Infosecurity News
SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
CPR said the malware now uses OneDrive instead of Google Drive for storing dynamic C2 server URLs
Security Affairs
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
Researchers reported that a Hamas-linked APT group is using a rust-based SysJoker backdoor against Israeli entities.
The Hacker News
Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel
Researchers found a Rust version of SysJoker, a cross-platform backdoor used by Hamas-affiliated threat actor targeting Israel during ongoing conflict
The Hacker News
Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks
Threat actor Konni, potentially tied to North Korea, deploys RAT in cyber espionage using Russian Word doc, exploiting WinRAR flaw.
Bleeping Computer
Black Friday 2023: Get 25% off the Zero2Automated malware analysis course
The popular Zero2Automated malware analysis and reverse-engineering course has a Black Friday 2023 through Cyber Monday sale, where you can get 25% off sitewide, including gift certificates and courses.
The Hacker News
Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails
New Malware Alert: WailingCrab, a sophisticated loader, is spreading via shipping-themed email messages.
Cyber Security News
Hackers using Weaponized Office Document to Exploit Windows Search RCE
A new attack chain campaign has been discovered which involves the exploitation of CVE-2023-36884 and CVE-2023-36584. CVE-2023-36884.
Infosecurity News
North Korea Blamed For CyberLink Supply Chain Attacks
Legitimate app installer modified with malicious code
The Hacker News
North Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack
North Korean hackers, aka Diamond Sleet, spread a trojanized version of CyberLink's legit app.
Bleeping Computer
Microsoft: Lazarus hackers breach CyberLink in supply chain attack
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide.
The Hacker News
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
North Korean hackers posing as recruiters infect software developers with cross-platform malware.
Security Affairs
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
US CISA added Looney Tunables Linux vulnerability (tracked as CVE-2023-4911) to its Known Exploited Vulnerabilities catalog.
The Hacker News
ClearFake Campaign Expands to Deliver Atomic Stealer on Mac Systems
macOS users beware! Atomic Stealer, a $1,000/month malware, is now spreading through deceptive web browser updates via ClearFake.
DarkReading
Exploit for Critical Windows Defender Bypass Goes Public
Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.
Bleeping Computer
Lumma malware can allegedly restore expired Google auth cookies
The Lumma information-stealer malware (aka 'LummaC2') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts.
Bleeping Computer
Malware dev says they can revive expired Google auth cookies
The Lumma information-stealer malware (aka 'LummaC2') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts.
CyberNews
Cybersecurity analyst disowns threat actor ‘twin’
Vx-Underground is a regular fixture on Twitter, aka X, regularly posting bulletins regarding threat actors.
DarkReading
Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw
Threat actors were actively exploiting CVE-2023-36025 before Microsoft patched it in November.
The Hacker News
NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors
Education, government, and businesses are under attack by NetSupport RAT, a dangerous remote access trojan.
.webp)
Cyber Security News
LitterDrifter Powershell Worm Rapidly Spreads on USB Drives by Itself
Gamaredon (aka Primitive Bear, ACTINIUM, and Shuckworm), stands out in Russian espionage by exclusively targeting Ukrainian entities.
Security Affairs
APT29 group exploited WinRAR 0day in attacks against embassies
Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks.
The Hacker News
LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique
New LummaC2 malware uses trigonometry-based tactic to differentiate between users and security systems, evading sandboxes and security analyses.
Infosecurity News
Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit
Threat group may be looking for intel on Azerbaijan
The Hacker News
Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years
Indian Hack-for-Hire Group targeted U.S., China, Pakistan, and more for over a decade.
Cyber Security News
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
Security Affairs
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB.
The Hacker News
8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader
The threat actors behind the 8Base ransomware are utilizing a variant of the Phobos ransomware for their attacks.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
DarkReading
Scattered Spider Casino Hackers Evade Arrest in Plain Sight
The feds seem to know all about the hacking group brazenly breaking into corporate networks; so why are enterprise teams left on their own to stop their cybercrimes?
Cyber Security News
FBI Shares Tactics & Techniques Used by Scattered Spider Hacker Group
Recently, the FBI and CISA issued a joint Cybersecurity Advisory (CSA) on Scattered Spider threat actors targeting commercial facilities.
The Hacker News
U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem
U.S. agencies warn about Scattered Spider cybercriminals using advanced phishing to steal data and extort victims.
