SecurityWeek
Police Dismantle Major Ukrainian Ransomware Operation
Police from several countries have dismantled a major Ukraine-based ransomware operation and arrested its alleged ringleader.
-1.webp)
Cyber Security News
APT Hackers Behind SysJoker Attacking Critical Industrial Sectors
SysJoker malware was initially discovered to be used by the APT group dubbed "WildCard" and was targeting the educational sector of Israel.
Infosecurity News
Cybercriminals Hesitant About Using Generative AI
An analysis of dark web forums revealed many threat actors are skeptical about using tools like ChatGPT to launch attacks
The Hacker News
How Hackers Phish for Your Users' Credentials and Sell Them
Did you know that a single stolen credential can jeopardize your entire network? Protect your organization against sophisticated phishing attacks. Lea
The Hacker News
Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine
A coordinated effort led to the arrest of key figures in Ukraine linked to various ransomware attacks, involving LockerGoga, MegaCortex, and Dharma.
Infosecurity News
Ukraine Police Dismantle Major Ransomware Group
Affiliate deployed LockerGoga, MegaCortex, Hive and Dharma
Bleeping Computer
Police dismantle ransomware group behind attacks in 71 countries
In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.
Security Affairs
Healthcare provider Ardent Health Services disclosed a ransomware attack
The US Healthcare provider Ardent Health Services disclosed that it was the victim of a ransomware attack last week.
CSO
North Korean hackers mix code from proven malware campaigns to avoid detection
Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack.
The Hacker News
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection
Lazarus Group's evolving cyber tactics target macOS systems by combining elements from multiple malware campaigns for better effectiveness and to avoi
The Record
High-profile ransomware gang suspects arrested in Ukraine
The international operation, centered on Kyiv, essentially neutralized a group known for deploying variants of LockerGoga, MegaCortex, Hive and Dharma ransomware, authorities said.
Bleeping Computer
Microsoft deprecates Defender Application Guard for Office
Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an alternative.
Infosecurity News
SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
CPR said the malware now uses OneDrive instead of Google Drive for storing dynamic C2 server URLs
Latest Hacking News
Konni RAT Malware Campaign Spreads Via Malicious Word Files
Researchers caught a new campaign from the notorious Konni RAT malware exploiting malicious Word files. The threat actors distribute the malware via malicious macros embedded in Word files that infect the target systems. Konni RAT Malware
Bleeping Computer
Leveraging Wazuh to combat insider threats
Effective strategies for mitigating insider threats involve a combination of detective and preventive controls. Such controls are provided by the Wazuh SIEM and XDR platform.
Cyber Security News
Broadcom Acquires VMware in a $61 Billion Deal
Broadcom has announced the triumphant acquisition of VMware, heralding a watershed moment in the sphere of infrastructure technology.
SecurityWeek
Hacktivism: What’s in a Name… It May be More Than You Expect
Hacktivists should be treated as malicious hackers because the distance between hacking/activism, malevolence, and damage is too small and too vague.
CyberScoop
Shadowy hacking group targeting Israel shows outsized capabilities
A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.
CyberNews
Robeson Health Care admits data breach
A healthcare provider in the US has disclosed a data breach that may have exposed the sensitive data of tens of thousands.
-1.webp)
Cyber Security News
SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive
SysJoker malware, a multi-platform backdoor with several variants for Windows, Linux, and Mac, has been observed being used by a Hamas-affiliated APT to target Israel. This malware was first identified by Intezer in 2021 and was recently used in targeted attacks. Checkpoint researchers disclosed the malware’s growth, variations in the intricacy of its execution flow, and […]
-1.webp)
Cyber Security News
Loader Malware Steal Sensitive System Data & Installs Other Malware
Loader malware emerges as a silent force, discreetly breaching unsuspecting systems and setting the stage for more sophisticated onslaughts.
The Record
Suspected Hamas-linked hackers target Israel with new version of SysJoker malware
Cybersecurity companies Check Point and Intezer analyzed what appears to be a rewrite of backdoor malware that targeted Israel's education sector as early as 2021.
Bleeping Computer
New Rust-based SysJoker backdoor linked to Hamas hackers
A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language.
