-1.webp)
Cyber Security News
APT Hackers Behind SysJoker Attacking Critical Industrial Sectors
SysJoker malware was initially discovered to be used by the APT group dubbed "WildCard" and was targeting the educational sector of Israel.
CSO
North Korean hackers mix code from proven malware campaigns to avoid detection
Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack.
Infosecurity News
SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
CPR said the malware now uses OneDrive instead of Google Drive for storing dynamic C2 server URLs
-1.webp)
Cyber Security News
SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive
SysJoker malware, a multi-platform backdoor with several variants for Windows, Linux, and Mac, has been observed being used by a Hamas-affiliated APT to target Israel. This malware was first identified by Intezer in 2021 and was recently used in targeted attacks. Checkpoint researchers disclosed the malware’s growth, variations in the intricacy of its execution flow, and […]
Bleeping Computer
New Rust-based SysJoker backdoor linked to Hamas hackers
A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language.
Security Affairs
Lazarus is using a MagicLine4NX zero-day in supply chain attack
UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in a supply-chain attack.
Security Affairs
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
Researchers reported that a Hamas-linked APT group is using a rust-based SysJoker backdoor against Israeli entities.
Bleeping Computer
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
The Hacker News
Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel
Researchers found a Rust version of SysJoker, a cross-platform backdoor used by Hamas-affiliated threat actor targeting Israel during ongoing conflict
Security Affairs
North Korea-linked Konni APT uses Russian-language documents
North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware .............
Infosecurity News
InfectedSlurs Botnet Resurrects Mirai With Zero-Days
The investigation conducted by Akamai in late October 2023 revealed a specific HTTP exploit path
The Hacker News
Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks
Threat actor Konni, potentially tied to North Korea, deploys RAT in cyber espionage using Russian Word doc, exploiting WinRAR flaw.
The Hacker News
Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails
New Malware Alert: WailingCrab, a sophisticated loader, is spreading via shipping-themed email messages.
Infosecurity News
North Korean Supply Chain Threat is Booming, UK and South Korea Warn
The UK’s NCSC and South Korea’s NIS issued a joint advisory describing some of North Korean hackers’ tactics in deploying supply chain attacks
Security Affairs
North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software
North Korea-linked APT group Diamond Sleet is distributing a trojanized version of the CyberLink software in a supply chain attack.
The Hacker News
Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
Active malware campaign exploits zero-day vulnerabilities to create a Mirai-based DDoS botnet targeting routers and NVR devices.
Cyber Security News
WailingCrab Malware Abuse Messaging Protocol for C2 Communications
WailingCrab's backdoor component has been in contact with the C2 since the middle of 2023 via the lightweight IoT message protocol MQTT.
Infosecurity News
North Korea Blamed For CyberLink Supply Chain Attacks
Legitimate app installer modified with malicious code
The Hacker News
North Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack
North Korean hackers, aka Diamond Sleet, spread a trojanized version of CyberLink's legit app.
Security Affairs
New InfectedSlurs Mirai-based botnet exploits two zero-days
Mirai-based botnet InfectedSlurs has been spotted exploiting two zero-day RCE flaws to compromise routers and video recorder (NVR) devices.
Bleeping Computer
Microsoft: Lazarus hackers breach CyberLink in supply chain attack
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide.
Bleeping Computer
New botnet malware exploits two zero-days to infect NVRs and routers
A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices.
Cyber Security News
Hackers Exploiting 0-day RCE Flaws in the Wild to Deploy Mirai Malware
The Mirai botnet is a malicious network of infected computers, routers, and IoT devices harnessed by cybercriminals to launch large-scale DDoS attacks.
Ars Technica
USB worm unleashed by Russian state hackers spreads worldwide
LitterDrifter's means of self-propagation are simple. So why is it spreading so widely?
Infosecurity News
India Faces Surge in IM App Attacks With Trojan Campaigns
Microsoft highlighted a shift in tactics, with attackers directly sharing malicious APK files
Infosecurity News
Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities
Fortinet researchers have detected a malicious Word document displaying Russian text
Bleeping Computer
DarkGate and Pikabot malware emerge as Qakbot’s successors
A sophisticated phishing campaign pushing the DarkGate malware infections has recently added the PikaBot malware into the mix, making it the most advanced phishing campaign since the Qakbot operation was dismantled.