The Hacker News
CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
U.S. CISA has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in the wild.
SecurityWeek
Administrator of Darkode Hacking Forum Sentenced to Prison
Thomas McCormick, aka fubar, an administrator of the Darkode hacking forum, has been sentenced to 18 months in prison.
The Hacker News
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks
U.S. agencies warn of Rhysida ransomware double extortion attacks on multiple industries, including education, manufacturing and IT.
Cyber Security News
OracleIV: Dockerized Botnet Launches DDoS Attack Against Docker Engine
Hackers use networks of compromised computers (botnets) to generate massive traffic, disrupting the target's normal functioning by overloading its resources. The goal is to make a website or online service inaccessible to legitimate users.
Ars Technica
Bing Chat is now “Microsoft Copilot” in potentially confusing rebranding move
Microsoft: "Soon there will be a Copilot for everyone and for everything you do."
SecurityWeek
Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities
Intel and AMD have informed their customers about a total of more than 130 vulnerabilities found in their products.
SecurityWeek
Hacker Conversations: Chris Wysopal, AKA Weld Pond
Chris Wysopal (AKA Weld Pond) founder and CTO of Veracode and member of the hacker collective L0pht Heavy Industries.
Infosecurity News
Pro-Palestine APT Group Uses Novel Downloader in New Campaign
TA402 launches new targeted phishing campaigns
The Hacker News
New Campaign Targets Middle East Governments with IronWind Malware
Government entities in the Middle East are under attack by a new phishing campaign employing the IronWind downloader.
The Hacker News
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks
Researchers warn of BiBi-Windows Wiper, a dangerous Windows version of a wiper malware used in cyber attacks on Israel.
Infosecurity News
MOVEit Gang Targets SysAid Customers With Zero-Day Attacks
Lace Tempest looks to spread Clop malware to victims
The Hacker News
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
Iranian hacker group Imperial Kitten launches cyberattacks on transportation, logistics, and tech sectors, including Israel.
Bleeping Computer
Cloudflare website downed by DDoS attack claimed by Anonymous Sudan
Cloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website.
The Hacker News
New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers
Malicious sites posing as legit Windows news portals spotted distributing malware disguised as CPU-Z.
Infosecurity News
Russian APT Sandworm Disrupted Power in Ukraine Using OT Techniques
Sandworm conducted a disruptive cyber-attack targeting a Ukrainian critical infrastructure organization in late 2022
Cyber Security News
Google Calendar RAT Abusing Calendar Events to Create Red Teaming Infrastructure
Google Calendar RAT is a proof of concept for Command & Control . It's useful when setting up a full red teaming infrastructure.
Infosecurity News
Data Breach at Singapore’s Marina Bay Sands Affects 665,000 Customers
The leaked data include personally identifiable information, such as customers’ names, email addresses, phone numbers and membership numbers
The Hacker News
New GootLoader Malware Variant Evades Detection and Spreads Rapidly
A variant of GootLoader, known as GootBot, is enabling hackers to sneak past defenses, spreading rapidly through networks.
The Hacker News
Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws
Ransomware groups are actively exploiting critical flaws in Atlassian Confluence & Apache ActiveMQ.
Bleeping Computer
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks
Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware.
Bleeping Computer
Dutch hacker jailed for extortion, selling stolen data on RaidForums
A former Dutch cybersecurity professional was sentenced to four years in prison after being found guilty of hacking and blackmailing more than a dozen companies in the Netherlands and worldwide.
Bleeping Computer
Atlassian warns of exploit for Confluence data wiping bug, get patching
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances.
DarkReading
Upgraded Kazuar Backdoor Offers Stealthy Power
The obscure Kazuar backdoor used by Russian attack group Turla has resurfaced, and it's more dangerous than ever.
Infosecurity News
The People Hacker: AI a Game-Changer in Social Engineering Attacks
Jenny Radcliffe talks to Infosecurity about the changing nature of social engineering scams and the threats posed by AI
The Hacker News
Mysterious Kill Switch Disrupts Mozi IoT Botnet Operations
Mozi botnet's sudden drop in malicious activity traced back to a mysterious "kill switch."
CSO
Searchlight Cyber partners with the Innocent Lives Foundation to catch child predators
The ILF is using intelligence firm Searchlight’s dark web investigation solution Cerberus to gather intelligence and build cases against offenders operating on the dark web.