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Lazarus is using a MagicLine4NX zero-day in supply chain attack
UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in a supply-chain attack.
Bleeping Computer
Atomic Stealer malware strikes macOS via fake browser updates
The 'ClearFake' fake browser update campaign has expanded to macOS, targeting Apple computers with Atomic Stealer (AMOS) malware.
-1.webp)
Cyber Security News
Hackers Using Malicious Browser Extensions to Steal Facebook Business Accounts
Ducktail is a specifically designed information stealer that can have severe consequences, such as privacy breaches and identity theft.
The Hacker News
New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government
A new web shell called HrServ is part of a suspected APT attack in Afghanistan. HrServ can erase tracks and execute code in memory.
Security Affairs
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
Researchers reported that a Hamas-linked APT group is using a rust-based SysJoker backdoor against Israeli entities.
Bleeping Computer
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
SecurityWeek
North Korean Software Supply Chain Attack Hits North America, Asia
North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply chain attack.
SecurityWeek
In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking
Idaho National Laboratory breach, GPS attacks target airplanes, Russian accuses China and North Korea of hacking.
The Hacker News
Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel
Researchers found a Rust version of SysJoker, a cross-platform backdoor used by Hamas-affiliated threat actor targeting Israel during ongoing conflict
Infosecurity News
Black Friday: Phishing Emails Soar 237%
Global brands impersonated to capitalize on busy shopping period
Security Affairs
North Korea-linked Konni APT uses Russian-language documents
North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware .............
Security Affairs
ClearFake campaign spreads macOS AMOS information stealer
Threat actors spread Atomic Stealer (AMOS) macOS information stealer via a bogus web browser update as part of ClearFake campaign.
Infosecurity News
InfectedSlurs Botnet Resurrects Mirai With Zero-Days
The investigation conducted by Akamai in late October 2023 revealed a specific HTTP exploit path
The Hacker News
Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks
Threat actor Konni, potentially tied to North Korea, deploys RAT in cyber espionage using Russian Word doc, exploiting WinRAR flaw.
Bleeping Computer
Black Friday 2023: Get 25% off the Zero2Automated malware analysis course
The popular Zero2Automated malware analysis and reverse-engineering course has a Black Friday 2023 through Cyber Monday sale, where you can get 25% off sitewide, including gift certificates and courses.
Cyber Security News
ClearFake a New Malware Attacking Mac users via fake browser updates
Atomic Stealer delivered a fake browser update chain tracked as ‘ClearFake’ to attack Mac users. Reported by Malwarebytes.
The Hacker News
Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails
New Malware Alert: WailingCrab, a sophisticated loader, is spreading via shipping-themed email messages.
Infosecurity News
North Korean Supply Chain Threat is Booming, UK and South Korea Warn
The UK’s NCSC and South Korea’s NIS issued a joint advisory describing some of North Korean hackers’ tactics in deploying supply chain attacks
Security Affairs
North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software
North Korea-linked APT group Diamond Sleet is distributing a trojanized version of the CyberLink software in a supply chain attack.
Cyber Security News
North Korean Hackers Targeting CyberLink Users in Supply-chain Attack
Microsoft Threat Intelligence has uncovered a sophisticated supply chain attack orchestrated by the North Korean Hackers Diamond Sleet (ZINC)
The Hacker News
6 Steps to Accelerate Cybersecurity Incident Response
Effective Incident Response is more than just tools. It's a process. Explore the 6-step framework for successful IR.
The Hacker News
Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
Active malware campaign exploits zero-day vulnerabilities to create a Mirai-based DDoS botnet targeting routers and NVR devices.
Cyber Security News
WailingCrab Malware Abuse Messaging Protocol for C2 Communications
WailingCrab's backdoor component has been in contact with the C2 since the middle of 2023 via the lightweight IoT message protocol MQTT.
Infosecurity News
North Korea Blamed For CyberLink Supply Chain Attacks
Legitimate app installer modified with malicious code
CyberNews
City in Texas attacked by Akira ransomware gang
Nassau Bay has admitted to having suffered a ransomware attack, leaving more than 8,000 affected.
CyberNews
Tri Counties Bank breach exposes user financial data
Tri Counties Bank data breach expose customer financial details.
