The Record
DDoS attacks continue, post-election, against Russian independent media site Meduza
Before the Russian elections, Meduza was the target of "the most intense cyber campaign" in its history. Since then, the onslaught hasn't let up.
The Record
Apple notifies users in 92 countries about mercenary spyware attacks
Apple also updated its support page, explaining how the threat notifications work and what targeted users should do if they receive one.
The Hacker News
Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks
Chrome's new feature, DBSC (Device Bound Session Credentials), aims to safeguard users against cookie theft by malware.
Security Affairs
BunnyLoader 3.0 surfaces in the threat landscape - Security Affairs
Researchers found a new variant of the BunnyLoader malware with a modular structure and new evasion capabilities.
The Hacker News
New BunnyLoader Malware Variant Surfaces with Modular Attack Features
New threat: BunnyLoader 3.0 malware variant emerges with advanced modules for data theft, keylogging, and evasion tactics.
SecurityWeek
In Other News: CISA Hacked, Chinese Lock Backdoors, Exposed Secrets
CISA hacked via Ivanti vulnerabilities, Chinese electronic lock backdoors, 12 million secrets exposed on GitHub.
The Record
Russia claims US and 'Western countries' are trying to hack its presidential election
As Russia prepares for its presidential election this week, its systems are reportedly being targeted by “massive” cyberattacks, according to local authorities.
The Record
Russian independent media outlet Meduza faces ‘most intense cyber campaign’ ever
The organization, operating from Latvia and under constant pressure from the Putin regime, says "our tech team has never encountered threats at this scale before.”
The Record
JetBrains vulnerability exploitation highlights debate over 'silent patching'
Czech software giant JetBrains harshly criticized security company Rapid7 this week following a dispute over two recently-discovered vulnerabilities.
Krebs on Security
From Cybercrime Saul Goodman to the Russian GRU
In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum's founders was an attorney who advised Russia's top hackers on the legal risks of their work, and what to do if…
The Record
Suspected Pegasus spyware found on Togolese journalists’ phones
Reporters Without Borders (RSF) found spyware intrusions from 2021 on the phones of two journalists who are on trial for allegedly defaming a government minister.
The Hacker News
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT
The threat actor UAC-0050 is using phishing attacks to distribute the Remcos RAT while employing new strategies to avoid detection.
CSO
Highly exploited Chromium bug traced to one of Google’s OAuth endpoints
OAuth endpoint “MultiLogin” identified as root for Google Chrome’s widely adopted session jacking exploit.
The Hacker News
Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset
Information-stealing malware is exploiting an undocumented Google OAuth endpoint called MultiLogin to hijack user sessions.
CyberNews
Accounts in danger: Google recommends enhanced safe browsing and extra care
Google is aware of recent reports of a malware family stealing session tokens and recommend turning on Enhanced Safe Browsing in Chrome.
DarkReading
Attackers Abuse Google OAuth Endpoint to Hijack User Sessions
Infostealers such as Lumma and Rhadamanthys have integrated the generation of persistent Google cookies through token manipulation
Security Affairs
Experts warn of JinxLoader loader used to spread Formbook and XLoader
JinxLoader is a new Go-based loader that was spotted delivering next-stage malware such as Formbook and XLoader.
Security Affairs
Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies
CloudSEK researchers analyzed a zero-day exploit that can allow the generation of persistent Google cookies through token manipulation.
Latest Hacking News
Multiple Malware Exploit Google Cookie Flaw For Session Hijacking
Researchers have found numerous malware groups actively exploiting a Google Cookie vulnerability for session hijacking. The exploit not only allows access to the target account but also resists disruption by regenerating valid cookies for persistent
The Hacker News
New JinxLoader Targeting Users with Formbook and XLoader Malware
A new malware loader called JinxLoader is being used by threat actors to deliver payloads such as Formbook and XLoader.
Security Affairs
Security Affairs newsletter Round 452 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
HACKRead
Malware Leveraging Google Cookie Exploit via OAuth2 Functionality
Among others, developers of the infamous Lumma, an infostealer malware, are already using the exploit by employing advanced tactics like token manipulation and encryption in targeted attacks.
Security Affairs
Clash of Clans gamers at risk while using third-party app
An exposed database and secrets on a third-party app puts Clash of Clans players at risk of attacks from threat actors.
Security Affairs
New Version of Meduza Stealer Released in Dark Web
The Resecurity's HUNTER unit spotted a new version of the Meduza stealer (version (2.2)) that was released in the dark web.
The Cyber Wire
Ukraine at D+657: Complementary strikes against infrastructure.
Russia continues to accept high casualties as hopes in Moscow grow that Western support for Ukraine will fade.
