The Hacker News
Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files
Malicious "test files" linked to the XZ Utils backdoor found in popular Rust crate liblzma-sys, downloaded over 21,000 times.
-1.webp)
Cyber Security News
Qualcomm Sys Hackers Actively Exploit 3 new Zero-Days - Patch Now
Three new zero-days have been reported to Qualcomm which were CVE-2023-33106, CVE-2023-33107, and CVE-2023-33063.
SecurityWeek
BlackByte Ransomware Abuses Legitimate Driver to Disable Security Protections
BlackByte ransomware is seen targeting a vulnerability in the legitimate RTCore64.sys driver to disable EDR solutions.
Trend Micro
Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.
Bleeping Computer
Microsoft Sysmon can now block malicious EXEs from being created
Microsoft has released Sysmon 14 with a new 'FileBlockExecutable' option that lets you block the creation of malicious executables, such as EXE, DLL, and SYS files, for better protection against malware.
Security Affairs
Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus
Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. Threat actors abused a vulnerable anti-cheat driver, named mhyprot2.sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. The driver provides anti-cheat functions, but […]
Security Affairs
Lazarus APT employed an exploit in a Dell firmware driver in recent attacks
North Korea-linked Lazarus APT has been spotted deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver. The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by relying on exploit in a Dell firmware driver dbutil_2_3.sys, ESET researchers warn. The discovery was made by ESET researchers while […]
%20--%20Supply%20Chain%20Backdoor%20(1).webp)
Cyber Security News
Urgent Security Alert! Upstream Supply Chain Attack Lead to SSH Compromise
Fedora Linux 40 beta users have been urged to take immediate action after an Upstream supply chain attack that has compromised SSH protocol.
SecurityWeek
Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor
Major Linux distributions have been impacted by a supply chain attack involving backdoored versions of the XZ Utils data compression library.
The Hacker News
Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
Secret backdoor found in XZ Utils compression library used by major Linux distros, like Fedora, Kali Linux, and openSUSE.
SC Magazine
Backdoor in utility commonly used by Linux distros risks SSH compromise
The critical supply chain threat affects beta releases of Red Hat Fedora, Debian and more.
Infosecurity News
Trusted Contributor Plants Backdoor in Critical Open-Source Library
A backdoor in XZ Utils, a widely used file-compressing software in Linux systems, could have led to a critical supply chain attack had a Microsoft researcher not spotted it in time
HACKRead
Backdoor Discovered in XZ Utils: Patch Your Systems Now (CVE-2024-3094)
A vulnerability, CVE-2024-3094, was discovered in XZ Utils package. This vulnerability threatens Linux systems with backdoor attacks.
The Hacker News
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover
Researchers uncover vulnerabilities in 34 Windows drivers that non-privileged hackers can exploit to take control of your device and execute code.
Bleeping Computer
Hackers abuse Genshin Impact anti-cheat system to disable antivirus
Hackers are abusing an anti-cheat system driver for the immensely popular Genshin Impact game to disable antivirus software while conducting ransomware attacks.
DarkReading
XZ Utils Backdoor Implanted in Intricate Supply Chain Attack
Had a researcher not spotted the malware when he did, the outcome could have been much worse.
Security Affairs
BlackByte Ransomware abuses vulnerable driver to bypass security solutions
The BlackByte ransomware operators are leveraging a flaw in a legitimate Windows driver to bypass security solutions. Researchers from Sophos warn that BlackByte ransomware operators are using a bring your own vulnerable driver (BYOVD) attack to bypass security products. In BYOVD attacks, threat actors abuse vulnerabilities in legitimate, signed drivers, on which security products rely, […]
SecurityWeek
Ransomware Operator Abuses Anti-Cheat Driver to Disable Antiviruses
A vulnerable anti-cheat driver for the Genshin Impact video game has been abused in ransomware attacks to disable antivirus programs.
Bleeping Computer
Hackers backdoor Windows devices in Sliver and BYOVD attacks
A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software.