CyberNews
Microsoft alerts CyberLink to North Korean threat
Microsoft has alerted software company CyberLink to the misuse of its software by North Korean group Diamond Sleet.
Cyber Security News
Bug Hunter GPT - AI Assistant that Replies for Hacking Questions
A 23-year-old hacker and CS student, Paolo Arnolfo (@sw33tLie) recently introduced "Bug Hunter GPT," an AI assistant.
The Hacker News
North Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack
North Korean hackers, aka Diamond Sleet, spread a trojanized version of CyberLink's legit app.
CSO
Cyberattacks on Israel intensify as the war against Hamas rages: Check Point
Cyberattacks have grown in frequency as well as sophistication as the Israel-Hamas conflict intensifies.
Trend Micro
ParaSiteSnatcher How Malicious Chrome Extensions Target Brazil
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
Security Affairs
New InfectedSlurs Mirai-based botnet exploits two zero-days
Mirai-based botnet InfectedSlurs has been spotted exploiting two zero-day RCE flaws to compromise routers and video recorder (NVR) devices.
DarkReading
Fake Browser Updates Targeting Mac Systems With Infostealer
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
Ars Technica
Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet
Internet scans show 7,000 devices may be vulnerable. The true number could be higher.
Bleeping Computer
Microsoft: Lazarus hackers breach CyberLink in supply chain attack
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide.
Bleeping Computer
New botnet malware exploits two zero-days to infect NVRs and routers
A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices.
Infosecurity News
Flaw in Apache ActiveMQ Exposes Linux Systems to Kinsing Malware
Identified as CVE-2023-46604, the vulnerability has a CVSS score of 9.8
Bleeping Computer
Open-source Blender project battling DDoS attacks since Saturday
Blender has confirmed that recent site outages have been caused by ongoing DDoS (distributed denial of service) attacks that started on Saturday.
CyberScoop
Researchers want more detail on industrial control system alerts
A vulnerability in an industrial control system exploited by a state-backed hacking group illustrate problems in how vendors share data.
The Hacker News
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
North Korean hackers posing as recruiters infect software developers with cross-platform malware.
Cyber Security News
Hackers Exploiting 0-day RCE Flaws in the Wild to Deploy Mirai Malware
The Mirai botnet is a malicious network of infected computers, routers, and IoT devices harnessed by cybercriminals to launch large-scale DDoS attacks.
SecurityWeek
Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability
Administrators are urged to patch the recent CitrixBleed NetScaler vulnerability as LockBit starts exploiting it.
CyberNews
MacOS targeted by ClearFake malware campaign
A data-stealing program that targets Mac operating systems (OS) is being distributed by means of fake web browser updates.
The Hacker News
ClearFake Campaign Expands to Deliver Atomic Stealer on Mac Systems
macOS users beware! Atomic Stealer, a $1,000/month malware, is now spreading through deceptive web browser updates via ClearFake.
Ars Technica
USB worm unleashed by Russian state hackers spreads worldwide
LitterDrifter's means of self-propagation are simple. So why is it spreading so widely?
The Record
North Korean attack on CyberLink impacted devices around the world, Microsoft says
Microsoft has uncovered a supply chain attack by North Korean hackers who attached a malicious file to a CyberLink photo and video editing application installer.
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
DarkReading
Exploit for Critical Windows Defender Bypass Goes Public
Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.
DarkReading
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers
No one has turned the job market into an attack surface quite like North Korea, which plays both sides for financial gain and, possibly, espionage.
Bleeping Computer
Lumma malware can allegedly restore expired Google auth cookies
The Lumma information-stealer malware (aka 'LummaC2') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts.
Bleeping Computer
Malware dev says they can revive expired Google auth cookies
The Lumma information-stealer malware (aka 'LummaC2') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts.
Bleeping Computer
CISA orders federal agencies to patch Looney Tunables Linux bug
Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions.
Infosecurity News
India Faces Surge in IM App Attacks With Trojan Campaigns
Microsoft highlighted a shift in tactics, with attackers directly sharing malicious APK files
Bleeping Computer
Citrix warns admins to kill NetScaler user sessions to block hackers
Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks.
