Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Experts warn of a surge in NetSupport RAT attacks
Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors.
The Hacker News
NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors
Education, government, and businesses are under attack by NetSupport RAT, a dangerous remote access trojan.
Cyber Security News
TA571 Hacker Group Deliver IcedID Malware Via Password-protected Zip Archive
cybersecurity researchers at Proofpoint discovered two malicious campaigns in which TA571 was found spreading the Forked IcedID variant
Cyber Security News
Hackers Infect Windows Users with Weaponized MSIX App Packages
MSIX packages can be distributed & installed without administrative privileges, allowing malicious software to traditional security controls.
CSO
New malware campaign uses MSIX packages to infect Windows PCs
The Ghostpulse loader, injected through MSIX packages, is a stealthy dropper that avoids detection by the victim’s scanners.
The Hacker News
Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Maware
Cyber criminals are using fake MSIX Windows app packages of popular software to deliver GHOSTPULSE malware loader
The DFIR Report
Netsupport Intrusion Results in Domain Compromise - The DFIR Report
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report … Read More
The Hacker News
Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware
Beware of the latest macOS threat! A new malvertising campaign is actively spreading Atomic Stealer malware, targeting gamers and crypto users.
SecurityWeek
'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign
A malware named Atomic macOS Stealer (AMOS) has been delivered to users via a Google malvertising campaign.
Infosecurity News
Four in Five Cyber-Attacks Powered by Just Three Malware Loaders
ReliaQuest found that 80% of cyber intrusion campaigns used either QakBot, SocGholish or Raspberry Robin
-1.webp)
Cyber Security News
Hackers Use Weaponized LNK Files to Exploit Microsoft Connection Manager Profile
Threat actors have shifted from using malicious macros to malicious LNK files for initial access. This is due to Microsoft's announcement in 2022 to disable macros by default for Office documents downloaded from unknown sources or the internet.
.webp)
Cyber Security News
Threat and Vulnerability Roundup for the week of August 13th to 19th
Welcome to Cyber Writes' weekly Threat and Vulnerability Roundup, where we provide the most recent information on cybersecurity news. Take advantage of our extensive coverage and keep yourself updated.
Infosecurity News
Google Fixes 26 Bugs Amid Fake Update Warning
Chrome 116 update fixes eight critical flaws
Cyber Security News
Hackers Use Fake Update Page Mimicking Victim's Browser to Deliver NetSupport RAT
Threat actors deliver NetSupport RAT through a new campaign called Fake SG which could rival with SocGholish.
Cyber Security News
APT28 Hackers Deploy Malware on Cisco Routers Via Unpatched Vulnerabilities
a Russian state-sponsored group that is found actively deploying the 'Jaguar Tooth,' a custom malware on Cisco IOS routers
The Hacker News
Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service
Beware of OpcJacker! This stealthy #malware is targeting users through fake websites, promising VPN services and more.
Trend Micro
New OpcJacker Malware Distributed via Fake VPN Malvertising
We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022.
Infosecurity News
Threat Actors Spread RAT Via Pokemon NFT Card Site
Phishing page lures unsuspecting users into installing remote access malware
Bleeping Computer
Hackers push fake Pokemon NFT game to take over Windows devices
Threat actors are using a well-crafted Pokemon NFT card game website to distribute the NetSupport remote access tool and take control over victims' devices.
The DFIR Report
Follina Exploit Leads to Domain Compromise
In early June 2022, we observed an intrusion where a threat actor gained initial access by exploiting the CVE-2022-30190 (Follina) vulnerability which triggered a Qbot infection chain.
The Hacker News
Hackers Using Fake DDoS Protection Pages to Distribute Malware
Researchers uncover a widespread campaign in which hackers use compromised WordPress sites to display fraudulent Cloudflare DDoS protection pages.
DarkReading
Fake DDoS Protection Alerts Distribute Dangerous RAT
Security vendor Sucuri says adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks.
SecurityWeek
Fake DDoS Protection Prompts on Hacked WordPress Sites Deliver RATs
Sucuri has observed a surge in JavaScript injections in WordPress sites, resulting in fake DDoS protection prompts that trick victims into downloading remote access trojans (RATs).
Infosecurity News
DDoS Protection Weaponized to Deliver RATs
New campaign disguised as fake Cloudflare pop-up
Security Affairs
Fake DDoS protection pages on compromised WordPress sites lead to malware infections
Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. DDoS Protection pages are associated with browser checks performed by WAF/CDN services which verify if the site visitor is a human or a bot. Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages […]
Bleeping Computer
WordPress sites hacked with fake Cloudflare DDoS alerts pushing malware
WordPress sites are being hacked to display fake Cloudflare DDoS protection pages to distribute malware that installs the NetSupport RAT and the RaccoonStealer password-stealing Trojan.
The DFIR Report
SANS Ransomware Summit 2022, Can You Detect This?
This report is a companion to the SANS Ransomware Summit 2022 “Can You Detect This” presentation today 6/16/22 @ 14:40 UTC (10:40 AM ET). The 2021 Year In Review report … Read More
Bleeping Computer
Malicious web redirect service infects 16,500 sites to push malware
A new TDS (Traffic Direction System) operation called Parrot has emerged in the wild, having already infected servers hosting 16,500 websites of universities, local governments, adult content platforms, and personal blogs.
ThreatPost
Microsoft Exchange Server Bugs Exploited by 'Cuba' Ransomware Gang
The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs – including crooks' favorites, ProxyShell and ProxyLogon – as initial infection vectors.
Bleeping Computer
Microsoft Exchange servers hacked to deploy Cuba ransomware
The Cuba ransomware operation is exploiting Microsoft Exchange vulnerabilities to gain initial access to corporate networks and encrypt devices.