Cyber Security News
LummaC2 Employs Trigonometry to Track Mouse Movements
MaaS (Malware-as-a-Service) thrives as a top choice for new cyber threats, offering easy access to powerful tools. Threat actors primarily focus on information theft under Maas, specializing in stealing and leaking sensitive data from hacked devices.
Cyber Security News
Hackers Attacking Apache Web Servers to Install Coinminers
An attack campaign that installs XMRig Coinminer on Windows web servers that run on Apache has been discovered recently.
The Hacker News
New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
New variant of Agent Tesla malware identified. It's a keylogger and remote access trojan (RAT) offered as part of a malware-as-a-service (MaaS) model.
The Hacker News
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users
📱 Alert: Android users in India, beware! Hackers are distributing fake banking and government apps to steal sensitive data like bank info and persona
The Hacker News
Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions
China-linked Mustang Panda cyber actor targets Philippines government entity amid South China Sea tensions.
Bleeping Computer
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine
A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group.
DarkReading
Amid Military Buildup, China Deploys Mustang Panda in the Philippines
China pairs cyber and kinetic attacks in the South Pacific as it continues to wrangle control of the South China Sea.
The Hacker News
NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors
Education, government, and businesses are under attack by NetSupport RAT, a dangerous remote access trojan.
.webp)
Cyber Security News
LitterDrifter Powershell Worm Rapidly Spreads on USB Drives by Itself
Gamaredon (aka Primitive Bear, ACTINIUM, and Shuckworm), stands out in Russian espionage by exclusively targeting Ukrainian entities.
The Hacker News
Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years
Indian Hack-for-Hire Group targeted U.S., China, Pakistan, and more for over a decade.
Bleeping Computer
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks.
Security Affairs
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
Bleeping Computer
MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet
MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals.
Security Affairs
FBI and CISA warn of attacks by Rhysida ransomware gang
The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors.
Cyber Security News
OracleIV: Dockerized Botnet Launches DDoS Attack Against Docker Engine
Hackers use networks of compromised computers (botnets) to generate massive traffic, disrupting the target's normal functioning by overloading its resources. The goal is to make a website or online service inaccessible to legitimate users.
Ars Technica
Intel fixes high-severity CPU bug that causes “very strange behavior”
Among other things, bug allows code running inside a VM to crash hypervisors.
.jpg)
DarkReading
Royal Ransom Demands Exceed $275M, Rebrand in Offing
The swift-moving ransomware crew continues to evolve quickly and has already attacked more than 350 victims since it was first detected just over a year ago.
Cyber Security News
Stealc Malware Steals Passwords & Credit Cards From Chrome & Firefox
Cybersecurity researcher, Aziz Farghly recently discovered an infostealer, "Stealc." Plymouth has promoted Stealc, a new non-resident stealer
Infosecurity News
Pro-Palestine APT Group Uses Novel Downloader in New Campaign
TA402 launches new targeted phishing campaigns
DarkReading
Ducktail Malware Targets the Fashion Industry
Threat actors distributed an archive containing images of new products by major clothing companies, along with a malicious executable disguised with a PDF icon.
Security Affairs
CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog
US CISA added four vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog.
Infosecurity News
Python Malware Poses DDoS Threat Via Docker API Misconfiguration
Cado Security Labs said the bot agent exhibited various methods for conducting DDoS attacks
The Hacker News
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations
Chinese nation-state hackers are targeting 24 Cambodian government organizations in a long-term espionage campaign.
Bleeping Computer
Iranian hackers launch malware attacks on Israel’s tech sector
Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms.
Cyber Security News
MOVEit Hackers Turn to SysAid Servers Zero-Day Vulnerability
SysAid disclosed a zero-day which was affecting on-premises SysAid servers. The vulnerability was found to be a path traversal vulnerability.
The Hacker News
Stealthy Kamran Spyware Targeting Urdu-speaking Users in Gilgit-Baltistan
Urdu-speaking readers in Gilgit-Baltistan, beware! A WATERING HOLE ATTACK using Kamran spyware has been uncovered by ESET
Infosecurity News
New Kamran Spyware Targets Urdu-Speaking Users in Pakistan
ESET said the attack affects Android users accessing the Urdu version of the Hunza News website
Bleeping Computer
Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks
Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware.