DarkReading
Kinsing Cyberattackers Target Apache ActiveMQ Flaw to Mine Crypto
Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.
Infosecurity News
Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities
Fortinet researchers have detected a malicious Word document displaying Russian text
Bleeping Computer
DarkGate and Pikabot malware emerge as Qakbot’s successors
A sophisticated phishing campaign pushing the DarkGate malware infections has recently added the PikaBot malware into the mix, making it the most advanced phishing campaign since the Qakbot operation was dismantled.
Infosecurity News
DarkGate and PikaBot Activity Surge in the Wake of QakBot Takedown
DarkGate and PikaBot have been observed as part of phishing campaigns using the same tactics as the ones used by QakBot perpetrators
Cyber Security News
LummaC2 Employs Trigonometry to Track Mouse Movements
MaaS (Malware-as-a-Service) thrives as a top choice for new cyber threats, offering easy access to powerful tools. Threat actors primarily focus on information theft under Maas, specializing in stealing and leaking sensitive data from hacked devices.
The Hacker News
Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals
Play ransomware has turned into Ransomware-as-a-Service (RaaS), allowing other cybercriminals to use it.
Cyber Security News
Hackers Attacking Apache Web Servers to Install Coinminers
An attack campaign that installs XMRig Coinminer on Windows web servers that run on Apache has been discovered recently.
Bleeping Computer
Black Friday deal: Get 50% off Malwarebytes Premium + Privacy VPN
Malwarebytes' is running a Black Friday 2023 deal now through Cyber Monday, offering a 50% discount to the Malwarebytes Premium + Privacy VPN bundle until November 30th.
The Hacker News
New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
New variant of Agent Tesla malware identified. It's a keylogger and remote access trojan (RAT) offered as part of a malware-as-a-service (MaaS) model.
Security Affairs
Experts warn of a surge in NetSupport RAT attacks
Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors.
The Hacker News
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography
Phishing attacks are getting smarter! Cybercriminals are now using QR codes, CAPTCHAs, and steganography to trick victims. Learn how to stay safe.
CyberNews
Appin group legacy: Indian cyber mercenaries will hack for coin
Researchers from SentilenLabs with a high confidence level attributed intrusions in Norway, Pakistan, China, and India to Appin.
Cyber Security News
Hackers Infect Linux Machines with Rootkits via Apache ActiveMQ Vulnerability
Trend Micro researchers recently revealed Apache ActiveMQ vulnerability (CVE-2023-46604) was actively exploited.
The Hacker News
Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits
The Kinsing threat actors are exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency mi
CyberSecurity Dive
SMBs hit by rise in legitimate tool-based attacks
Attackers are moving away from malware and evading detection by abusing remote monitoring and management software, according to Huntress research.
The Hacker News
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users
📱 Alert: Android users in India, beware! Hackers are distributing fake banking and government apps to steal sensitive data like bank info and persona
The Hacker News
Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions
China-linked Mustang Panda cyber actor targets Philippines government entity amid South China Sea tensions.
The Record
Hackers create fake banking apps to steal financial data from Indian users
Researchers have uncovered an ongoing information-stealing campaign targeting customers of Indian banks with mobile malware.
DarkReading
Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw
Threat actors were actively exploiting CVE-2023-36025 before Microsoft patched it in November.
Bleeping Computer
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine
A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group.
DarkReading
Amid Military Buildup, China Deploys Mustang Panda in the Philippines
China pairs cyber and kinetic attacks in the South Pacific as it continues to wrangle control of the South China Sea.
Bleeping Computer
VX-Underground malware collective framed by Phobos ransomware
A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor.
Bleeping Computer
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems.
Infosecurity News
Infostealer Lumma Evolves With New Anti-Sandbox Method
Outpost24 explained the technique relies on trigonometry to discern genuine human behavior
The Hacker News
NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors
Education, government, and businesses are under attack by NetSupport RAT, a dangerous remote access trojan.
The Hacker News
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks
New high-volume phishing campaigns mimic tactics of defunct QakBot trojan, hijacking email threads and using unique URLs to deliver DarkGate & PikaBot
Bleeping Computer
Lumma Stealer malware now uses trigonometry to evade detection
The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.