SecurityWeek
Mass Exploitation of 'Citrix Bleed' Vulnerability Underway
Multiple threat actors are exploiting CVE-2023-4966, aka Citrix Bleed, a critical vulnerability in NetScaler ADC and Gateway.
The Hacker News
North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware
State-sponsored North Korean hackers are using a sneaky macOS malware called KANDYKORN to target crypto engineers via Discord.
Bleeping Computer
Atlassian warns of critical Confluence flaw leading to data loss
Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation.
The Hacker News
Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App
Arid Viper, a cyber espionage group linked to Hamas, has been exposed for its Android spyware campaign disguised as a dating app.
Bleeping Computer
RCE exploit for Wyze Cam v3 publicly released, patch now
A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices.
The Hacker News
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
Pro-Hamas hacktivist group using a new Linux-based malware, BiBi-Linux Wiper, to target Israeli entities amid ongoing conflict.
The Hacker News
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
A wiretapping attempt targeting the jabber[.]ru XMPP-based instant messaging service has been discovered, involving TLS certificates and a #ManiTheMid
SecurityWeek
In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding
Noteworthy stories that might have slipped under the radar: Ex-NSA employee spying for Russia, EU threat landscape, cyber education funding
Infosecurity News
Microsoft Sounds Alarm Over English-Speaking Octo Tempest
Prolific fincrime group is branded one of world’s most dangerous
DarkReading
Microsoft: 0ktapus Cyberattackers Evolve to 'Most Dangerous' Status
The English-speaking cyberattack group behind the MGM and Caesars Entertainment attacks is adding unique capabilities and gaining in sophistication. Prepare now, Microsoft says.
Bleeping Computer
France says Russian state hackers breached numerous critical networks
The Russian APT28 hacking group (aka 'Strontium' or 'Fancy Bear') has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021.
CyberNews
Curve Finance suffers second crypto cyberattack
Stablecoin trader hacked again and is being drained of money by an unknown threat actor, cybersecurity analysts are claiming.
Bleeping Computer
Chilean telecom giant GTD hit by the Rorschach ransomware gang
Chile's Grupo GTD warns that a cyberattack has impacted its Infrastructure as a Service (IaaS) platform, disrupting online services.
Bleeping Computer
Windows 11 to let admins mandate SMB encryption for outbound connections
Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel.
The Hacker News
1Password Detects Suspicious Activity Following Okta Support Breach
1password detected suspicious activity following the Okta support system breach. After investigation, they determined no user data was accessed.
The Hacker News
DoNot Team's New Firebird Backdoor Hits Pakistan and Afghanistan
Discover the latest cyber threat: DoNot Team's Firebird backdoor targeting Pakistan and Afghanistan.
Bleeping Computer
Okta says its support system was breached using stolen credentials
Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials.
The Hacker News
Malvertisers Using Google Ads to Target Users Searching for Popular Software
Beware of fake software ads on Google Search! Hackers use Google Ads to direct users searching for popular software to malicious copycats.
SecurityWeek
Iranian Hackers Lurked for 8 Months in Government Network
Iran-linked hacking group Crambus spent eight months inside a compromised network of a Middle Eastern government
Bleeping Computer
Iranian hackers lurked in Middle Eastern govt network for 8 months
The Iranian hacking group tracked as MuddyWater (aka APT34 or OilRig) breached at least twelve computers belonging to a Middle Eastern government network and maintained access for eight months between February and September 2023.
Bleeping Computer
Ragnar Locker ransomware’s dark web extortion sites seized by police
The Ragnar Locker ransomware operation's Tor negotiation and data leak sites were seized Thursday morning as part of an international law enforcement operation.
DarkReading
Iran-Linked 'MuddyWater' Spies on Mideast Gov't for 8 Months
The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.
DarkReading
Patch Now: APTs Continue to Pummel WinRAR Bug
State-sponsored cyberespionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint.
The Hacker News
Microsoft Warns of North Korean Attacks Exploiting JetBrains TeamCity Flaw
North Korean threat actors known as Diamond Sleet and Onyx Sleet are exploiting a critical security flaw in JetBrains TeamCity to breach servers.
