A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. “Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary […]
In order to steal cryptocurrency and clipboard contents, ViperSoftX was detected by the security analysts at Avast, a Windows malware that is using a Google Chrome extension called VenomSoftX. A JavaScript-based RAT and crypto-hijacker are hidden within this Chrome extension which constantly attempts to steal the cryptocurrency and clipboard contents. Approximately 93,000 ViperSoftX infection attempts […]
The Russia-linked APT29 nation-state actor has been found leveraging a “lesser-known” Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity. “The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting,” Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up. APT29, […]
The Windows Common Log File System (CLFS) Driver has an elevation of privilege vulnerability identified as CVE-2022-37969 (CVSS score: 7.8). For reporting this vulnerability, Microsoft gave credit to Quan Jin of DBAPPSecurity, Genwei Jiang with Mandiant, FLARE OTF, CrowdStrike, and Zscaler ThreatLabz. Software clients can make advantage of the general-purpose logging service known as the […]
Recently, the security researchers at HP’s threat intelligence team have discovered a malicious campaign in which the threat actors are delivering Magniber ransomware and with the help of fraudulent security updates targeted Windows Home users. A number of fake websites were created by threat actors in September 2022. On those fake websites, fraudulent antivirus and […]
In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. “The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection,” Sophos threat researcher Andreas […]
In a recent discovery made by Symantec’s security researchers, the Witchetty group has been found to be launching a malicious campaign that hides a backdoor behind the Windows logo using steganography. Several countries in the Middle East and the African stock exchange are being targeted by this cyber-espionage campaign, which began in February 2022. An […]
An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom’s Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup […]
The cybersecurity researchers at Lumen’s Black Lotus Labs asserted that in order to mine crypto-currencies and launch DDoS attacks, hackers are deploying an existing botnet called Chaos, which is rapidly expanding, to target and infect Windows and Linux devices. There are also various architectures that can be affected by this Go-based malware, and it includes […]
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. “Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through […]
Uber’s computer network has been hacked on Thursday, leading the company to take some of its internal communications and engineering systems offline. Reports say, an 18 year old hacker who was working on his cybersecurity skills for several years, sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York […]
Uber’s computer network has been hacked on Thursday, leading the company to take some of its internal communications and engineering systems offline. Reports say, an 18 year old hacker who was working on his cybersecurity skills for several years, sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York […]
Microsoft’s threat intelligence team claims that the DEV-0270 group (also known as Nemesis Kitten or Phosphorus) has been abusing Windows’ BitLocker feature in its attacks and using it to encrypt data on its victims’ drives with the subsequent request for ransom to them. Microsoft analysts comment that attackers are increasingly taking advantage of LOLBINs (Living […]
The DEV-0270 (aka Nemesis Kitten), an Iranian state-sponsored hacker group has been uncovered abusing a Windows feature known as BitLocker. While Nemesis Kitten is one of the sub-groups of the Iranian threat actor group known as, PHOSPHORUS. The threat intelligence team of Microsoft claims that as soon as new security vulnerabilities are disclosed, the group […]
A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download […]
On many occasions, security flaws appear that can compromise our devices. They can affect operating systems like Windows, applications, drivers. It is important to always correct them and prevent hackers from having a choice. In this article we echo the latest and important vulnerabilities that Windows has corrected. We’re going to explain why you should […]
Hackers are constantly looking for new ways to attack and infect PC users. And, for this, there is nothing better than taking advantage of the programs or services that are installed as standard in the operating system, such as Windows Defender, the most widely used antivirus today. In this way, a group of hackers has […]
A cyber mercenary that “ostensibly sells general security and information analysis services to commercial customers” used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that’s linked to the development […]
Microsoft has chosen to add specific security measures against brute force attacks against RDP (Remote Desktop Protocol). These security improvements have been introduced in the most recent builds of Windows 11. Given the evolution of this type of attack abusing RDP, Microsoft decided to add the security measure in the latest Insider Preview22528.1000. This system […]
A new ransomware family dubbed Luna was identified by Kaspersky Security researchers recently and it has been claimed that it’s written in Rust. With its use of the programming language, it becomes the third strain to use the language after BlackCat and Hive. There are many operating systems that can be encrypted with Luna, and […]
Kaspersky security researchers have disclosed details of a brand-new ransomware family written in Rust, making it the third strain after BlackCat and Hive to use the programming language. Luna, as it’s called, is “fairly simple” and can run on Windows, Linux, and ESXi systems, with the malware banking on a combination of Curve25519 and AES […]