.webp)
Cyber Security News
LitterDrifter Powershell Worm Rapidly Spreads on USB Drives by Itself
Gamaredon (aka Primitive Bear, ACTINIUM, and Shuckworm), stands out in Russian espionage by exclusively targeting Ukrainian entities.
Security Affairs
APT29 group exploited WinRAR 0day in attacks against embassies
Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks.
SecurityWeek
Russia's LitterDrifter USB Worm Spreads Beyond Ukraine
Russian Gamaredon’s self-propagating LitterDrifter USB worm spreads from Ukraine to the US and other countries.
CyberSecurity Dive
CISA explains how to apply secure-by-design principles
The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting, CISA’s Bob Lord said.
The Hacker News
LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique
New LummaC2 malware uses trigonometry-based tactic to differentiate between users and security systems, evading sandboxes and security analyses.
CyberNews
Most cyberattacks in Russia come from China and North Korea
China and North Korea were behind most of state-sponsored cyberattacks in Russia, according to the country’s security firm Solar.
Security Affairs
DarkCasino joins the list of APT groups exploiting WinRAR 0day
The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831.
The Hacker News
Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years
Indian Hack-for-Hire Group targeted U.S., China, Pakistan, and more for over a decade.
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Security Affairs
Security Affairs newsletter Round 446 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
8Base ransomware operators use a variant of Phobos ransomware
8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks.
Cyber Security News
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
Security Affairs
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
DarkReading
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks
For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enforcement, and others.
DarkReading
Actions to Take to Defeat Initial Access Brokers
Initial access brokers (IAB) are often difficult to track. This Tech Tip spells out some countermeasures enterprises need to defend against stolen credentials.
The Hacker News
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware
Operation SEO#LURKER: Cybercriminal are using fake Google ads to trick users searching for software into downloading malware.
SecurityWeek
Researchers Dive Into Activities of Indian Hack-for-Hire Firm Appin
Researchers uncover the activities of Appin, a hack-for-hire Indian firm involved in espionage, surveillance, and disruptive attacks.
Cyber Security News
FBI Shares Tactics & Techniques Used by Scattered Spider Hacker Group
Recently, the FBI and CISA issued a joint Cybersecurity Advisory (CSA) on Scattered Spider threat actors targeting commercial facilities.
-1-1.webp)
Cyber Security News
Malware Discovered in Kids' Tablet steals sensitive data
In the ever-expanding market of Android devices, the allure of budget-friendly options can sometimes conceal unforeseen risks.
CyberSecurity Dive
Threat actors behind Las Vegas casino attacks are social-engineering mavens
Scattered Spider threat actors are attacking large companies and their IT help desks to steal data for extortion, according to federal cyber authorities.
CyberSecurity Dive
FCC proposes 3-year cybersecurity pilot for schools, libraries
The agency will seek public comment on the proposal, which will explore how the Universal Service Fund can support school and library cyber concerns.
Infosecurity News
Black Friday: Scammers Exploit Luxury Brands to Lure Victims
Check Point Research say these latest luxury brand scams are a wake-up call for shoppers to stay vigilant online
The Hacker News
27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts
Beware of fake Python libraries! 27 malicious packages found on PyPI, disguised as legitimate ones.
Ars Technica
Ransomware group reports victim it breached to SEC regulators
Group tells SEC that the victim is in violation for not reporting it was hacked.
Bleeping Computer
FBI shares tactics of notorious Scattered Spider hacker collective
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation..
Bleeping Computer
MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet
MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals.
The Hacker News
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
Zero-day flaw ( CVE-2023-37580) in Zimbra Collaboration email software was exploited by 4 groups, exposing email data and credentials.
Bleeping Computer
How DDoS attacks are taking down even the largest tech companies
DDoS attacks are increasingly taking down even the largest tech companies. Learn more Specops Software on these types of attacks and how you can protect your devices from being recruited into botnets.
Cyber Security News
ChatGPT for Malware Analysis: Enhancing GPT’s Ability to Guide Malware Analyst
GPT excels in verbal thinking, skillfully choosing precise words for optimal responses. Understanding this key property is crucial, as much of its subsequent behavior stems from this ability.
