Browsing tag
Cybercriminals distribute malware disguised as textbooks and essays that downloaded from pirated websites. The costs of materials posted by the university are high. which leads students to look for a free or low-cost alternative’s online. Taking this as an advantage, malicious hackers post malicious content among the study materials and advertise them for free. Malware […]
Researchers discovered an ongoing malvertising campaign targeting millions of WordPress websites to infect with backdoor and exploiting the various WordPress plugins vulnerabilities. According to WordPress, there are nearly 60 million Websites power by WordPress content management system and hundreds of WordPress Plugins are installed that developers by various developers around the globe. Cybercriminals launch the […]
A new threat group dubbed LYCEUM spotted attacking critical infrastructure organizations including oil, gas and possibly telecommunications using several hacking tools. The threat group found to be active at least from April 2018 and they target South African regions, starting from May 2019 the group launches campaigns against oil and gas organizations in the Middle […]
Imperva, one of the leading cyber-security firm disclosed a data breach that impacts the customers’ data of Cloud Web Application Firewall (WAF). According to the blog post published by Imperva CEO Chris Hylen, “elements of our Incapsula customer database through September 15, 2017, were exposed”. The company learned the data exposure on August 20, 2019, […]
Malware showcase is a Github repository that contains examples of malware usage and behavior, this repo should be used only for educational purposes or for experts who wish to expand on the usage for red team or other related ethical hacking activities. Installation N.B: We will need to set up a virtual environment 1 – […]
Hackers use backdoor and remote access trojan that let attackers gain complete remote control over the compromised computer. The campaign particularly targets the financial departments of the organization in the Balkans region. The campaign is financially motivated, it includes two tools dubbed BalkanDoor and BalkanRAT and distributed through tax themed malicious emails. Active for a […]
A recruiter from AT&T charged in a 14-count, U.S to have a paid insiders to planting malware on telecommunications giant AT&T Network for committing unauthorized access and computer networks to unlock cellphones. Muhammad Fahd, 34, was arrested in Hong Kong on Feb. 4, 2018, and extradited to the United States for the indictment that alleges […]
A new malware dubbed SystemBC delivered by RIG and Fallout exploit kit, sets up a SOCKS5 proxy connection on victims machine to hide the Command and Control center traffic for popular banking malware such as Danabot. In recent years most of the banking trojans are served through exploit kit, among them, RIG and Fallout are […]
Threat actors advertising a new Combolists-as-a-Service model to sell credentials on the underground hacking forums that enable account takeovers. Attackers employ several methods to gain access to the account that includes breached login credentials, phishing, malware, and bulk passwords. Pony or TrickBot are the commonly used malware variants used by attackers to harvest login credentials […]
A new family of Android Ransomware dubbed Android/Filecoder.C distributed various online forums and further uses the victim’s contact list to SMS with a malicious link. ESET detected the ransomware activity since July 12th, 2019, “Due to narrow targeting and flaws in both execution of the campaign and implementation of its encryption, the impact of this […]
Capital one hacked, the hack exposed more than 100 million customers data across the US and Canada. The breach was learned by Capital One Financial Corporation on July 19, 2019. Following are the personal information affected with the breach that includes names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, credit scores, […]
A new multistage attack exploiting Elasticsearch servers using the old unpatched vulnerability to invoke a shell with a crafted query and encoded Java commands. The attack aims to deliver BillGates/Setag Backdoor against vulnerable Elasticsearch servers. The attack targets the already patched vulnerability in the Groovy scripting engine (versions 1.3.0 – 1.3.7 and 1.4.0 – 1.4.2) […]
Hackers attack Electric utility City Power on Johannesburg, South Africa using powerful ransomware and take down the entire network, applications, and database. Recent days threat actors mainly targeting the government network, cities, municipalities around the world to demand the huge amount of ransom. The attackers hit the power grid with unknown ransomware and encrypt all […]
Noam Rotem and Ran Locar with their research team found a database leak in YouHodler. YouHodler, A Crypto lending site offered an easy way for its users to apply for crypto-loans or turn their crypto-holdings into fiat currencies. The breach has that more than 86 million records, including full customer names, email addresses, addresses, phone […]
Security researchers observed a new campaign targeting financial institutions and governmental organizations with a customized version of a remote access tool called “Proyecto RAT”. The payload found to be written in Visual Basic 6 and it uses Disposable E-mail Address service yopmail for its C&C communication. The yopmail is known for creating temporary inboxes. Infection […]
American telecommunication company Sprint recently learned that hackers breached the customers account through Samsung website. According to the letter shared by the company on June 22, says that “unauthorized access to your Sprint account using your account credentials via the Samsung.com ‘add a line’ website.” Hackers have accessed the personal associated with the Sprint accounts, […]
BianLian malware was first detected in October 2018; the malware aims in stealing OTP authentication codes, check balances, inject push notifications, and also capable of locking device and ask users to pay the ransomware. The updated version of the malware contains a Screencast Module to records the screens of the infected device and Socks5 module […]
USCYBERCOM published an alert that hackers were exploiting the CVE-2017-11774 Microsoft Outlook Security Vulnerability to deliver malware using an HTTPS domain. Microsoft already patched the vulnerability in 2017 and the USCYBERCOM alert refers to the ongoing campaign that exploiting CVE-2017-11774. Users are advised to ensure that they have patched the vulnerability. — USCYBERCOM Malware Alert […]
OceanLotus APT Group also known as APT32, SeaLotus, and CobaltKitty uses undetected Remote Access trojans Ratsnif to leverage network attack capabilities. The trojan was active since 2016, and it has features like packet sniffing, gateway/device ARP poisoning, DNS poisoning, HTTP injection, and MAC spoofing. The Cylance Threat Research Team detected four distinct samples of Ratsnif […]
Russian Internet Giant Yandex hacked by Western intelligence agencies hackers with a rare type of malware called “Regin” to spy on Yandex users account. Yandex is a Russian search engine also specializing in Internet-related products and services including Commerce, transportation, navigation, mobile applications, and online advertising. Yandex is widely known as Russian Google. The attacker was conducted between […]
Waterbug APT Hackers used hijacked infrastructure to attack governments and international organizations through various campaigns using new and publically available malware. The group also use living off the land for executing process on the systems. Symantec observed the targeted attack over the past year using unique tools and the campaigns hitting Europe, Latin America, and […]