Infosecurity News
Iran-Affiliated Group Targets Israeli Firms Amid Israel-Hamas Conflict
CrowdStrike attributes recent attacks on the Israeli transportation, logistics, and technology sectors to Iran-affiliated group Imperial Kitten
Bleeping Computer
Russian hackers switch to LOTL technique to cause power outage
Russian state hackers have evolved their methods for breaching industrial control systems by adopting living-off-the-land techniques that enable reaching the final stage of the attack quicker and with less resources
The Hacker News
MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel
MuddyWater expands its cyber arsenal with MuddyC2Go, a new C2 framework used in sophisticated attacks targeting Israel.
Cyber Security News
Google Calendar RAT Abusing Calendar Events to Create Red Teaming Infrastructure
Google Calendar RAT is a proof of concept for Command & Control . It's useful when setting up a full red teaming infrastructure.
DarkReading
Evasive Jupyter Infostealer Campaign Showcases Dangerous Variant
The attacks are another manifestation of the concerning rise in information stealers for harvesting data and enabling persistent access to enterprise networks.
Bleeping Computer
BlueNoroff hackers backdoor Macs with new ObjCShellz malware
The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices.
DarkReading
North Korea's BlueNoroff APT Debuts 'Dumbed Down' macOS Malware
Kim Jong-Un's hackers are scraping the bottom of the barrel, using script kiddie-grade malware to steal devalued digital assets.
Infosecurity News
GootBot Implant Heightens Risk of Post-Infection Ransomware
IBM found Gootloader group opting for GootBot over off-the-shelf tools for lateral movement
Infosecurity News
New BlueNoroff Malware Variant Targets Cryptocurrency Exchanges
Jamf Threat Labs found a Mach-O universal binary communicating with an identified malicious domain
CyberNews
Kim’s cyber army has a new malware toy targeting Apple devices
A cybercrime group from North Korea was found to be using a new, fairly simple yet very functional malware that helps attackers commit financial crimes targeting MacOS.
The Hacker News
New GootLoader Malware Variant Evades Detection and Spreads Rapidly
A variant of GootLoader, known as GootBot, is enabling hackers to sneak past defenses, spreading rapidly through networks.
The Hacker News
SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities
Pakistani threat actor SideCopy exploiting recent WinRAR vulnerability in attacks on Indian government entities.
DarkReading
Gootloader Aims Malicious, Custom Bot Army at Enterprise Networks
Previously limited to initial access brokering, the Gootloader group has pivoted to a nasty post-compromise "GootBot" attack, each implant with its own C2.
The Hacker News
New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics
Jupyter Infostealer is back with stealthy changes. Cyber attackers use manipulated SEO tactics to trick users into downloading malware.
Cyber Security News
U.S. Government Recovers $2.4 Million From A Business Emails Hack
The hackers frauded $2.4 Million through business emails, but the U.S. Government reclaimed the Money and returned it to the victims.
The Hacker News
Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel
Google warns of hackers exploiting its Calendar service to host command-and-control (C2) infrastructure.
Bleeping Computer
Socks5Systemz proxy service infects 10,000 systems worldwide
A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices.
The Hacker News
StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices
StripedFly, a stealthy malware posing as a crypto miner, has infected over a million devices worldwide and has flown under the radar for 5 years.
CSO
Iran-linked spy APT MuddyWater ratchets up anti-Israel attacks: Report
Fake folders and remote access tools are part of the MuddyWater advanced persistent threat (APT) espionage group’s latest campaign against Israeli targets, according to cybersecurity firm Deep Instinct.
The Hacker News
CanesSpy Spyware Discovered in Modified WhatsApp Versions
WhatsApp mods for Android hiding a dangerous spyware, CanesSpy! Your phone could be compromised without you knowing.
Bleeping Computer
New macOS 'KandyKorn' malware targets cryptocurrency engineers
A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform.
DarkReading
Upgraded Kazuar Backdoor Offers Stealthy Power
The obscure Kazuar backdoor used by Russian attack group Turla has resurfaced, and it's more dangerous than ever.
Infosecurity News
Israeli Entities Under Attack By MuddyWater’s Advanced Tactics
Deep Instinct said MuddyWater leveraged a new file-sharing service called “Storyblok”
Infosecurity News
Spy Module Discovered in WhatsApp Mods
Kaspersky said that between October 5 and 31 alone, it intercepted over 340,000 attacks
The Hacker News
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign
Iranian state-backed hackers, MuddyWater, has evolved its tactics. They're now using N-able's Advanced Monitoring Agent.
