A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor’s infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that’s used to facilitate information theft. “What is noteworthy is data […]
It would be wise to get a burner phone if you were traveling to Qatar for the World Cup. Additionally, avoid taking any pictures that would violate the Gulf state’s stringent morals regulations. Football fans are being advised on how to shield themselves from the Qatar World Cup applications’ spying by France’s powerful data protection […]
Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware. “Xenomorph is a trojan that steals credentials from banking applications on users’ devices,” Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi […]
Security analysts at Trend Micro have recently tracked down ‘Earth Longzhi’, a previously unknown Chinese APT hacking group that is actively targeting several organizations in countries such as:- East Asia Southeast Asia Ukraine With the help of custom versions of Cobalt Strike loaders, the threat actors have been successfully planting persistent backdoors on the systems […]
When in doubt, kick it out, plus other tips for hardening your cyber-defenses against World Cup-themed phishing and other scams
The U.S. Department of Justice (DoJ) has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world. The 33-year-old Ontario resident, Mikhail Vasiliev, has been taken into custody and is awaiting extradition to the U.S., where is likely to be sentenced for a maximum of […]
Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said […]
Security analysts at DCSO CyTec have recently identified that the Outlook and Thunderbird clients have been targeted by a new information-stealing malware called StrelaStealer (“Стрела” == arrow) specifically it steals account credentials. The demeanor of this information-stealer differs from that of the majority stealers, which target different sources of information, such as:- Web browsers Cryptocurrency […]
Following the Optus data breach, Queenslanders are now required to give banks, telecoms, and utility firms a second number on their driver’s license to verify their identity.People will have to supply both the card number and the license number starting this week. Every time a license is issued or changed, a new card number is […]
The research team at cyber security company has identified a flaw that makes it possible to hack video entrance systems with an NFC tag. Promon researchers found that attackers can conduct an attack on the entry system to get the admin passcode using a mobile device with NFC capabilities. Once the passcode has been discovered, […]
The Amadey Bot has been found to be used by attackers to install LockBit 3.0 with the help of malicious MS Word document files, eventually dropping the ransomware strain. In the year 2018, Amadey Bot was discovered that spread across the Internet. In addition to stealing information, this malware is capable of installing additional malware […]
Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway products that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force […]
Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The high-severity issue, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers. “Attackers can exploit […]
PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. “The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS,” Slovak cybersecurity firm ESET explained in a series […]
Authentication is the process of demonstrating your identity. The user must verify their identity by supplying particular access credentials in order to access protected information, systems, or places. The primary categories of authentication elements are as follows: Factors of knowledge (what the user is aware of): For instance, a PIN, passphrase, or password. Possession factors: […]
Critical flaws that affect many ThinkBook, IdeaPad, and Yoga laptop models have been resolved by Lenovo and may have allowed an attacker to disable UEFI Secure Boot. Researchers from ESET found these flaws in drivers in several Lenovo systems and informed the computer maker of their discovery. ESET published a link to a Twitter thread by […]
Researchers at Zimperium zLabs recently identified a new Chrome browser botnet called ‘Cloud9’ that is intent on stealing the following information using malicious extensions:- Online accounts credentials Log keystrokes Inject ads Inject malicious JS code Enroll the victim’s browser in DDoS attacks This method is becoming increasingly attractive for malware developers to target web browsers […]
The Russia-linked APT29 nation-state actor has been found leveraging a “lesser-known” Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity. “The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting,” Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up. APT29, […]
A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. “Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks,” Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News. […]
An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world. IceXLoader is a commodity malware that’s sold for $118 on underground forums for a lifetime license. It’s chiefly employed to download and execute additional malware on breached hosts. This past June, […]
VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an authentication bypass […]