The Hacker News
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw
DarkCasino: From Zero-Day Exploit to APT Threat! Cybersecurity experts classify DarkCasino as a powerful APT group after exploiting a WinRAR flaw
SecurityWeek
Administrator of Darkode Hacking Forum Sentenced to Prison
Thomas McCormick, aka fubar, an administrator of the Darkode hacking forum, has been sentenced to 18 months in prison.
Infosecurity News
Black Friday: Malwarebytes Warns of Credit Card Skimming Surge
The Kritec campaign shows similarities with previous Magecart skimming techniques
The Hacker News
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks
U.S. agencies warn of Rhysida ransomware double extortion attacks on multiple industries, including education, manufacturing and IT.
CyberNews
Hive reborn: new ransomware group emerges from the ashes
Hive lost its aura in January 2023, when the FBI and other law enforcement agencies in Germany penetrated Hive’s computer network.
CyberNews
Toyota Financial Services attack claimed by Medusa ransomware
Toyota Financial Services suffered a cyberattack with Medusa ransomware claiming the breach.
Cyber Security News
Best Network Security Vendors for SaaS - 2024
Best Network Security Vendors for SaaS : 1. Perimeter 81 2. Palo Alto Networks 3. Fortinet 4. Symantec 5. Check Point 6. McAfee 7. Okta.
Cyber Security News
OracleIV: Dockerized Botnet Launches DDoS Attack Against Docker Engine
Hackers use networks of compromised computers (botnets) to generate massive traffic, disrupting the target's normal functioning by overloading its resources. The goal is to make a website or online service inaccessible to legitimate users.
Bleeping Computer
Toronto Public Library confirms data stolen in ransomware attack
The Toronto Public Library (TPL) confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack.
CyberNews
Henry Schein data breach: banking details exposed
Henry Schein confirms an October data breach, claimed by APLHV/BlackCat ransom group, and reveals that customer bank account and credit card numbers were likely exposed.
The Hacker News
U.S. Takes Down IPStorm Botnet, Russian-Moldovan Mastermind Pleads Guilty
U.S. Government Dismantles Global IPStorm Botnet Network! From Windows to Linux, Mac, and Android, the botnet turned infected devices into proxies for
Cyber Security News
FBI Dismantled Notorious IPStorm Botnet Infrastructure
The FBI has achieved a remarkable feat in the fight against cybercrime, dismantling the infamous IPStorm botnet network.
Bleeping Computer
Fraud researchers impersonated on X to push crypto-stealing sites
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
Bleeping Computer
Fraudsters make $50,000 a day by spoofing crypto researchers
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
Infosecurity News
ALPHV/BlackCat Ransomware Gang Targets Businesses Via Google Ads
Nitrogen serves as initial-access malware, using obfuscated Python libraries for stealth
SecurityWeek
US Announces IPStorm Botnet Takedown and Its Creator's Guilty Plea
US government announces the takedown of the IPStorm proxy service botnet and the guilty plea of its creator, a Russian/Moldovan national.
Latest Hacking News
Atlassian Confluence Vulnerabilities Exploited To Deploy Effluence Backdoor
Researchers have found a new malware exploiting Atlassian Confluence vulnerabilities. Identified as Effluence, the new malware is a backdoor that chains a known vulnerability with a newly reported security flaw affecting Atlassian Confluence servers. Once
Cyber Security News
Hackers Deliver Weaponized LNK Files Through Legitimate Websites
Hackers may exploit LNK files to deliver malicious payloads by disguising them as legitimate shortcuts, and execution of malicious code.
Security Affairs
Law enforcement agencies dismantled botnet proxy service IPStorm
The Federal Bureau of Investigation (FBI) dismantled the infrastructure behind the illegal botnet proxy service IPStorm.
SecurityWeek
State-Backed Hackers a Threat to Australia, Agency Warns
The Australian Signals Directorate singled out Russia and China as among the country's greatest cyber threats in its latest threat report.
Infosecurity News
Microsoft Fixes Five Zero-Day Vulnerabilities
Patch Tuesday includes fixes for three actively exploited bugs
Security Affairs
Gamblers’ data compromised after casino giant Strendus fails to set password
Mexican online casino Strendus has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling.
