Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Hacker News
Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks
Threat actor Konni, potentially tied to North Korea, deploys RAT in cyber espionage using Russian Word doc, exploiting WinRAR flaw.
Security Affairs
APT29 group exploited WinRAR 0day in attacks against embassies
Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks.
Infosecurity News
Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit
Threat group may be looking for intel on Azerbaijan
Security Affairs
DarkCasino joins the list of APT groups exploiting WinRAR 0day
The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831.
Bleeping Computer
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
The Hacker News
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw
DarkCasino: From Zero-Day Exploit to APT Threat! Cybersecurity experts classify DarkCasino as a powerful APT group after exploiting a WinRAR flaw
The Record
Cyber-espionage operation on embassies linked to Russia’s Cozy Bear hackers
Targets in Azerbaijan and Italy bore the brunt of the operation by the Kremlin-backed hackers of APT29, also known as Cozy Bear, according to Ukraine's National Cyber Security Coordination Center.
Cyber Security News
SideCopy APT group Exploiting WinRAR Zero-Day to Deliver Ares RAT
SideCopy, the Pakistani-based threat actor, has been using the WinRAR vulnerability (CVE-2023-38831) to target Indian government entities.
The Hacker News
SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities
Pakistani threat actor SideCopy exploiting recent WinRAR vulnerability in attacks on Indian government entities.
Bleeping Computer
Windows 11 adds support for 11 file archives, including 7-Zip and RAR
Microsoft says Windows 11 22H2 now natively supports almost a dozen additional archive formats, including RAR, 7-Zip, Tar, and GZ archives.
Bleeping Computer
France says Russian state hackers breached numerous critical networks
The Russian APT28 hacking group (aka 'Strontium' or 'Fancy Bear') has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021.
DarkReading
Patch Now: APTs Continue to Pummel WinRAR Bug
State-sponsored cyberespionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint.
The Hacker News
Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw
Google TAG security experts uncover Russian and Chinese state-backed threat actors exploiting WinRAR vulnerability (CVE-2023-38831)
SecurityWeek
Three Months After Patch, Gov-Backed Actors Exploiting WinRAR Flaw
Google says it is still catching government-backed groups linked to China and Russia launching WinRAR exploits in targeted attacks.
Bleeping Computer
Google links WinRAR exploitation to multiple state hacking groups
Google says multiple state-backed hacking groups are gaining arbitrary code execution on targets' systems by exploiting a high-severity vulnerability in WinRAR, a compression software with over 500 million users.
Bleeping Computer
Google links WinRAR exploitation to Russian, Chinese state hackers
Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems.
CyberScoop
Russian hackers offered phony drone training to exploit WinRAR vulnerability
Despite an August patch, Russian and Chinese state-backed hackers are using a vulnerability in the popular software to carry out espionage.
The Record
Russia and China-linked hackers exploit WinRAR bug
Hackers connected to the governments of Russia and China are allegedly using a vulnerability in a popular Windows tool to attack targets around the world, including in Ukraine and Papua New Guinea.
The Record
Pro-Ukraine group says it took down Trigona ransomware website
The Ukrainian Cyber Alliance hacktivism group says it wiped out the Trigona gang's servers, defaced its website and exfiltrated data about the operation.
The Record
Clearview AI wins appeal to overturn $10 million UK privacy fine
A U.K. tribunal determined that facial recognition company Clearview AI's activities were 'beyond the material scope' of Europe's General Data Protection Regulation.
The Hacker News
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign
WinRAR users, be alert! Pro-Russian hackers exploited a recent vulnerability in the software. Ensure your version is updated!
Cyber Security News
Threat Actors Employ Remote Admin Tools to Gain Access over Corporate Networks
Cybersecurity researchers at CRIL (Cyble Research and Intelligence Labs) noted a campaign targeting Russian users, where threat actors created phishing sites mimicking restricted apps
Bleeping Computer
Windows 11 ‘Moment 4’ update released, here are the many new features
Microsoft has released the Windows 11 22H2 'Moment 4' update, bringing 150 new features, including new AI-powered versions of Paint, ClipChamp, Snipping tool, and the new Microsoft Copilot.
The Hacker News
Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with VenomRAT
A malicious actor tried to trick users with a fake WinRAR PoC exploit on GitHub, aiming to infect them with VenomRAT malware. Learn more:
Bleeping Computer
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware.