Infosecurity News
North Korean Hackers Target macOS Crypto Engineers With Kandykorn
The intrusion, tracked as REF7001 by Elastic Security Labs, uses custom and open source capabilities
The Hacker News
Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East
Iranian threat actor "Scarred Manticore" has launched a year-long cyber espionage campaign targeting the Middle East finance, government, military.
The Hacker News
Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection
Turla hackers are back with a revised Kazuar backdoor, featuring stealthy anti-analysis techniques & C2 communication disruption.
DarkReading
'Prolific Puma' Hacker Gives Cybercriminals Access to .us Domains
Cybercriminals are upping their phishing with shortened links and showing that coveted, regulated top-level domains aren't as exclusive as you'd think.
The Hacker News
Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App
Arid Viper, a cyber espionage group linked to Hamas, has been exposed for its Android spyware campaign disguised as a dating app.
Bleeping Computer
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks
A new malware wiper known as BiBi-Linux is being used to destroy data in attacks targeting Linux systems belonging to Israeli companies.
Cyber Security News
Lazarus Group Hacked Software Vendor to Steal Source Code, Attack Supply Chain
This year, a software vendor fell victim to Lazarus malware through unpatched software, despite prior warnings and patches.
The DFIR Report
Netsupport Intrusion Results in Domain Compromise - The DFIR Report
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report … Read More
Bleeping Computer
Lazarus hackers breached dev repeatedly to deploy SIGNBT malware
The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer.
The Hacker News
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws
North Korea-aligned Lazarus Group is behind malicious campaigns targeting software vendors, exploiting security flaws in high-profile software.
Bleeping Computer
France says Russian state hackers breached numerous critical networks
The Russian APT28 hacking group (aka 'Strontium' or 'Fancy Bear') has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021.
Bleeping Computer
StripedFly malware framework infects 1 million Windows, Linux hosts
A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time.
DarkReading
Complex Spy Platform StripedFly Bites 1M Victims
Sophisticated Windows and Linux malware for stealing data and conducting cyber espionage has flown under the radar, disguised as a cryptominer.
Cyber Security News
Hackers Launch a Chain of Exploits Via Malicious iMessage Attachments
TriangleDB", this malware infection chain consists of a malicious iMessage attachment which launches a chain of exploits on affected devices.
The Hacker News
YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group
YoroTrooper is a unique threat actor - likely originating from Kazakhstan. Get the latest info on tactics, techniques, tools, and targeting of this ac
The Hacker News
Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software
Attention to all Roundcube users: Security researchers have discovered malicious activity from Winter Vivern.
The Hacker News
Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
Brazil's popular PIX payment system is under attack! Cybercriminals are using a new malware, GoPIX, to target users searching for "WhatsApp web."
DarkReading
Meet Rhysida, a New Ransomware Strain That Deletes Itself
Emerging RaaS operation uses Rhysida ransomware paired with a wicked infostealer called Lumar, researchers warn.
Bleeping Computer
Hackers backdoor Russian state, industrial orgs for data theft
Several state and key industrial organizations in Russia were attacked with a custom Go-based backdoor that performs data theft, likely aiding espionage operations.
The Hacker News
Operation Triangulation: Experts Uncover Deeper Insights into iOS Zero-Day Attacks
Sophisticated Apple iOS attack dubbed Operation Triangulation employed clever techniques to targets victims with a backdoor implant called "TriangleDB
Infosecurity News
New Grandoreiro Malware Variant Targets Spain
Proofpoint said this variant is attributed to the threat actor TA2725
The Hacker News
DoNot Team's New Firebird Backdoor Hits Pakistan and Afghanistan
Discover the latest cyber threat: DoNot Team's Firebird backdoor targeting Pakistan and Afghanistan.
Cyber Security News
Hackers Using Money-Making Scripts to Deliver Multiple Malware
The FBI warned about attacks on government and non-profit organizations in April, which involved deploying multiple malware strains on victim devices.
Bleeping Computer
New TetrisPhantom hackers steal data from secure USB drives on govt systems
A new sophisticated threat tracked as 'TetrisPhantom' has been using compromised secure USB drives to target government systems in the Asia-Pacific region.
DarkReading
North Korean State Actors Attack Critical Bug in TeamCity Server
Known threat groups Diamond Sleet and Onyx Sleet focus on cyber espionage, data theft, network sabotage, and other malicious actions, Microsoft says.
