Tag: The Hacker News

A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems. “The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of…

Read more →

A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users’ private keys. The seven attacks span three…

Read more →

A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server. “By exploiting this vulnerability, attackers could achieve remote code execution (RCE) on a…

Read more →

A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server. “By exploiting this vulnerability, attackers could achieve remote code execution (RCE) on a…

Read more →

The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft…

Read more →

The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft…

Read more →

A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service (DoS) attacks. “To better interact with users, a wide range of database applications…

Read more →

Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts and exported audience data from 102 of them. The breach was preceded by a successful phishing attempt and led to malicious…

Read more →

Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners. The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda,…

Read more →

In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems. The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder,…

Read more →

Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only…

Read more →

A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks. The technique “could act as an entry point for…

Read more →

The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the…

Read more →

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group “primarily targets cloud platforms offering limited-time…

Read more →

A variant of the infamous Dridex banking malware has set its sights on Apple’s macOS operating system using a previously undocumented infection method, according to latest research. It has “adopted a new technique to deliver documents embedded with malicious macros…

Read more →

Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems. “While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on…

Read more →

Popular instant messaging service WhatsApp has launched support for proxy servers in the latest version of its Android and iOS apps, letting users circumvent government-imposed censorship and internet shutdowns. “Choosing a proxy enables you to connect to WhatsApp through servers…

Read more →

Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month’s breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access…

Read more →

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point’s latest research offers new insights into the Spanish-speaking group’s tactics and…

Read more →

A cybercrime group dubbed Bluebottle has been linked to a set of targeted attacks against the financial sector in Francophone countries located in Africa from at least July 2022 to September 2022. “The group makes extensive use of living-off-the-land, dual…

Read more →

The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would…

Read more →

Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022. “The reason behind this increase is that the developer of the spyware, who was previously selling it to other actors, made the source…

Read more →

The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server. “When a user creates an account on an online platform, a unique account page that…

Read more →

DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident. The company said an investigation is currently ongoing, but emphasized that “there are no unauthorized actors active in our systems.” Additional details…

Read more →

Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. “An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow…

Read more →

The Irish Data Protection Commission (DPC) has fined Meta Platforms €390 million (roughly $414 million) over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model. To that end, the privacy…

Read more →

Ransomware: contemporary threats, how to prevent them and how the FBI can help In April 2021, Dutch supermarkets faced a food shortage. The cause wasn’t a drought or a sudden surge in the demand for avocados. Rather, the reason was…

Read more →

Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities — tracked from CVE-2022-40516 through CVE-2022-40520 — also impact Lenovo ThinkPad X13s laptops,…

Read more →

A new Linux malware developed using the shell script compiler (shc) has been observed deploying a cryptocurrency miner on compromised systems. “It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware…

Read more →

Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has…

Read more →

Challenges with an enforcement-based approach An enforcement-based approach to security begins with a security policy backed by security controls, often heavy-handed and designed to prevent employees from engaging in risky behavior or inadvertently expanding the potential attack surface of an…

Read more →

A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. The unknown adversary is believed to have hijacked the IT infrastructure of a…

Read more →

Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. “What is unique about the malware is that it is heavily obfuscated…

Read more →

Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed RedZei (aka RedThief). “The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich…

Read more →

The maintainers of the PyTorch package have warned users who have installed the nightly builds of the library between December 25, 2022, and December 30, 2022, to uninstall and download the latest versions following a dependency confusion attack. “PyTorch-nightly Linux packages…

Read more →

WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. “If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted…

Read more →

Google has agreed to pay a total of $29.5 million to settle two different lawsuits brought by Indiana and Washington, D.C., over its “deceptive” location tracking practices. The search and advertising giant is required to pay $9.5 million to D.C. and $20 million…

Read more →