The Hacker News
Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw
Google TAG security experts uncover Russian and Chinese state-backed threat actors exploiting WinRAR vulnerability (CVE-2023-38831)
Bleeping Computer
North Korean hackers exploit critical TeamCity flaw to breach networks
Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks.
The Hacker News
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps
Korean hacking group Lazarus Group targets defense industry and nuclear engineers with fake job interviews, using trojanized VNC apps to steal data an
Bleeping Computer
CISA, FBI urge admins to patch Atlassian Confluence immediately
CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks.
DarkReading
ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic
The botnet — built for DDoS, backdooring, and dropping malware — is evading standard URL signature detections with a novel approach.
Bleeping Computer
Hyped up curl vulnerability falls short of expectations
curl 8.4.0 has been released to patch and release details on a hyped up high-severity security vulnerability (CVE-2023-38546), easing week-long concerns regarding the flaw's severity.
Bleeping Computer
Microsoft Defender now auto-isolates compromised accounts
Microsoft Defender for Endpoint now uses automatic attack disruption to isolate compromised user accounts and block lateral movement in hands-on-keyboard attacks with the help of a new 'contain user' capability in public preview.
Bleeping Computer
Windows 11 21H2 and Windows Server 2012 reach end of support
Windows Server 2012 and multiple editions of Windows 11, version 21H2, have reached the end of support with this month's Patch Tuesday.
DarkReading
Data Thieves Test-Drive Unique Certificate Abuse Tactic
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.
Bleeping Computer
Microsoft: State hackers exploiting Confluence zero-day since September
Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023.
The Hacker News
Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
Microsoft's October 2023 Patch Tuesday: 103 new vulnerabilities addressed, including 2 zero-days and 13 critical ones.
The Hacker News
Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability
A critical flaw (CVE-2023-22515) in Atlassian Confluence is being exploited by a nation-state actor, Storm-0062.
The Hacker News
Gaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense Sectors
Gaza-based hacker group Storm-1133 targets Israeli energy, defense, and telecom. Microsoft's report exposes tactics.
CSO
MGM ransomware attack costs $100 million, in busy month for breaches
MGM said cyberinsurance will cover the $100 million impact on operations, but meanwhile experts expect the ransomware trend to continue, fueled by nation-state actors.
The Hacker News
Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike
Semiconductor companies in East Asia are under attack. Threat actors posing as TSMC deploy Cobalt Strike beacons via HyperBro backdoor
The Hacker News
GitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack
GitHub's secret scanning just got even better! Now supporting AWS, Microsoft, Google, and Slack tokens, ensuring your code's safety.
DarkReading
'Operation Jacana' Reveals DinodasRAT Custom Backdoor
The previously undocumented data exfiltration malware was part of a successful cyber-espionage campaign against the Guyanese government, likely by the Chinese.
Bleeping Computer
Exploits released for Linux flaw giving root on major distros
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions.
Bleeping Computer
China-linked cyberspies backdoor semiconductor firms with Cobalt Strike
Hackers engaging in cyber espionage have targeted Chinese-speaking semiconductor companies with TSMC-themed lures that infect them with Cobalt Strike beacons.
DarkReading
Unkillable? Qakbot Infections Fly On Even After Its High-Profile Raid
A literal seven-nation (cyber) army wasn't enough to hold back the famous initial access broker (IAB) for long — it's been chugging along, spreading ransomware, despite a massive takedown in August.
The Hacker News
QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks
🕵️♂️ Despite infrastructure disruption, QakBot malware operators are still active in an ongoing phishing campaign, delivering Ransom Knight ransomwa
SecurityWeek
Qakbot Hackers Continue to Push Malware After Takedown Attempt
Qakbot cybercriminals continue to push malware, which shows they are still operational after the recent takedown attempt.
The Hacker News
Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack
ESET discovers a targeted cyber-espionage campaign in Guyana.
The Hacker News
Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw
Attention iPhone and iPad users! Apple rushes in with iOS 17.0.3 and iPadOS 17.0.3 updates to patch an actively exploited kernel vulnerability.
Infosecurity News
LightSpy iPhone Spyware Linked to Chinese APT41 Group
ThreatFabric found evidence that LighSpy is linked to Android spyware DragonEgg, attributed to the Chinese-sponsored group
The Hacker News
Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware
From DragonEgg to LightSpy: Discover the hidden links between Android and iOS spyware, exposing a sophisticated network of surveillance.
