Yandex is the latest big commercial organization to sustain a major distributed denial-of-service incident, Reuters reports. The Russian multinational tech firm says it successfully parried the attack.
Researchers at Broadcom's Symantec unit attribute the campaign using the SideWalk malware ESET described late last month to the Chinese Grayfly cyberespionage group. SideWalk is a modular backdoor that's recently been used against telecom providers. (Grayfly is also known as Wicked Panda or APT41.)
AT&T Alien Labs finds that the criminal group TeamTNT is using a difficult-to-detect version of Chimaera in a campaign of credential theft and cryptojacking.
Digital Shadows subjects the revived version of the contraband market AlphaBay to analysis and concludes that, while there's an underworld opportunity for a revival, the latest edition may have trouble building on the original marketplace's street cred. Potential users suspect the new AlphaBay's admin may be compromised and they mistrust the absence of exit-scam protection.
Zoho has patched its ManageEngine ADSelfService Plus against an authentication bypass vulnerability that's currently being exploited in the wild. CISA urges users to apply the fix.
Researchers at McAfee and Intel471 jointly describe a "shake-up" in the criminal-to-criminal ransomware affiliate market being led by the Groove Gang. Whereas earlier ransomware-as-a-service programs had prioritized control over the code and a systematically hierarchical organization of the affiliates, the Groove Gang is proving more fluid and opportunistic. It prizes not the affiliates' skills, but simply their networks.
Avast describes a new underworld offering: Instagram-bans-as-a-service. You can ban or harass someone for just $50.