-1.webp)
Cyber Security News
Konni APT Exploits WinRAR Vulnerability To Attack Financial & Crypto Industries
Konni, a North Korean APT group, launched the first attack against the cryptocurrency industry, exploiting a recently found WinRAR vulnerability.
SecurityWeek
'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign
A malware named Atomic macOS Stealer (AMOS) has been delivered to users via a Google malvertising campaign.
The Hacker News
Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure
Ukraine's CERT-UA fends off a cyberattack on a critical energy infrastructure. Learn how a phishing email led to an infiltration attempt by APT28.
Latest Hacking News
Hackers Exploited WinRAR Zero-Day To Target Traders
Days after fixing the vulnerability, details have surfaced online about a WinRAR zero-day vulnerability that went under attack. The researchers noticed active exploitation of the vulnerability to target traders. While the patch has already arrived,
Cyber Security News
Threat and Vulnerability Roundup for the week of August 20th to 26th
Critical flaws, exploits, and recent techniques for attacking have all been highlighted. We also offer the most latest software upgrades to keep your devices safe.
SecurityWeek
In Other News: Africa Cybercrime Crackdown, Unpatched macOS Flaw, Investor Disclosures
Cybersecurity news on Africa cybercrime, unpatched macOS vulnerabilities, investor cyber disclosures, and SentinelOne sale
Naked Security
S3 Ep149: How many cryptographers does it take to change a light bulb?
Latest episode – listen now! Full transcript inside…
The Hacker News
WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders
The recent WinRAR vulnerability was exploited as a zero-day since April to compromise traders' devices and withdraw money.
SecurityWeek
Traders Targeted by Cybercriminals in Attack Exploiting WinRAR Zero-Day
A financially motivated cybercrime group has exploited a WinRAR zero-day to deliver malware to traders and steal their money.
Naked Security
Using WinRAR? Be sure to patch against these code execution bugs…
Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead…
Ars Technica
WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April
Vulnerability allows hackers to execute malicious code when targets open malicious ZIP files.
Infosecurity News
WinRAR Vulnerability Affects Traders Worldwide
Group-IB said cyber-criminals used the flaw to create archives packaged with DarkMe, GuLoader and Remcos RAT
Bleeping Computer
WinRAR zero-day exploited since April to hack trading accounts
A WinRar zero-day vulnerability tracked as CVE-2023-38831 was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts.
The Hacker News
New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC
A high-severity flaw ( CVE-2023-40477) in WinRAR could let hackers remotely run code on Windows systems
-1-1.webp)
Cyber Security News
WinRAR Flaw Let Attackers Execute Remote Code: Update Now!
An arbitrary code execution vulnerability was discovered in WinRAR which can be exploited by opening a specially crafted RAR file.
Latest Hacking News
WinRAR Security Flaw Could Allow Command Execution
Heads up, WinRAR users! It’s time to update your systems with the latest WinRAR version to avoid security risks. The developers have patched a severe security flaw in WinRAR that could allow remote code execution
Security Affairs
Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Over 3,000 Android Malware spotted using unsupported/unknown compression methods to avoid detection WinRAR flaw enables remote […]
Security Affairs
WinRAR flaw enables remote code execution of arbitrary code
A flaw impacting the file archiver utility for Windows WinRAR can allow the execution of commands on a computer by opening an archive. WinRAR is a popular file compression and archival utility for Windows operating systems. The utility is affected by a now-fixed high-severity vulnerability, tracked as CVE-2023-40477 (CVSS score 7.8), that can allow remote […]
Bleeping Computer
WinRAR flaw lets hackers run programs when you open RAR archives
A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive.
Trend Micro
Latest Batloader Campaigns Use Pyarmor Pro for Evasion
In June 2023, Trend Micro observed an upgrade to the evasion techniques used by the Batloader initial access malware, which we’ve covered in previous blog entries.
Bleeping Computer
Hackers use new malware to breach air-gapped devices in Eastern Europe
Chinese state-sponsored hackers have been targeting industrial organizations with new malware that can steal data from air-gapped systems.
Cyber Security News
What are the Hidden Dangers of .zip Domains and How Can they Mislead Users?
Cybercriminals have already begun using.zip names to trick people into believing they are downloadable files rather than URLs.