Bleeping Computer
New 'Looney Tunables' Linux bug gives root on major distros
A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.so dynamic loader.
The Hacker News
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud
🚨Beware of LUCR-3 (aka Scattered Spider) – a threat actor targeting Fortune 2000 companies for extortion.
The Hacker News
BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground
BunnyLoader, the latest malware-as-a-service, is up for sale in the dark web. It can steal your data, replace your crypto address
CSO
ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year
Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations
SecurityWeek
In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
New RSA encryption attack, Meta’s AI privacy safeguards, and ShinyHunters hackers’ guilty plea in the United States
The Hacker News
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
North Korea's Lazarus Group targets Spanish aerospace company in a cyber espionage attack.
Bleeping Computer
Budworm hackers target telcos and govt orgs with custom malware
A Chinese cyber-espionage hacking group tracked as Budworm has been observed targeting a telecommunication firm in the Middle East and a government entity in Asia using a new variant of its custom 'SysUpdate' backdoor.
The Hacker News
China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
BlackTech, a notorious state-backed hackers from China, are using router backdoors to quietly to breach government, tech, and media sectors in the U.S
Cyber Security News
Threat Actors Use Abnormal Certificates to Deliver Info-stealing Malware
Recently, cybersecurity researchers at ASEC identified that threat actors are actively exploiting abnormal certificates to deliver info-stealing malware.
DarkReading
China APT Cracks Cisco Firmware in Attacks Against the US and Japan
Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance.
Bleeping Computer
US and Japan warn of Chinese hackers backdooring Cisco routers
A joint cybersecurity advisory by the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police) sheds light on the techniques the Chinese threat actors known as BlackTech use to attack Japanese and U.S. organizations.
DarkReading
Researchers Uncover RaaS Affiliate Distributing Multiple Ransomware Strains
Ransomware-as-a-service affiliate ShadowSyndicate is unusual for the size of its malicious infrastructure and the fact that it's distributing seven different ransomware strains.
Bleeping Computer
Windows 11 ‘Moment 4’ update released, here are the many new features
Microsoft has released the Windows 11 22H2 'Moment 4' update, bringing 150 new features, including new AI-powered versions of Paint, ClipChamp, Snipping tool, and the new Microsoft Copilot.
DarkReading
UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack
The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.
Infosecurity News
Sophisticated APT Clusters Target Southeast Asia
Unit 42 uncovered three separate threat actor clusters: Stately Taurus, Alloy Taurus and Gelsemium
The Hacker News
New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
Espionage Alert: Southeast Asian government targeted by China-nexus threat actors. A three-part report by Palo Alto Networks reveals distinct clusters
CSO
Chinese state actors behind espionage attacks on Southeast Asian government
The distinct groups of activities formed three different clusters, each attributed to a specific APT group.
Bleeping Computer
New stealthy and modular Deadglyph malware used in govt attacks
A novel and sophisticated backdoor malware named 'Deadglyph' was seen used in a cyberespionage attack against a government agency in the Middle East.
The Hacker News
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
Researchers uncovered a new advanced backdoor, 'Deadglyph,' by Stealth Falcon hackers, which combines two languages for cyber espionage.
The Hacker News
Iranian Nation-State Actor OilRig Targets Israeli Organizations
OilRig, Iran's state-backed actor, aims at Israeli entities with spear-phishing tactics. Learn about the Outer Space and Juicy Mix campaigns.
DarkReading
'Gold Melody' Access Broker Plays on Unpatched Servers' Strings
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.
The Hacker News
Mysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three Continents
Sandman, a new cyber threat actor, is targeting telecom providers across continents. Read more about this cyber espionage campai
The Hacker News
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
Gold Melody, the financially motivated cyber group, is selling access to compromised organizations for ransomware attacks.
Bleeping Computer
TransUnion denies it was hacked, links leaked data to 3rd party
Credit reporting firm TransUnion has denied claims of a security breach after a threat actor known as USDoD leaked data allegedly stolen from the company's network.
Infosecurity News
#mWISE: US to Implement Game-Changing Cyber Mandates on Medical Device
A new legal requirement for medical devices in the US will introduce the first-ever SBOM mandate for the consumer market
The Hacker News
Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace
Finnish authorities shut down PIILOPUOTI, a dark web hub for illegal narcotics.