DarkReading
Iran-Linked 'MuddyWater' Spies on Mideast Gov't for 8 Months
The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.
The Hacker News
Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies
New MATA cyber espionage operation strikes Eastern European companies in oil & gas and defense sectors.
Cyber Security News
Hackers Use Discord for C&C to Exploit Jupyter Notebooks & SSH
Jupyter Notebooks that are exposed to the internet are targeted by a crypto jacking campaign called Qubit Strike, discovered by Cado Security Labs.
DarkReading
North Korea's Kimsuky Doubles Down on Remote Desktop Control
The sophisticated APT employs various tactics to abuse Windows and other built-in protocols with both custom and public malware to take over victim systems.
Bleeping Computer
MATA malware framework exploits EDR in attacks on defense firms
An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe.
Bleeping Computer
Single Sign On and the Cybercrime Ecosystem
One of the trends driving an increase is the compromise of enterprise single sign on (SSO) applications are info-stealer malware attacks. Learn more from Flare about this cybercrime ecosystem.
The Hacker News
Qubitstrike Targets Jupyter Notebooks with Crypto Mining and Rootkit Campaign
A new cyber threat emerges! Discover how Qubitstrike, linked to Tunisia, targets Jupyter Notebooks for crypto mining and cloud breaches.
Bleeping Computer
Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials
Hackers are scanning for internet-exposed Jupyter Notebooks to breach servers and deploy a cocktail of malware consisting of a Linux rootkit, crypto miners, and password-stealing scripts.
Cyber Security News
EtherHiding: A Novel Technique to Hide Malicious Code Using Binance's Smart Chain
“EtherHiding” which abuses Binance's Smart Chain (BSC) contracts to host parts of a malicious code chain to hide them inside the blockchain.
Infosecurity News
New RomCom Backdoor Targets Female Political Leaders
A new version of Void Rabisu's RomCom backdoor was used to lure attendees of the June 2023 Women Political Leaders Summit
The Hacker News
Binance's Smart Chain Exploited in New 'EtherHiding' Malware Campaign
Malicious actors are using Binance's Smart Chain (BSC) contracts to host malicious code and serve it on compromised WordPress
Bleeping Computer
Women Political Leaders Summit targeted in RomCom malware phishing
A new, lightweight variant of the RomCom backdoor was deployed against participants of the Women Political Leaders (WPL) Summit in Brussels, a summit focusing on gender equality and women in politics.
DarkReading
Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure
CISA and FBI warn the RaaS provider's affiliates are striking critical industries, with more attacks expected to come from additional ransomware groups in the months ahead.
Bleeping Computer
Hackers use Binance Smart Chain contracts to store malicious scripts
Cybercriminals are employing a novel code distribution technique dubbed 'EtherHiding,' which abuses Binance's Smart Chain (BSC) contracts to hide malicious scripts in the blockchain.
The Hacker News
FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure
The FBI and CISA issue advisory on AvosLocker ransomware gang. They use open-source tools, leave minimal traces.
Bleeping Computer
ToddyCat hackers use 'disposable' malware to target Asian telecoms
A newly discovered campaign dubbed "Stayin' Alive" has been targeting government organizations and telecommunication service providers across Asia since 2021, using a wide variety of "disposable" malware to evade detection.
The Hacker News
ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers
Ever heard of an IP address in hexadecimal notation? It's the latest disguise hackers use to deploy DDoS malware on Linux systems.
The Hacker News
Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants
Cybersecurity experts uncover an ongoing threat to government and telecom entities in Asia.
DarkReading
Chinese 'Stayin' Alive' Attacks Dance Onto Targets With Dumb Malware
A sophisticated APT known as "ToddyCat," sponsored by Beijing, is cleverly using unsophisticated malware to keep defenders off their trail.
Bleeping Computer
Mirai DDoS malware variant expands targets with 13 router exploits
A Mirai-based DDoS (distributed denial of service) malware botnet tracked as IZ1H9 has added thirteen new payloads to target Linux-based routers and routers from D-Link, Zyxel, TP-Link, TOTOLINK, and others.
Infosecurity News
IZ1H9 Botnet Targets IoT Devices With New Exploits
FortiGuard Labs said the new campaign incorporates 13 distinct payloads
Infosecurity News
New Threat Actor “Grayling” Blamed For Espionage Campaign
Symantec highlights distinctive DLL sideloading technique
The Hacker News
New Magecart Campaign Alters 404 Error Pages to Steal Shoppers' Credit Cards
Beware of the latest Magecart attack! Attackers are now hiding malicious code on 404 error pages to steal your data.