Security Affairs
Beware of the new phishing technique “file archiver in the browser” that exploits zip domains
“file archiver in the browser” is a new phishing technique that can be exploited by phishers when victims visit a .ZIP domain. A new phishing technique called “file archiver in the browser” can be used by phishers to “emulate” a file archiver software in a web browser when a victim visits a .ZIP domain. The […]
The Hacker News
Don't Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims
A new phishing technique called "file archiver in the browser" has emerged.
Bleeping Computer
Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains
A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files.
Bleeping Computer
Windows 11 getting native support for 7-Zip, RAR, and GZ archives
Microsoft is adding native support for RAR, 7-Zip, and GZ archives to an upcoming version of Windows 11 expected this week.
Security Affairs
Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs
The Lancefly APT group is using a custom powerful backdoor called Merdoor in attacks against organizations in South and Southeast Asia. Symantec researchers reported that the Lancefly APT group is using a custom-written backdoor in attacks targeting organizations in South and Southeast Asia, as part of a long-running campaign. The highly-targeted attacks aim at organizations […]
Bleeping Computer
Stealthy MerDoor malware uncovered after five years of attacks
A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia.
The Hacker News
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
Ukraine's CERT-UA warns of RoarBAT wiper malware causing destructive attacks on state organizations, and invoice-themed phishing campaigns.
Security Affairs
Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by […]
Security Affairs
Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector
CERT-UA is warning of destructive cyberattacks conducted by the Russia-linked Sandworm APT group against the Ukraine public sector. Russia-linked APT group Sandworm is behind destructive cyberattacks against Ukrainian state networks, the Ukrainian Government Computer Emergency Response Team (CERT-UA) warns. The Sandworm group (aka BlackEnergy, UAC-0082, Iron Viking, Voodoo Bear, and TeleBots) has been active since 2000, it operates under the control […]
Bleeping Computer
Russian hackers use WinRAR to wipe Ukraine state agency’s data
The Russian 'Sandworm' hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices.
DarkReading
Lazarus Group's 'DeathNote' Cluster Pivots to Defense Sector
Usually focused on going after cryptocurrency organizations, the threat actor has begun targeting defense companies around the world.
The Hacker News
Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks
Researchers uncover a new attack technique involving malicious SFX files! These files can hide hidden functionality, enabling persistent backdoor.
Bleeping Computer
WinRAR SFX archives can run PowerShell without being detected
Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system.
Bleeping Computer
WinRAR SFX archives can run PoweShell without being detected
Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system.
Security Affairs
Updates from the MaaS: new threats delivered through NullMixer
A technical analysis of NullMixer malware operation revealed Italy and France are the favorite European countries from the attackers’ perspective. Executive Summary Introduction During March 2023, we obtained information and data regarding an ongoing malware operation hitting more than 8.000 targets within a few weeks, with a particular emphasis on North American, Italian, and French […]
Security Affairs
Technical analysis of China-linked Earth Preta APT’s infection chain
China-linked Earth Preta cyberespionage group has been observed adopting new techniques to bypass security solutions. Trend Micro researchers reported that the China-linked Earth Preta group (aka Mustang Panda) is actively changing its tools, tactics, and procedures (TTPs) to bypass security solutions. Earth Preta, also known as “RedDelta” or “Bronze President,” has been active since at least […]
Trend Micro
Earth Preta Updated Stealthy Strategies
After months of investigation, we found that several undisclosed malware and interesting tools used for exfiltration purposes were being used by Earth Preta. We also observed that the threat actors were actively changing their tools, tactics, and procedures (TTPs) to bypass security solutions. In this blog entry, we will introduce and analyze the other tools and malware used by the threat actor.
Cyber Security News
100 Best Free Red Team Tools - 2023
Free Red Team Tools: We are bringing here a collection of open-source and commercial Tools that aid in red team operations.
Trend Micro
Earth Zhulong Familiar Patterns Target Southeast Asian Firms
In 2022, we discovered Earth Zhulong, a hacking group that has been targeting Asian firms similar to another well-known threat actor. In this article, we unravel their new tactics, techniques and procedures that they apply on their misdeeds.
Trend Micro
Earth Zhulong Familiar Patterns Target Vietnam
In 2022, we discovered Earth Zhulong, a hacking group that has been targeting Vietnam's telecom, technology, and media sectors similar to another well-known threat actor. In this article, we unravel their new tactics, techniques and procedures that they apply on their misdeeds.