The Hacker News
GitLab Releases Urgent Security Patches for Critical Vulnerability
GitLab issues patches for CVE-2023-5009, a flaw allowing attackers to run pipelines as other users.
Trend Micro
Attacks on 5G Infrastructure From Users’ Devices
Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defense, utilities, and the medical sectors use for their daily operations depend on the speed, efficiency, and productivity brought by 5G. This entry describes CVE-2021-45462 as a potential use case to deploy a denial-of-service (DoS) attack to private 5G networks.
The Hacker News
ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies
Telecom providers in the Middle East face a stealthy cyber threat called ShroudedSnooper. It uses HTTPSnoop to exploit Windows HTTP kernel drivers.
The Hacker News
Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign
Researchers warn of a new sophisticated campaign, Operation Rusty Flag, deploying Rust-based malware in Azerbaijan.
The Hacker News
Over 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability
Nearly 12,000 Juniper firewall devices exposed on the internet are vulnerable to a recently disclosed remote code execution flaw.
Bleeping Computer
APT36 state hackers infect Android devices using YouTube app clones
The APT36 hacking group, aka 'Transparent Tribe,' has been observed using at least three Android apps that mimic YouTube to infect devices with their signature remote access trojan (RAT), 'CapraRAT.'
The Hacker News
Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients
Software company Retool suffered a breach with 27 customer accounts hacked after an SMS-based attack. Google Account sync blamed for the breach, turni
The Hacker News
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
UNC3944 threat actor now turns to ransomware attacks, targeting critical systems. Understand their tactics, and learn how to protect your organization
DarkReading
Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs
For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide.
Infosecurity News
Iranian Threat Group Hits Thousands With Password Spray Campaign
APT33 activity resulted in data theft from small number of victims
Infosecurity News
Caesars Entertainment Reveals Major Ransomware Breach
Attackers compromised loyalty program data via supplier
CSO
Hackers behind MGM cyberattack thrash the casino’s incident response
MGM rushed through response owing to incompetent staff, had multiple system vulnerabilities, and did not care about customer safety, alleged ransomware group ALPHV who also blamed VX underground for spreading misinformation.
Bleeping Computer
Iranian hackers breach defense orgs in password spray attacks
Microsoft says an Iranian-backed threat group has targeted thousands of organizations in the U.S. and worldwide in password spray attacks since February 2023.
Bleeping Computer
Windows 11 ‘ThemeBleed’ RCE bug gets proof-of-concept exploit
Security researcher Gabe Kirkpatrick has made a proof-of-concept (PoC) exploit available for CVE-2023-38146, aka "ThemeBleed," which enables attackers to trigger arbitrary remote code execution if the target opens a specially crafted '.theme' file.
SecurityWeek
Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack
A known ransomware gang has taken credit for the highly disruptive attack on MGM Resorts, and the company has yet to restore impacted systems
Bleeping Computer
New Windows 11 feature blocks NTLM-based attacks over SMB
Microsoft added a new security feature to Windows 11 that lets admins block NTLM over SMB to prevent pass-the-hash, NTLM relay, or password-cracking attacks.
The Hacker News
Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family
A new ransomware, 3AM, has emerged! It's written in Rust and aims to encrypt files while deleting Volume Shadow copies.
The Hacker News
Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages
Microsoft sounds the alarm on Storm-0324's tactics, luring its prey through Teams messages to breach corporate networks.
Bleeping Computer
Ransomware access broker steals accounts via Microsoft Teams phishing
Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks.
The Hacker News
Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign
Redfly's espionage operation exposed! For 6 months, they compromised an Asian national grid, stealing credentials and infiltrating computers.
The Hacker News
U.K. and U.S. Sanction 11 Russia-based Trickbot Cybercrime Gang Members
U.S. and U.K. governments have jointly imposed sanctions on 11 individuals connected to the Russia-based TrickBot cybercrime group.
DarkReading
Trickbot, Conti Sanctions Affect Top Cybercrime Brass
US Treasury officials said the sanctions move is part of its effort to combat Russian state-sponsored cybercrime.
The Hacker News
North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
North Korean hackers using fake social media accounts and exploiting zero-day bugs to compromise cybersecurity researchers.
Bleeping Computer
Microsoft: North Korean hackers target Russian govt, defense orgs
Microsoft says North Korean hacking groups have breached multiple Russian government and defense targets since the start of the year.
