New Threat Actor ‘Void Arachne’ Targets Chinese Users with Malicious VPN Installers

Jun 19, 2024NewsroomMalware / Cyber Attack Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0. “The campaign also promotes compromised MSI files embedded with nudifiers and deepfake pornography-generating software,…

Read More

Mailcow Mail Server Flaws Expose Servers to Remote Code Execution

Jun 19, 2024NewsroomEmail Security / Vulnerability Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances. Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues…

Read More

Singapore Extradites Suspected Cybercrime Scammers from Malaysia

Singapore police scored a win with the arrests of two men accused of operating servers that enabled cybercrimes against Singaporeans and the dismantling of their supporting infrastructure. In 2023, nearly 2,000 victims in Singapore downloaded malicious Android applications that allowed the scammers to steal device data, including bank information, according to a statement from the…

Read More

Hackers Derail Amtrak Guest Rewards Accounts in Breach

Amtrak has disclosed a data breach affecting train travelers’ Guest Rewards accounts. In a breach-disclosure notice filed with the state of Massachusetts, the national passenger rail service noted that an unknown third party gained unauthorized access to a database containing account information during the time period of May 15-18. The transport giant determined that compromised…

Read More