Security Affairs
CISA adds Fortra MFT, TerraMaster NAS, Intel driver Flaws, to its Known Exploited Vulnerabilities Catalog
US CISA added actively exploited flaws in Fortra MFT, Intel driver, and TerraMaster NAS to its Known Exploited Vulnerabilities Catalog. US CISA added actively exploited flaws in Fortra MFT, Intel driver, and TerraMaster NAS, respectively tracked as CVE-2023-0669, CVE-2015-2291, and CVE-2022-24990, to its Known Exploited Vulnerabilities Catalog. The CVE-2015-2291 flaw (CVSS v3 score 7.8) is a […]
Latest Hacking News
BlackByte Ransomware Exploits Vulnerable Windows Driver To Escape Detection
Researchers have warned users about the new BlackByte ransomware campaign that exploits a legit but vulnerable Windows driver. The ransomware employs this strategy to evade detection, making it difficult to prevent the attack. BlackByte Ransomware Abuses
SecurityWeek
Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution
Two memory safety vulnerabilities in WatchGuard and Panda Security products could lead to code execution with System privileges.
DarkReading
Are You Affected by the Backdoor in XZ Utils?
In this Tech Tip, we outline how to check if a system is impacted by the newly discovered backdoor in the open source xz compression utility.
Cyber Security News
Linux Kernel’s IPv6 Implementation Flaw Let Attackers Execute Arbitrary Code
With a CVSS score of 7.5, a high-severity IPv6 implementation issue in the Linux kernel identified as CVE-2023-6200.
The Hacker News
CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
CISA has added three more actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
The Hacker News
A Growing Number of Malware Attacks Leveraging Dark Utilities 'C2-as-a-Service'
An increasing number of malware attacks are leveraging a nascent command-and-control service called Dark Utilities.
Bleeping Computer
BlackByte ransomware abuses legit driver to disable security products
The BlackByte ransomware gang is using a new technique that researchers are calling "Bring Your Own Driver," which enables bypassing protections by disabling more than 1,000 drivers used by various security solutions.
The Cyber Express
Critical XZ Utils Backdoor (CVE-2024-3094) Leads to SSH Compromise
A critical vulnerability has been discovered within the XZ Utils library (a command line tool for compressing and decompressing XZ
.webp)
Cyber Security News
Agenda Ransomware Attacking VMWare vCenter & ESXi servers WorldWide
Agenda ransomware group, also known by its aliases Qilin and Water Galura, has been ramping up its attacks on a global scale.
The Hacker News
Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus
Ransomware hackers are abusing an anti-cheat system driver for the extremely popular game Genshin Impact to disable antivirus software.
Security Affairs
The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases
Dark Utilities “C2-as-a-Service” is attracting a growing number of customers searching for a command-and-control for their campaigns. The popularity of the Dark Utilities “C2-as-a-Service” is rapidly increasing, over 3,000 users are already using it as command-and-control for their campaigns. Dark Utilities was launched in early 2022, the platform that provides full-featured C2 capabilities to its users. Dark […]
Bleeping Computer
Terminator antivirus killer is a vulnerable Windows driver in disguise
A threat actor known as Spyboy is promoting a Windows defense evasion tool called "Terminator" on the Russian-speaking forum RAMP (short for Russian Anonymous Marketplace).
Bleeping Computer
Millions of HP OMEN gaming PCs impacted by driver vulnerability
Millions of HP OMEN laptop and desktop gaming computers are exposed to attacks by a high severity vulnerability that can let threat actors trigger denial of service states or escalate privileges and disable security solutions.
Infosecurity News
Open Source Leaders Warn of XZ Utils-Like Takeover Attempts
Two open source organizations have revealed attempts to socially engineer project takeovers
.webp)
Cyber Security News
Hackers Attempted To Takeover JavaScript Project From OpenJS Foundation
Attackers tried to take over the JavaScript project from OpenJS Foundation, which is home to JavaScript projects utilized by billions of
The Hacker News
Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking Campaign
A cryptojacking campaign called Commando Cat is exploiting exposed APIs
HACKRead
OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects
The OpenSSF issued alerts for social engineering takeovers of open-source projects after hackers tried to gain control of an OpenJS-hosted project.