The Hacker News
Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware
Beware of the latest macOS threat! A new malvertising campaign is actively spreading Atomic Stealer malware, targeting gamers and crypto users.
SecurityWeek
Hacker Conversations: Alex Ionescu
SecurityWeek talks to Alex Ionescu, a cybersecurity expert who combined a career as a business executive with that of a security researcher.
The Hacker News
Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure
Ukraine's CERT-UA fends off a cyberattack on a critical energy infrastructure. Learn how a phishing email led to an infiltration attempt by APT28.
The Hacker News
New BLISTER Malware Update Fuelling Stealthy Network Infiltration
New BLISTER update spotted! It's now part of SocGholish attacks, spreading an open-source C2 framework called Mythic.
The Hacker News
Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia
Meta thwarts China and Russia's massive influence ops! Thousands of accounts and pages blocked across platforms.
The Hacker News
PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability
Exploit code now available for critical SSH authentication bypass flaw in VMware Aria Operations for Networks.
The Hacker News
Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military
Five Eyes intelligence alliance reveals a Russian state-sponsored actor, Sandworm, behind mobile malware 'Infamous Chisel' targeting Ukrainian
The Hacker News
New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists
Did you know about SuperBear? A recent phishing attack in South Korea exposed this dangerous remote access trojan. Read how this remote access trojan
The Hacker News
Classiscam Scam-as-a-Service Raked $64.5 Million During the COVID-19 Pandemic
Classiscam Scam: Cybercriminals have pocketed $64.5M since 2019, targeting 79 countries
The Hacker News
North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository
Researchers uncover 3 more malicious Python packages in PyPI repository under VMConnect campaign.
DarkReading
Chinese Group Spreads Android Spyware Via Trojan Signal, Telegram Apps
Thousands of devices have become infected with "BadBazaar," malware previously used to spy on Uyghur and Turkic ethnic minorities in China.
The Hacker News
MMRat Android Trojan Executes Remote Financial Fraud Through Accessibility Feature
New Android banking trojan alert! Meet MMRat: stealthy malware targeting Southeast Asian users. It hijacks devices remotely for financial fraud.
Cyber Security News
Top 3 Malware Loaders of 2023 that Fueling 80% of Cyber Attacks
Cybersecurity Analysts at ReliaQuest have recently uncovered a multitude of malware loaders that were observed to be the most active this year in 2023.
DarkReading
Sprawling Qakbot Malware Takedown Spans 700,000 Infected Machines
"Operation Duck Hunt" is not likely to eliminate the initial access botnet forever, but the proactive removal of the malware from victim machines by law enforcement is one of the largest and most significant efforts of its kind.
Bleeping Computer
How the FBI nuked Qakbot malware from infected Windows PCs
The FBI announced today the disruption of the Qakbot botnet in an international law enforcement operation that not only seized infrastructure but also uninstalled the malware from infected devices.
DarkReading
Meta Cripples China's Signature 'Spamouflage' Influence Op
The social media giant is taking on Dragonbridge, the "largest known cross-platform covert influence operation in the world."
The Hacker News
Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom
Suspected Chinese hacking group UNC4841 exploited zero-day flaw in Barracuda ESG appliances to target government, military, and tech companies.
Bleeping Computer
US govt email servers hacked in Barracuda zero-day attacks
Suspected Chinese hackers disproportionately targeted and breached government and government-linked organizations worldwide in recent attacks targeting a Barracuda Email Security Gateway (ESG) zero-day, with a focus on entities across the Americas.
Infosecurity News
Four in Five Cyber-Attacks Powered by Just Three Malware Loaders
ReliaQuest found that 80% of cyber intrusion campaigns used either QakBot, SocGholish or Raspberry Robin
Trend Micro
MMRat Carries Out Bank Fraud Via Fake App Stores
The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023.
Bleeping Computer
Microsoft will enable Exchange Extended Protection by default this fall
Microsoft announced today that Windows Extended Protection will be enabled by default on servers running Exchange Server 2019 starting this fall after installing the 2023 H2 Cumulative Update (CU14).
SecurityWeek
3 Malware Loaders Detected in 80% of Attacks: Security Firm
QakBot, SocGholish, and Raspberry Robin are the three most popular malware loaders, accounting for 80% of the observed incidents.