DarkReading
Convincing, Malicious Google Ads Look to Lift Password Manager Logins
Users searching for Bitwarden and 1Password's Web vaults on Google have recently reported seeing paid ads with links to cleverly spoofed sites for stealing credentials to their password vaults.
Bleeping Computer
Ransomware access brokers use Google ads to breach your network
A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords, and ultimately breach networks for ransomware attacks.
Bleeping Computer
Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner
Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results.
Bleeping Computer
Hackers turn to Google search ads to push info-stealing malware
Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results.
Trend Micro
Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks
We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader).
Bleeping Computer
Hackers target Android users with fake Shagle video-chat app
The StrongPity APT hacking group is distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor.
Bleeping Computer
StrongPity hackers target Android users via trojanized Telegram app
The StrongPity APT hacking group is distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor.
Security Affairs
Chinese MirrorFace APT group targets Japanese political entities
A Chinese-speaking APT group, tracked as MirrorFace, is behind a spear-phishing campaign targeting Japanese political entities. ESET researchers recently discovered a spear-phishing campaign targeting Japanese political entities and attributed it to the Chinese-speaking APT group tracked as MirrorFace. The experts tracked the campaign as Operation LiberalFace, it aimed at Japanese political entities, especially the members of […]
SecurityWeek
Chinese Cyberspies Targeted Japanese Political Entities Ahead of Elections
Chinese cyberespionage group MirrorFace was observed targeting Japanese political entities ahead of July 2022 elections.
The Hacker News
Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities
Chinese MirrorFace APT hacker group is blamed for a malicious campaign targeting Japanese political entities.
Bleeping Computer
Hackers target Japanese politicians with new MirrorStealer malware
A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named 'MirrorStealer.'
Trend Micro
Earth Preta Spear-Phishing Governments Worldwide
We break down the cyberespionage activities of advanced persistent threat (APT) group Earth Preta, observed in large-scale attack deployments that began in March. We also show the infection routines of the malware families they use to infect multiple sectors worldwide: TONEINS, TONESHELL, and PUBLOAD.
DarkReading
China-Based Billbug APT Infiltrates Certificate Authority
Access to digital certificates would allow the Chinese-speaking espionage group to sign its custom malware and skate by security scanners.
Ars Technica
State-sponsored hackers in China compromise certificate authority
Active in dozens of advanced hacks since 2009, Billbug is still going strong.
Infosecurity News
Billbug Targets Government Agencies in Multiple Asian Countries
According to Symantec, the targeting of a certificate authority was notable
Cyber Security News
Billbug - APT Hackers Group Attack Digital Cert Authority to Intercept The HTTPS Traffic
Researchers uncovered that State-Sponsors APT hackers called "Billbug" attacked and compromise the digital certificate authority
SecurityWeek
Chinese Cyberespionage Group 'Billbug' Targets Certificate Authority
Chinese state-sponsored threat actor Billbug has been observed targeting a certificate authority and defense and government entities in Asia.
Security Affairs
China-linked APT Billbug breached a certificate authority in Asia
A suspected China-linked APT group breached a digital certificate authority in Asia as part of a campaign aimed at government agencies since March 2022. State-sponsored actors compromised a digital certificate authority in a country in Asia as part of a cyber espionage campaign aimed at multiple government agencies in the region, Symantec warns. Symantec attributes […]
The Hacker News
Researchers Say China State-backed Hackers Breached a Digital Certificate Authority
A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies in Asia.
Bleeping Computer
Chinese hackers target government agencies and defense orgs
The Chinese espionage APT (advanced persistent threat), tracked as 'Billbug' (aka Thrip, or Lotus Blossom), is currently running a 2022 campaign targeting government agencies and defense organizations in multiple Asian countries.
Bleeping Computer
Hackers exploit critical VMware flaw to drop ransomware, miners
Security researchers observed malicious campaigns leveraging a critical vulnerability in VMware Workspace One Access to deliver various malware, including the RAR1Ransom tool that locks files in password-protected archives.
Bleeping Computer
Hackers exploit critical VMware flaw to drop ransomware, miners
Security researchers observed malicious campaigns leveraging a critical vulnerability in VMware Workspace One Access to deliver various malware, including the RAR1Ransom tool that locks files in password-protected archives.
Bleeping Computer
Hackers stole data from US defense org using Impacket, CovalentStealer
The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector.
Bleeping Computer
US Govt: Hackers stole data from US defense org using new malware
The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector.