The Hacker News
New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders
Researchers have identified a previously undocumented subgroup of APT41 that has been targeting entities located in East and Southeast Asia and Ukrain
Bleeping Computer
Lazarus hackers abuse Dell driver bug using new FudModule rootkit
The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack.
Trend Micro
Hack the Real Box: APT41’s New Subgroup Earth Longzhi
We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August.
Bleeping Computer
How Gcore uses regular expressions to block DDoS attacks
In DDoS Protection, Gcore uses the bundle of XDP and regular expressions (regex). This article will explain why Gcore started using this solution (regex in XDP) and how they bound them via a third-party engine and API development.
Bleeping Computer
New hacking group uses custom 'Symatic' Cobalt Strike loaders
A previously unknown Chinese APT (advanced persistent threat) hacking group dubbed 'Earth Longzhi' targets organizations in East Asia, Southeast Asia, and Ukraine.
Security Affairs
AuKill tool uses BYOVD attack to disable EDR software
Ransomware operators use the AuKill tool to disable EDR software through Bring Your Own Vulnerable Driver (BYOVD) attack. Sophos researchers reported that threat actors are using a previously undocumented defense evasion tool, dubbed AuKill, to disable endpoint detection and response (EDR) software. The tool relies on the Bring Your Own Vulnerable Driver (BYOVD) technique to disable the […]
Bleeping Computer
Kali Linux 2021.4 released with 9 new tools, further Apple M1 support
Kali Linux 2021.4 was released today by Offensive Security and includes further Apple M1 support, increased Samba compatibility, nine new tools, and an update for all three main desktop.
The Hacker News
BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions
As part of another BYOVD attack, BlackByte ransomware exploits a flaw in a legitimate Windows driver to bypass security software.
Cyber Security News
Hackers Use VPN Installers To Install Surveillanceware On Your Device
Users can keep their internet traffic private and anonymous with these ubiquitous utilities while avoiding restrictions or censorship on their usage of the internet.
Infosecurity News
Ransomware Group Bypasses
BlackByte delivers new way to circumvent endpoint detection
Infosecurity News
New Tool Identifies Pegasus and Other iOS Spyware
Kaspersky experts developed the tool after analyzing Shutdown.log, a file retaining reboot information
The Hacker News
Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework
Cyber criminals are taking advantage of Sunlogin software vulnerabilities to carry out post-exploitation activities with the Sliver C2 framework.
SecurityWeek
XZ Utils Backdoor Attack Brings Another Similar Incident to Light
The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago.
Latest Hacking News
US Warns Of Cyberattacks On Industrial Control System (ICS) Via Specialized APT Tools
US cybersecurity officials have issued a detailed advisory alerting cyberattacks on critical ICS infrastructure via tools. US warns companies to be aware of such APT attacks. Industrial Control System (ICS) Cyberattacks Via Custom APT Tools Through a
SecurityWeek
North Korean Hackers Exploit Dell Driver Vulnerability to Disable Windows Security
North Korea’s Lazarus hackers were seen exploiting a Dell DBUtil driver vulnerability to disable security mechanisms on target Windows machines.
DarkReading
Attacker Social-Engineered Backdoor Code Into XZ Utils
Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social engineering and a string of pressure emails.
Bleeping Computer
Windows 11 KB5011563 update fixes SMB, DirectX blue screens
Microsoft has released the optional KB5011563 cumulative update preview for Windows 11, with fixes for stop errors triggering blue screens of death (BSOD) and other issues.
The Hacker News
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks
Researchers warn of BiBi-Windows Wiper, a dangerous Windows version of a wiper malware used in cyber attacks on Israel.
Cyber Security News
Lazarus Hackers Installing Windows Rootkit Using Dell Driver Bug
the North Korean hacking group, Lazarus installed a Windows rootkit that exploited a Dell hardware driver. read more here.
Ars Technica
Actively exploited Cisco 0-day with maximum 10 severity gives full network control
An unknown threat actor is exploiting the vulnerability to create admin accounts.
DataBreaches
Private Data Breach Litigation Comes of Age
Quinn Emanuel Urquhart & Sullivan, LLP write, in part: Companies face yet another major risk after a data breach—one which is increasing...
Bleeping Computer
New CryWiper malware wipes data in attack against Russian org
A previously undocumented data wiper named CryWiper is masquerading as ransomware, extorting victims to pay for a decrypter, but in reality, it just destroys data beyond recovery.
Bleeping Computer
Russian hackers use WinRAR to wipe Ukraine state agency’s data
The Russian 'Sandworm' hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices.
The Hacker News
Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware
New CryWiper malware disguised as ransomware targeting Russian government agencies, including mayor's offices and courts.
ZDNet
FBI warns: This ransomware group has gone after critical infrastructure firms again and again | ZDNet
FBI raises an alarm about RagnarLocker, a ransomware gang that hides its malware inside a Windows XP virtual machine.
Bleeping Computer
Hacked sites caught spreading malware via fake Chrome updates
Hackers are compromising websites to inject scripts that display fake Google Chrome automatic update errors that distribute malware to unaware visitors.
ZDNet
Nasty Linux netfilter firewall security hole found | ZDNet
How embarrassing! It turns out there was a security hole lurking in Linux's netfilter firewall program.
Cyber Security News
New account takeover Campaign Targets Over 100 Corporations' Top Executives
The top-level executives at more than 100 global organizations have been shaken by cloud account takeover incidents.
Bleeping Computer
New CryWiper data wiper targets Russian courts, mayor’s offices
A previously undocumented data wiper named CryWiper is masquerading as ransomware, extorting victims to pay for a decrypter, but in reality, it just destroys data beyond recovery.
Ars Technica
Hackers hammer SpringShell vulnerability in attempt to install cryptominers
Thousands of hack attempts made in the days following discovery of the vulnerability.
The Hacker News
Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers
North Korean Lazarus hackers have been observed deploying a Windows rootkit on targeted computers by exploiting a vulnerability in a Dell drivers.
Security Affairs
Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector
CERT-UA is warning of destructive cyberattacks conducted by the Russia-linked Sandworm APT group against the Ukraine public sector. Russia-linked APT group Sandworm is behind destructive cyberattacks against Ukrainian state networks, the Ukrainian Government Computer Emergency Response Team (CERT-UA) warns. The Sandworm group (aka BlackEnergy, UAC-0082, Iron Viking, Voodoo Bear, and TeleBots) has been active since 2000, it operates under the control […]
Bleeping Computer
Kasseika ransomware uses antivirus driver to kill other antiviruses
A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files.
Trend Micro
TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types
CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.
Cyber Security News
New Sysrv Botnet Abuses Google Subdomain To Spread XMRig Miner
First identified in 2020, Sysrv is a botnet that uses a Golang worm to infect devices and deploy cryptominers, propagates by exploiting
Cyber Security News
Hackers Backdoor Windows Device Using Cobalt Strike Alternative 'Sliver'
Using Sunlogin flaws, a new hacking campaign has been detected by security analysts at AhnLab Security Emergency Response Center (ASEC) that takes advantage of Windows BYOVD attacks to disable security software and deploy the post-exploitation toolkit Sliver.
The Hacker News
W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names
Cybercriminals are distributing info-stealing malware to developers through Python Package Index (PyPI).
Bleeping Computer
Windows malware delays coinminer install by a month to evade detection
A new malware campaign disguised as Google Translate or MP3 downloader programs was found distributing cryptocurrency mining malware across 11 countries.
Cyber Security News
New AntiWar Ransomware That Sends out a Message to Stop the War
Ransomware attacks have been increasing rapidly. The Two countries Ukraine and Russia have been facing severe ransomware attacks in the past few weeks. Many were state-sponsored but some were personal.