Cyber Security News
Threat and Vulnerability Roundup for the week of August 20th to 26th
Critical flaws, exploits, and recent techniques for attacking have all been highlighted. We also offer the most latest software upgrades to keep your devices safe.
The Hacker News
Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack
Kroll reveals an employee's T-Mobile account was compromised due to a sophisticated SIM swap attack.
DarkReading
China Unleashes Flax Typhoon APT to Live Off the Land, Microsoft Warns
The cyber espionage group has created a stealthy, hard-to-mitigate network of persistent access across a range of organizations, but the endgame is unclear.
Security Affairs
China-linked Flax Typhoon APT targets Taiwan
China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan as part of a suspected espionage campaign. Microsoft linked the Chinese APT Flax Typhoon (aka Ethereal Panda) to a cyber espionage campaign that targeted dozens of organizations in Taiwan. The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizations’ networks with […]
The Hacker News
Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks
Remember the hacks on Uber, Revolut, & Rockstar Games? Two UK teenagers, part of the infamous LAPSUS$ gang, convicted for high-profile hacks.
The Hacker News
China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
A cyber group from China targets Taiwanese organizations. Microsoft tracks their stealthy approach to gaining network access.
The Hacker News
Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches
Alert! FBI warns that the recent patches for Barracuda Networks Email Security Gateway are ineffective against a critical flaw.
The Hacker News
Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware
Lazarus Group, linked to North Korea, exploits Zoho security flaw to spread QuiteRAT trojan.
The Hacker News
WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders
The recent WinRAR vulnerability was exploited as a zero-day since April to compromise traders' devices and withdraw money.
The Hacker News
Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw
Thousands of Openfire XMPP servers remain unpatched against a high-severity flaw, CVE-2023-32315, exposing them to exploits.
The Hacker News
Tornado Cash Founders Charged in Billion-Dollar Crypto Laundering Scandal
The U.S. Justice Department indicts two founders of Tornado Cash, a cryptocurrency mixer service, for laundering over $1 billion in criminal proceeds.
The Hacker News
North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns
FBI alerts of a potential cash out by North Korean actors, linked to $40M in stolen cryptocurrency. This group is currently holding 1,580 bitcoins
Security Affairs
Carderbee APT targets Hong Kong orgs via supply chain attacks
A previously unknown APT group, tracked as Carderbee, was behind a supply chain attack against Hong Kong organizations. Symantec Threat Hunter Team reported that a previously unknown APT group, tracked as Carderbee, used a malware-laced version of the legitimate Cobra DocGuard software to carry out a supply chain attack aimed at organizations in Hong Kong. […]
SecurityWeek
Hacker Conversations: Cris Thomas (AKA Space Rogue) From Lopht Heavy Industries
Conversation with Cris Thomas, also known as Space Rogue, who was a founding member of the Lopht Heavy Industries hacker collective.
The Hacker News
Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates
A new threat cluster, dubbed Carderbee, is targeting organizations in Hong Kong & parts of Asia, using software supply chain attacks.
DarkReading
Chinese APT Targets Hong Kong in Supply Chain Attack
Dubbed Carderbee, the group used legitimate software and Microsoft-signed malware to spread the Korplug/PlugX backdoor to various Asian targets.
CyberScoop
Previously unknown hacking group targets Hong Kong organizations in supply chain cyberattack
The unknown and unattributed hackers compromised legitimate software in apparent focused attack, researchers said.
The Hacker News
Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog
Critical security flaw in Adobe ColdFusion has been added to CISA's Known Exploited Vulnerabilities catalog.
Security Affairs
N. Korean Kimsuky APT targets S. Korea-US military exercises
North Korea-linked APT Kimsuky launched a spear-phishing campaign targeting US contractors working at the war simulation centre. North Korea-linked APT group Kimsuky carried out a spear-phishing campaign against US contractors involved in a joint U.S.-South Korea military exercise. The news was reported by the South Korean police on Sunday, the law enforcement also added that […]
The Hacker News
WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams
New WoofLocker sophisticated toolkit tricks users with fake tech support scams, leveraging advanced fingerprinting and redirection mechanisms.
The Hacker News
New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools
Microsoft uncovers revamped BlackCat ransomware variant embedding Impacket & RemCom tools for lateral movement & remote code execution.