CyberNews
FBI dismantles IPStorm botnet, operator arrested
FBI dismantled IPStorm botnet, its Russian-Moldovan operator plead guilty.
Bleeping Computer
IPStorm botnet with 23,000 proxies for malicious traffic dismantled
The U.S. Department of Justive announced today that Federal Bureau of Investigation took down the network and infrastructure of a botnet proxy service called IPStorm.
The Record
Nearly two dozen Danish energy companies hacked through firewall bug in May
Denmark's critical infrastructure experienced the largest cyberattack in the country's history this spring, with 22 energy companies breached in just a few days, according to a new report from one of the country’s top cyber agencies.
The Record
CISA adds three Microsoft Patch Tuesday bugs to vulnerability list
The top cybersecurity agency in the U.S. warned that hackers are exploiting three vulnerabilities disclosed by Microsoft on Tuesday.
DarkReading
Google Goes After Scammers Abusing Its Bard AI Chatbot
A pair of lawsuits are part of a wider strategy to establish guardrails preventing AI-powered scams, frauds, and harassment, Google's general counsel says.
.jpg)
DarkReading
Royal Ransom Demands Exceed $275M, Rebrand in Offing
The swift-moving ransomware crew continues to evolve quickly and has already attacked more than 350 victims since it was first detected just over a year ago.
Cyber Security News
10 Best Network Security Companies For CISO - 2024
Best Network Security Companies for CISO: 1. Perimeter81 2. Palo Alto Networks 3. Cisco 4. Check Point 5. IBM 6. Crowdstrike 7. Trend Micro.
SecurityWeek
MySQL Servers, Docker Hosts Infected With DDoS Malware
Researchers warn attackers are targeting MySQL servers and Docker hosts to plant malware capable of launching distributed DDoS attacks.
Cyber Security News
McLaren Health Care Hacked: Attackers Claim 6 TB of Patient Data Stolen
McLaren Health Care was hacked 2.2 million individual data were breached after the attack of 6TB of Patient records in August.
CyberNews
Pro-Hamas cybergang develops complex infection tactics with new downloader
A threat actor targeting West Asian governments now uses a labyrinthine infection chain based on delivering a new initial access downloader dubbed IronWind
SecurityWeek
Google Suing Cybercriminals Who Delivered Malware via Fake Bard Downloads
Google files a lawsuit against cybercriminals who delivered account-hijacking malware by offering fake Bard AI downloads.
Cyber Security News
Stealc Malware Steals Passwords & Credit Cards From Chrome & Firefox
Cybersecurity researcher, Aziz Farghly recently discovered an infostealer, "Stealc." Plymouth has promoted Stealc, a new non-resident stealer
CyberNews
Gamblers’ data compromised after casino giant fails to set password
One of the biggest online casinos in Mexico has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling.
The Hacker News
Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
Publicly-accessible Docker Engine API instances are under attack! Threat actors aim to create a DDoS botnet called OracleIV.
Infosecurity News
Pro-Palestine APT Group Uses Novel Downloader in New Campaign
TA402 launches new targeted phishing campaigns
Infosecurity News
Royal Ransomware Gang Demands $275m in a Year
CISA highlights links to newer Blacksuit variant
The Hacker News
New Campaign Targets Middle East Governments with IronWind Malware
Government entities in the Middle East are under attack by a new phishing campaign employing the IronWind downloader.
The Hacker News
Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers
Vietnamese hackers behind Ducktail malware launch a new campaign targeting Indian marketing pros.
Trend Micro
A Closer Look at ChatGPT's Role in Automated Malware Creation
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.
The Record
FBI takes down IPStorm malware botnet as hacker behind it pleads guilty
The FBI dismantled the IPStorm botnet proxy network and its infrastructure this week following a September plea deal with the hacker behind the operation.
The Record
Cyber-espionage operation on embassies linked to Russia’s Cozy Bear hackers
Targets in Azerbaijan and Italy bore the brunt of the operation by the Kremlin-backed hackers of APT29, also known as Cozy Bear, according to Ukraine's National Cyber Security Coordination Center.