CSO
New variant of the IceFire ransomware targets Linux enterprise systems
Traditionally known to target only Windows systems, the new Linux version of the IceFire ransomware exploits an IBM Aspera Faspex file-sharing vulnerability, according to SentinelLabs.
Bleeping Computer
A look at the new Sugar ransomware demanding low ransoms
A new Sugar Ransomware operation actively targets individual computers, rather than corporate networks, with low ransom demands.
_Igor_Golovnov_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop)
DarkReading
Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers
A new and improved variant of the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments.
The Hacker News
Chinese Hacker Group Earth Longzhi Resurfaces with Advanced Malware Tactics
Chinese state-sponsored hacking group Earth Longzhi resurfaces after six months of inactivity, targeting government, healthcare, tech.
Bleeping Computer
Hackers bombard PyPi platform with information-stealing malware
The PyPi python package repository is being bombarded by a wave of information-stealing malware hiding inside malicious packages uploaded to the platform to steal software developers' data.
ZDNet
US warning: Hackers have built tools to attack these key industrial control systems | ZDNet
US government puts energy sector on high alert over specialized malware for disrupting industrial control systems.
Bleeping Computer
New BiBi Wiper version also destroys the disk partition table
A new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims.
Bleeping Computer
Israel warns of BiBi wiper attacks targeting Linux and Windows
Data-wiping attacks are becoming more frequent on Israeli computers as researchers discovered variants of the BiBi malware family that destroys data on both Linux and Windows systems.
The Hacker News
Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption
Kasseika, the latest ransomware kid on the block, is using a sneaky trick called BYOVD to disarm your defenses before encrypting your files! It even
DarkReading
'AuKill' Malware Hunts & Kills EDR Processes
Attackers are using custom malware to exploit drivers and terminate security processes so they can deploy ransomware.
SecurityWeek
Vulnerabilities Allow Researcher to Turn Security Products Into Wipers
A SafeBreach security researcher discovered several vulnerabilities that allowed him to turn endpoint detection and response (EDR) and antivirus (AV) tools into wipers.
Ars Technica
Hugging Face, the GitHub of AI, hosted code that backdoored user devices
Malicious submissions have been a fact of life for code repositories. AI is no different.
Trend Micro
Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
The DFIR Report
SELECT XMRig FROM SQLServer
In March 2022, we observed an intrusion on a public-facing Microsoft SQL Server. The end goal of this intrusion was to deploy a coin miner.
Trend Micro
Attack on Security Titans: Earth Longzhi Returns With New Tricks
After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat.
Bleeping Computer
Rhysida ransomware behind recent attacks on healthcare
The Rhysida ransomware as a service (RaaS) operation that emerged in May 2023 is gradually leaving the period of obscurity behind, as a recent wave of attacks on healthcare organizations has forced government agencies and cybersecurity companies to pay closer attention to its operations.
Ars Technica
After years of losing, it’s finally feds’ turn to troll ransomware group
Authorities who took down the ransomware group brag about their epic hack.
ThreatPost
Another Destructive Wiper Targets Organizations in Ukraine
CaddyWiper is one in a barrage of data-wiping cyber-attacks to hit the country since January as the war on the ground with Russia marches on.
Bleeping Computer
Meet Akira — A new ransomware operation targeting the enterprise
The new Akira ransomware operation has slowly been building a list of victims as they breach corporate networks worldwide, encrypt files, and then demand million-dollar ransoms.
Bleeping Computer
Security researchers targeted with new malware via job offers on LinkedIn
A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job offers that lead to the deployment of three new, custom malware families.
Trend Micro
New Ransomware Spotted: White Rabbit and Its Evasion Tactics
We analyze the ransomware White Rabbit and bring into focus the familiar evasion tactics employed by this newcomer.
Trend Micro
Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques
Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a new malware variant using different infection techniques compared to past iterations. We discuss our initial findings in this report.
Bleeping Computer
Linux version of Akira ransomware targets VMware ESXi servers
The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide.
ThreatPost
Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads
The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things.
Loading more articles....