The Hacker News
PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS
PEACHPIT alert! This ad fraud botnet, linked to China's BADBOX operation, targeted 15M+ Android & iOS users. Learn how threat actors exploited devices
CyberNews
Microsoft names Hamas-linked group targeting Israel
The Gaza-based cyber group, tracked by Microsoft as Storm-1133, targeted Israel’s infrastructure ahead of Hamas’ attack on the country.
The Hacker News
Gaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense Sectors
Gaza-based hacker group Storm-1133 targets Israeli energy, defense, and telecom. Microsoft's report exposes tactics.
SecurityWeek
Android Devices With Backdoored Firmware Found in US Schools
Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, Human Security warns.
The Hacker News
Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike
Semiconductor companies in East Asia are under attack. Threat actors posing as TSMC deploy Cobalt Strike beacons via HyperBro backdoor
Infosecurity News
Qakbot Gang Still Active Despite FBI Takedown
Cisco Talos found new evidence that Qakbot-affiliated actors were still distributing ransomware despite the August FBI takedown of the threat group
Bleeping Computer
China-linked cyberspies backdoor semiconductor firms with Cobalt Strike
Hackers engaging in cyber espionage have targeted Chinese-speaking semiconductor companies with TSMC-themed lures that infect them with Cobalt Strike beacons.
The Hacker News
QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks
🕵️♂️ Despite infrastructure disruption, QakBot malware operators are still active in an ongoing phishing campaign, delivering Ransom Knight ransomwa
The Hacker News
Analysis and Config Extraction of Lu0Bot, a Node.js Malware with Considerable Capabilities
Breaking down Lu0Bot's layers: From BAT files to unique domain assembly. Analysts share insights into the unconventional methods used by this Node.js
The Hacker News
Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack
ESET discovers a targeted cyber-espionage campaign in Guyana.
The Record
Qakbot hackers now pushing Cyclops/Ransom Knight ransomware, Cisco says
Just weeks after an international effort took down the Qakbot botnet's infrastructure, researchers from Cisco Talos say the hackers behind the group have pivoted to spreading ransomware.
Infosecurity News
LightSpy iPhone Spyware Linked to Chinese APT41 Group
ThreatFabric found evidence that LighSpy is linked to Android spyware DragonEgg, attributed to the Chinese-sponsored group
The Hacker News
Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware
From DragonEgg to LightSpy: Discover the hidden links between Android and iOS spyware, exposing a sophisticated network of surveillance.
Infosecurity News
Malware-Infected Devices Sold Through Major Retailers
The BADBOX scheme deploys the Triada malware on various devices like smartphones and tablets
The Hacker News
Researcher Reveal New Technique to Bypass Cloudflare's Firewall and DDoS Protection
Exploiting Cloudflare's Gaps: Threat actors can bypass DDoS protection mechanisms by abusing trust relationships.
DarkReading
North Korea Poses as Meta to Deploy Complex Backdoor at Aerospace Org
The Lazarus Group's "LightlessCan" malware executes multiple native Windows commands within the RAT itself, making detection significantly harder, security vendor says.
Bleeping Computer
New BunnyLoader threat emerges as a feature-rich malware-as-a-service
Security researchers discovered a new malware-as-a-service (MaaS) named 'BunnyLoader' advertised on multiple hacker forums as a fileless loader that can steal and replace the contents of the system clipboard.
Infosecurity News
BunnyLoader Malware Targets Browsers and Cryptocurrency
Coded in C/C++, the tool is a fileless loader that conducts malicious activities in memory
-1.webp)
Cyber Security News
BunnyLoader: New Malware-as-a-Service (MaaS) Under Rapid Development
A new malware-as-a-service (MaaS) loader under the name “BunnyLoader” has been discovered to be sold in multiple hacking forums.
The Hacker News
Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses
Silent Skimmer - A year-long web skimming campaign targets businesses in Asia, North America, and Latin America, stealing sensitive payment data.
The Hacker News
BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground
BunnyLoader, the latest malware-as-a-service, is up for sale in the dark web. It can steal your data, replace your crypto address
CSO
ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year
Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations
The Hacker News
Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
Cybercriminals are currently employing ASMCrypt, an advanced iteration of DoubleFinger, to evade detection by security tools.