Trend Micro
Play Ransomware's Attack Playbook Unmasks it as Another Hive Affiliate like Nokoyawa
Play is a new ransomware that takes a page out of Hive and Nokoyawa's playbook. The many similarities among them indicate that Play, like Nokoyawa, may be a Hive affiliate.
SecurityWeek
UnRAR Vulnerability Exploited in the Wild, Likely Against Zimbra Servers
A recently patched UnRAR vulnerability is being exploited in the wild, most likely against Zimbra email servers.
The DFIR Report
SELECT XMRig FROM SQLServer
In March 2022, we observed an intrusion on a public-facing Microsoft SQL Server. The end goal of this intrusion was to deploy a coin miner.
Security Affairs
Clipminer Botnet already allowed operators to make at least $1.7 Million
The Clipminer botnet allowed operators to earn at least $1.7 million, according to a report published by security researchers at Symantec. Researchers at Symantec’s Threat Hunter Team uncovered a cryptomining operation that has potentially made the actors behind it at least $1.7 million in illicit gains. The bot focuses on cryptocurrency mining and cryptocurrency theft […]
DarkReading
'Clipminer' Malware Actors Steal $1.7 Million Using Clipboard Hijackingp
The malware targets Windows users via Trojanized downloads of cracked or pirated software and then starts in on cryptocurrency mining and clipboard hijacking.
Bleeping Computer
Clipminer malware gang stole $1.7M by hijacking crypto payments
Threat analysts have discovered a large operation of a new cryptocurrency mining malware called Clipminer that brought its operators at least $1.7 million from transaction hijacking.
Security Affairs
China-linked Winnti APT steals intellectual property from companies worldwide
A sophisticated cyberespionage campaign, dubbed Operation CuckooBees, conducted by the China-linked Winnti group remained undetected since at least 2019. Researchers from Cybereason uncovered a sophisticated cyberespionage campaign, dubbed Operation CuckooBees, aimed at stealing intellectual property from the victims. The campaign flew under the radar since at least 2019, it was attributed by the experts to […]
SecurityWeek
China-Linked Winnti APT Group Silently Stole Trade Secrets for Years: Report
Winnti is a Chinese state-affiliated group that has existed since at least 2010 and is known for its sophistication, stealth and focus on stealing technology secrets.
Bleeping Computer
Hackers stole data undetected from US, European orgs since 2019
Cybersecurity analysts have exposed a lengthy operation attributed to the group of Chinese hackers known as "Winnti" and tracked as APT41, which focused on stealing intellectual property assets like patents, copyrights, trademarks, and other types of valuable data.
Trend Micro
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
We recently found a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families.
Naked Security
Zlib data compressor fixes 17-year-old security bug – patch, errrm, now
This code is venerable! Surely all the bugs must be out by now?
Cyber Security News
Dridex Malware Deliver Entropy Ransomware to Target Exchange Server
The cybersecurity researchers of Sophos have recently found some similarities between Dridex malware and a recently emerged Entropy ransomware. In short, threat actors are using the Dridex malware to deliver Entropy ransomware
SecurityWeek
CISA Urges Organizations to Patch Recent Chrome, Magento Zero-Days
CISA has expanded its Known Exploited Vulnerabilities Catalog with nine more security flaws, including two recently addressed zero-days.
Bleeping Computer
CISA tells agencies to patch actively exploited Chrome, Magento bugs
The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source.
Bleeping Computer
CISA tells federal agencies to patch actively exploited Chrome, Magento bugs
The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source.
Bleeping Computer
Cyberspies linked to Memento ransomware use new PowerShell malware
An Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell.
The Record
Iranian state-sponsored group APT35 linked to Memento ransomware
Security researchers have found links between Iranian hacking group APT35 and the Memento ransomware strain.
Bleeping Computer
OceanLotus hackers turn to web archive files to deploy backdoors
Vietnamese hackers of the APT32 group (Ocean Lotus) are now using Web Archive files (.mht and .mhtml) to deploy backdoors on their targets.
ThreatPost
APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools
Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution.
Bleeping Computer
New stealthy DarkWatchman malware hides in the Windows Registry
A new malware named 'DarkWatchman' has emerged in the cybercrime underground, and it's a lightweight and highly-capable JavaScript RAT (Remote Access Trojan) paired with a C# keylogger.
Bleeping Computer
Malicious Notepad++ installers push StrongPity malware
The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware.