrastructure more vulnerable to such cyber attacks

Milteni Blogs | IEMLabs

Ransomware attack is a major threat to manufacturing industry


Ransomware attacks have become a major problem for the manufacturing industry as cyber criminals are highly interested in targeting the industrial control systems (ICS) that manage various operations. On analysing the records researchers have discovered that the number of publicly recorded ransomware attacks against the manufacturing industry has tripled in the last year.

Ransomware Attack Blogs | IEMLabs

New attack method can steal data from Intel CPUs


 Researchers disclosed that a new attack method named Platypus targets the RAPL interface of Intel processors. Platypus is actually the acronym for Power Leakage Attacks: Targeting Your Protected User Secrets” while RAPL stands for Running Average Power Limit. RAPL is a component that allows software or firmware applications to monitor power consumption in the CPU and DRAM. RAPL, which effectively allows firmware and software apps to read how much electrical power a CPU is pulling in to perform its tasks, is a system that has been used for years to track and debug application and hardware performance.

Intel Blogs | IEMLabs

New Tricks and Tactics of Joker malware


With technology growing at an exponential rate, the threats to such technology by cyber attacks have also increased. But with the increase in the number of cyber attacks, there are people who have come up with new and innovative ways to prevent such attacks from happening and to maintain the security of a system. For this reason, cyber criminals try to come up with even more innovative ways to bypass all these security measures.

Malware Blogs | IEMLabs

Medical Billing Company suffers Data Breach


Timberline is based on Des Moines, the capital city of Iowa and it provides services to around 190 schools of Iowa. In recent times, Timber Billing Services LLC faced a cyberattack. After gaining access to the company’s network, the attacker encrypted files and removed information.

Medical Blogs | IEMLabs

Successful exploits against Windows 10, iOS, Chrome at Tiangfu Cup


Many of the superior software programs of recent times were hacked using new and advanced techniques at the 2020 edition of Tiangfu Cup, the most prestigious and largest hacking competition of China. The third edition of Tiangfu competition was held in the city of Chengdu, in central China and ended on 9th November, 2020.

Software Blogs | IEMLabs

Hackers used mysterious bugs to hack iphones and android phones


Google’s elite team responsible for bug and malware detection found and disclosed seven mysterious and critical bugs that have been exploited by hackers. These bugs may have a high impact on Windows, Chrome, Android and iOS. Google also said that all these bugs were related to each other in some way or other indicating that these vulnerabilities were being used by the same hacker or same gang in order to hack people.