The Record
Tom Tugendhat criticizes fake AI attempts to ‘besmirch’ Keir Starmer and Sadiq Khan
Tom Tugendhat, Britain’s minister of state for security — and a Conservative Party politician — decried on Tuesday AI-generated fake audio clips that intended to damage the reputations of high-profile opposition politicians in the United Kingdom.
DarkReading
'Hunters International' Cyberattackers Take Over Hive Ransomware
Hunters International appears to have acquired Hive ransomware from its original operators and may be seeking to cash in on the malware's reputation.
Bleeping Computer
Ethereum feature abused to steal $60 million from 99K victims
Malicious actors have been abusing Ethereum's 'Create2' function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months.
Bleeping Computer
FBI: Royal ransomware asked 350 victims to pay $275 million
The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022.
DarkReading
Ducktail Malware Targets the Fashion Industry
Threat actors distributed an archive containing images of new products by major clothing companies, along with a malicious executable disguised with a PDF icon.
Infosecurity News
Information-Stealing Malware Escalates in Online Gaming
A report by Sekoia.io shed light on a targeted campaign using Discord and fake download websites
Bleeping Computer
Israel warns of BiBi wiper attacks targeting Linux and Windows
Data-wiping attacks are becoming more frequent on Israeli computers as researchers discovered variants of the BiBi malware family that destroys data on both Linux and Windows systems.
Infosecurity News
Python Malware Poses DDoS Threat Via Docker API Misconfiguration
Cado Security Labs said the bot agent exhibited various methods for conducting DDoS attacks
Latest Hacking News
WhatsApp Enhances Call Security With Location Hiding, Unknown Call Block
Stepping ahead to enhance users’ privacy, WhatsApp improvises its call feature security by launching two new features. These features facilitate users in hiding their location during calls and block calls from unknown numbers. WhatsApp Rolls Out
SecurityWeek
Ransomware Group RansomedVC Closes Shop
Ransomware and data extortion collective RansomedVC announces shut down, sells operation’s infrastructure.
Cyber Security News
BiBi Wiper Attacking Windows Machine to Cause Data Destruction
The ongoing conflict between Israel and Hamas has taken a new turn as cyberattacks have become a prominent weapon for both sides.
The Hacker News
New Ransomware Group Emerges with Hive's Source Code and Infrastructure
A new ransomware group, Hunters International, has taken over the reins from Hive, acquiring its source code and infrastructure.
SecurityWeek
Operations at Major Australian Ports Significantly Disrupted by Cyberattack
A cyberattack on Australian shipping giant DP World, which may have been a ransomware attack, has resulted in serious disruptions at major ports.
The Hacker News
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations
Chinese nation-state hackers are targeting 24 Cambodian government organizations in a long-term espionage campaign.
The Hacker News
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks
Researchers warn of BiBi-Windows Wiper, a dangerous Windows version of a wiper malware used in cyber attacks on Israel.
Bleeping Computer
LockBit ransomware leaks gigabytes of Boeing data
The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that services commercial airplanes and defense systems.
Bleeping Computer
Iranian hackers launch malware attacks on Israel’s tech sector
Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms.
Cyber Security News
Best Security Solutions for Marketers - 2024
Best security solutions for Marketers: 1. Perimeter 81 2. Surfshark3. Private Internet Access 4. Malwarebytes 5. CyberGhost 6. GoodAccess
The Hacker News
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers
Lazarus Group's sub-cluster, Sapphire Sleet, is now impersonating skills assessment portals in social engineering campaigns targeting IT job seekers
Cyber Security News
10 Best Digital Forensic Investigation Tools - 2024
Best Free Digital Forensic Tools: 1. Sleuth Kit (+Autopsy) 2. Forensic Investigator 3.Autopsy 4. Dumpzilla 5. X-Ways Forensics.
.webp)
Cyber Security News
Hackers Trick Windows Users With Malicious Ads to Deliver Malware
Cybersecurity researchers at Malwarebytes recently identified a malicious campaign that mimics the WindowsReport.com portal.
Cyber Security News
MOVEit Hackers Turn to SysAid Servers Zero-Day Vulnerability
SysAid disclosed a zero-day which was affecting on-premises SysAid servers. The vulnerability was found to be a path traversal vulnerability.