Bleeping Computer
Lazarus hackers breach aerospace firm with new LightlessCan malware
The North Korean 'Lazarus' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown 'LightlessCan' backdoor.
The Hacker News
GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
Malicious actors targeting GitHub accounts, posing as Dependabot contributors.
Cyber Security News
Threat Actors Use Abnormal Certificates to Deliver Info-stealing Malware
Recently, cybersecurity researchers at ASEC identified that threat actors are actively exploiting abnormal certificates to deliver info-stealing malware.
CSO
New Trojan ZenRAT masquerades as Bitwarden password manager
A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities.
Bleeping Computer
Fake Bitwarden sites push new ZenRAT password-stealing malware
Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT.
Bleeping Computer
US and Japan warn of Chinese hackers backdooring Cisco routers
A joint cybersecurity advisory by the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police) sheds light on the techniques the Chinese threat actors known as BlackTech use to attack Japanese and U.S. organizations.
Cyber Security News
ZenRAT Malware Delivered Through Fake Bitwarden Installation Packages
A new malware called ZenRAT has been discovered. This malware is being spread via fraudulent download packages disguised as Bitwarden installations.
The Hacker News
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
Beware of AtlasCross! They're using Red Cross-themed phishing to deploy sneaky backdoors.
Bleeping Computer
GitHub repos bombarded by info-stealing commits masked as Dependabot
Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers.
The Hacker News
New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software
⚠️ Beware of ZenRAT! This new modular malware strain targets Windows users through trojanized Bitwarden installers.
Cyber Security News
ShadowSyndicate: A New Raas Provider Launching Multiple Ransomware Attacks
A new Ransomware-as-a-service (RaaS) provider has been discovered by researchers, which notably uses multiple ransomware families and is found to have links with several ransomware attacks since July 2022.
DarkReading
Researchers Uncover RaaS Affiliate Distributing Multiple Ransomware Strains
Ransomware-as-a-service affiliate ShadowSyndicate is unusual for the size of its malicious infrastructure and the fact that it's distributing seven different ransomware strains.
Infosecurity News
ZenRAT Malware Uncovered in Bitwarden Impersonation
Discovered by Proofpoint, ZenRAT is a modular remote access trojan targeting Windows users
The Hacker News
ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families
Cyber experts uncover a new threat: ShadowSyndicate. Explore their connections to ransomware and the latest findings from cybersecurity experts.
Cyber Security News
Xenomorph Android Banking Malware Attacks 30+ US Banks with New Stealing Capabilities
Xenomorph has been discovered with a new malware campaign targeting several United States and Spain institutions. This new campaign shows thousands of downloads of Xenomorph malware by victims.
Bleeping Computer
New AtlasCross hackers use American Red Cross as phishing lure
A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware.
The Hacker News
Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions
A new variant of the Xenomorph Banking Trojan has been uncovered, targeting 35+ U.S. financial institutions.
Cyber Security News
Hackers Lures Drone Manual to Deliver Notorious MerlinAgent malware
Securonix Threat Research has recently uncovered a noteworthy campaign, dubbed STARK#VORTEX, seemingly originating from the threat group UAC-0154
The Hacker News
Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign
Chinese state-sponsored hacker group TAG-74 targets academic, political, and government bodies in South Korea in a "multi-year" campaign.
Bleeping Computer
ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers
Security researchers have identified infrastructure belonging to a threat actor now tracked as ShadowSyndicate, who likely deployed seven different ransomware families in attacks over the past year.
DarkReading
UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack
The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.
The Hacker News
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
Ukrainian military hit by a phishing campaign using drone manuals as bait to deliver a Go-based open-source post-exploitation toolkit called Merlin.
Cyber Security News
Sandman APT Attacks Telcos Organizations to Steal System Information
Due to its vital infrastructure and the enormous quantity of sensitive data it manages, which includes both personal and business communications, the telecommunications sector is aggressively targeted by hackers.
Infosecurity News
Researchers Spot Novel “Deadglyph” Backdoor
Malware is linked to UAE-backed spies
The DFIR Report
From ScreenConnect to Hive Ransomware in 61 hours - The DFIR Report
In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such … Read More
Bleeping Computer
New stealthy and modular Deadglyph malware used in govt attacks
A novel and sophisticated backdoor malware named 'Deadglyph' was seen used in a cyberespionage attack against a government agency in the Middle East.
Bleeping Computer
Evasive Gelsemium hackers spotted in attack against Asian govt
A stealthy advanced persistent threat (APT) tracked as Gelsemium was observed in attacks targeting a Southeast Asian government that spanned six months between 2022 and 2023.
The Hacker News
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
Researchers uncovered a new advanced backdoor, 'Deadglyph,' by Stealth Falcon hackers, which combines two languages for cyber espionage.
The Hacker News
New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
Beware Latin America! BBTok banking trojan strikes Brazil & Mexico. Crafty phishing emails, unique payloads, and a sneaky approach.
The Hacker News
Iranian Nation-State Actor OilRig Targets Israeli Organizations
OilRig, Iran's state-backed actor, aims at Israeli entities with spear-phishing tactics. Learn about the Outer Space and Juicy Mix campaigns.
DarkReading
Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor
The Sandman group's main malware is among the very few that use the Lua scripting language and its just-in-time compiler.
The Hacker News
Mysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three Continents
Sandman, a new cyber threat actor, is targeting telecom providers across continents. Read more about this cyber espionage campai
Bleeping Computer
‘Sandman’ hackers backdoor telcos with new LuaDream malware
A previously unknown threat actor dubbed 'Sandman' targets telecommunication service providers in the Middle East, Western Europe, and South Asia, using a modular info-stealing malware named 'LuaDream.'
SecurityWeek
New 'Sandman' APT Group Hitting Telcos With Rare LuaJIT Malware
New and mysterious APT Sandman spotted targeting telcos in Europe and Asia as part of a cyberespionage campaign.
Cyber Security News
Chinese Hackers use .chm files to Hijack Execution Chain and Deploy Malware
A Chinese state-sponsored cyber-espionage campaign, attributed to TAG-74, targeted South Korean academic, political, and government bodies primarily linked to Chinese military intelligence.
Bleeping Computer
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware.
Cyber Security News
CapraRAT Android Malware Hijack Android Phones Mimicking YouTube App
Threat actors behind this group are actively exploiting the CapraRAT Android malware to hijack Android devices by mimicking the YouTube app.
The Record
Snatch gang ‘consistently evolved’ in targeting multiple industries, feds say
The FBI and CISA issued a detailed report on the Russia-based Snatch ransomware group, which has claimed several high-profile attacks in recent months.
DarkReading
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
"SprySOCKS" melds features from multiple previously known badware and adds to the threat actor's growing malware arsenal, Trend Micro says.
Infosecurity News
Chinese Group Exploiting Linux Backdoor to Target Governments
The new backdoor is being used by Earth Lusca to conduct cyber-espionage campaigns, primarily against governments in Asia and the Balkans
The Hacker News
Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
Earth Lusca, a China-linked group, is using a stealthy Linux backdoor called SprySOCKS to target government entities worldwide.
The Hacker News
Over 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability
Nearly 12,000 Juniper firewall devices exposed on the internet are vulnerable to a recently disclosed remote code execution flaw.
Bleeping Computer
APT36 state hackers infect Android devices using YouTube app clones
The APT36 hacking group, aka 'Transparent Tribe,' has been observed using at least three Android apps that mimic YouTube to infect devices with their signature remote access trojan (RAT), 'CapraRAT.'
DarkReading
Payment Card-Skimming Campaign Now Targeting Websites in North America
"Silent Skimmer" is a technically complex campaign that has successfully targeted online businesses in the Asia Pacific region for over a year.
Bleeping Computer
Bumblebee malware returns in new attacks abusing WebDAV folders
The malware loader 'Bumblebee' has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services.
Bleeping Computer
New SprySOCKS Linux malware used in cyber espionage attacks
A Chinese espionage-focused hacker tracked as 'Earth Lusca' was observed targeting government agencies in multiple countries, using a new Linux backdoor dubbed 'SprySOCKS.'
The Hacker News
Hook: New Android Banking Trojan That Expands on ERMAC's Legacy
Discover the evolution of Android trojans - 'Hook' inherits its powers from 'ERMAC.' How does it outperform its predecessor? Read on.
Cyber Security News
Threat and Vulnerability Roundup For The Week Of 10th to September 16th
This week's Threat and Vulnerability Roundup from Cyber Writes brings you the most recent cybersecurity news.