The Hacker News
Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign
APT28, the Russian nation-state threat actor, is using lures related to the Israel-Hamas war to distribute the HeadLace backdoor.
The Record
NSO Group hires high-powered lobbyists to help navigate US market
The Israel-based maker of Pegasus spyware reported hiring two lobbyists from the Washington-based law firm Steptoe & Johnson.
The Hacker News
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
UNC3944 threat actor now turns to ransomware attacks, targeting critical systems. Understand their tactics, and learn how to protect your organization
SecurityWeek
In Other News: China Blames NSA for Hack, AI Jailbreaks, Netography Spin-Off
Noteworthy stories that might have slipped under the radar: China blames NSA for a cyberattack, AI jailbreaks, and Netography spin-off.
SecurityWeek
MGM Hackers Broadening Targets, Monetization Strategies
The financially motivated UNC3944 group that hacked MGM has hit at least 100 organizations, mainly in the US and Canada.
Cyber Security News
NSO’s Pegasus Hacked Russia Media Agency CEO's iPhone
The iPhone of Galina Timchenko, the co-founder, CEO, and publisher of the Russian independent media outlet Meduza was found to have NSO Group's Pegasus spyware.
The Record
More Russian journalists investigating possible spyware infections
After the news that the prominent media figure Galina Timchenko was hacked with Pegasus, three other Russian-speaking journalists said they too received warnings of spyware on their phones.
DarkReading
Zero-Click iPhone Exploit Drops Spyware on Exiled Russian Journalist
The exploit is one of many that government and intelligence agencies have to infect target devices with the notorious surveillance tool.
The Hacker News
Russian Journalist's iPhone Compromised by NSO Group's Zero-Click Spyware
Russian journalist Galina Timchenko's iPhone hacked with NSO Group's Pegasus spyware
The Record
Exiled Russian journalist had phone hacked with Pegasus spyware
The phone of a prominent Russian journalist and critic of the Kremlin was infected with Pegasus spyware, according to new research.
The Record
Regulators fear Russia could access Yandex taxi data from Europe, Central Asia
News that the Russian security service could potentially get access to data from the Yandex taxi service has raised alarms among users and regulators in Europe and Central Asia.
Security Affairs
Security Affairs newsletter Round 427 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Google addressed 3 actively exploited flaws in Android Iran-linked APT TA453 targets Windows and macOS systems […]
Infosecurity News
Meduza Stealer Targets Windows Users With Advanced Tactics
Uptycs discovered the new threat while monitoring dark web forums and Telegram channels
Security Affairs
New Windows Meduza Stealer targets tens of crypto wallers and password managers
Researchers spotted a new Windows information stealer called Meduza Stealer, the authors employ sophisticated marketing strategies to promote it. The Meduza Stealer can steal browsing activities and extract a wide array of browser-related data, including login credentials, browsing history and bookmarks. The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The authors are […]
The Hacker News
Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets
Your crypto wallet, your secrets, even your games – NOTHING is safe from Meduza Stealer. Discover how this crimeware stays ahead of the game.
The Record
Russian election-meddling ‘troll factory’ reportedly shut down after Wagner revolt
The future of Russia’s infamous Internet Research Agency, a "troll factory" that meddled in the 2016 U.S. presidential election, is uncertain after its founder Yevgeny Prigozhin fled to Belarus following his attempted military coup.
The Record
How DDoSecrets built the go-to home for Russian leaks
DDoSecrets has distributed hacked and leaked data from more than 200 entities, including U.S. law enforcement agencies, fascist groups, shell companies, tax havens, and the far-right social media sites Gab and Parler.
CyberNews
TikTok suspends livestreaming and new uploads in Russia | CyberNews
Media outlets are forced to suspend reporting in Russia after Vladimir Putin signed a so-called 'fake news' law that threatens journalists with up to 15 years in jail.
Security Affairs
Russian watchdog Roskomnadzor also blocked Facebook in Russia
State communications watchdog Roskomnadzor has ordered to block access to Facebook in Russia amid the ongoing invasion of Ukraine. State communications watchdog Roskomnadzor ordered to block access to Facebook over its decision to ban Russian media and state information resources. The block comes after Facebook recently deactivated or restricted access to accounts belonging to media […]
SecurityWeek
Russia Blocks Access to Facebook Over War
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine
Bleeping Computer
Russia blocks access to Facebook, Twitter, foreign news outlets
Russia has blocked access to the Facebook social network after Meta, Facebook's parent company, deactivated or restricted access to accounts belonging pr-Kremlin media outlets and news agencies, including RIA Novosti, Sputnik, and Russia Today.