News

Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains

A new ‘File Archivers in the Browser’ phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files. Earlier this month, Google began offering the ability to register ZIP TLD domains, such as bleepingcomputer.zip, for hosting websites or email addresses. Since the …

Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains Read More »

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. “It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility,” Trend Micro said in a …

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets Read More »

Microsoft 365 phishing attacks use encrypted RPMSG messages

Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways. RPMSG files (also known as restricted permission message files) are encrypted email message attachments created using Microsoft’s Rights Management Services (RMS) and offer an extra layer …

Microsoft 365 phishing attacks use encrypted RPMSG messages Read More »

Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry

A new botnet called Dark Frost has been observed launching distributed denial-of-service (DDoS) attacks against the gaming industry. “The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices,” Akamai security researcher Allen West said in a new technical analysis shared with The Hacker News. …

Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry Read More »

‘Operation Magalenha’ targets credentials of 30 Portuguese banks

A Brazilian hacking group has been targeting thirty Portuguese government and private financial institutions since 2021 in a malicious campaign called ‘Operation Magalenha.’ Examples of the targeted entities include ActivoBank, Caixa Geral de Depósitos, CaixaBank, Citibanamex, Santander, Millennium BCP, ING, Banco BPI, and Novobanco. This campaign was exposed by a Sentinel Labs report highlighting the …

‘Operation Magalenha’ targets credentials of 30 Portuguese banks Read More »

Android phones are vulnerable to fingerprint brute-force attacks

Researchers at Tencent Labs and Zhejiang University have presented a new attack called ‘BrutePrint,’ which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device. Brute-force attacks rely on many trial-and-error attempts to crack a code, key, or password and gain unauthorized access to accounts, systems, or networks. The Chinese …

Android phones are vulnerable to fingerprint brute-force attacks Read More »

Cloned CapCut websites push information stealing malware

A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims. CapCut is ByteDance’s official video editor and maker for TikTok, supporting music mixing, color filters, animation, slow-mo effects, picture-in-picture, stabilization, and more. It has over 500 million downloads on Google Play alone, and its …

Cloned CapCut websites push information stealing malware Read More »

Warning: Samsung Devices Under Attack! New Security Flaw Exposed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a medium-severity flaw affecting Samsung devices. The issue, tracked as CVE-2023-21492 (CVSS score: 4.4), impacts select Samsung devices running Android versions 11, 12, and 13. The South Korean electronics giant described the issue as an information disclosure flaw that could be …

Warning: Samsung Devices Under Attack! New Security Flaw Exposed Read More »

Cybercrime gang pre-infects millions of Android devices with malware

A large cybercrime enterprise tracked as the “Lemon Group” has reportedly pre-installed malware known as ‘Guerilla’ on almost 9 million Android-based smartphones, watches, TVs, and TV boxes. The threat actors use Guerilla to load additional payloads, intercept one-time passwords from SMS, set up a reverse proxy from the infected device, hijack WhatsApp sessions, and more. …

Cybercrime gang pre-infects millions of Android devices with malware Read More »

Apple fixes three new zero-days exploited to hack iPhones, Macs

Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads. “Apple is aware of a report that this issue may have been actively exploited,” the company revealed in security advisories describing the flaws. The security bugs were all found in the multi-platform WebKit browser engine and are tracked …

Apple fixes three new zero-days exploited to hack iPhones, Macs Read More »

MalasLocker ransomware targets Zimbra servers, demands charity donation

A new ransomware operation is hacking Zimbra servers to steal emails and encrypt files. However, instead of demanding a ransom payment, the threat actors claim to require a donation to charity to provide an encryptor and prevent data leaking. The ransomware operation, dubbed MalasLocker by BleepingComputer, began encrypting Zimbra servers towards the end of March …

MalasLocker ransomware targets Zimbra servers, demands charity donation Read More »

Microsoft patches bypass for recently fixed Outlook zero-click bug

Microsoft fixed a security vulnerability this week that could be used by remote attackers to bypass recent patches for a critical Outlook zero-day security flaw abused in the wild. This zero-click bypass (CVE-2023-29324) impacts all supported versions of Windows and was reported by Akamai security researcher Ben Barnea. “All Windows versions are affected by the …

Microsoft patches bypass for recently fixed Outlook zero-click bug Read More »

Brightly warns of SchoolDude data breach exposing credentials

U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform. SchoolDude is a cloud-based platform for managing work orders used by over 7,000 colleges, universities, and K-12 schools from school districts of up …

Brightly warns of SchoolDude data breach exposing credentials Read More »

Scammers Distribute Malware via Verified Account Ads on Facebook

Scamming campaigns frequently involve threat actors impersonating businesses or significant individuals. However, a recent trend of Facebook ad scams has been especially threatening, with scammers potentially infecting a large number of people with malware. Several verified Facebook pages were recently hacked and started distributing malware via ads purchased through and approved by the platform. The …

Scammers Distribute Malware via Verified Account Ads on Facebook Read More »

Western Digital says hackers stole customer data in March cyberattack

Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack. The company emailed the data breach notifications late Friday afternoon, warning that customers’ data was stored in a Western Digital database stolen during the attack. “Based on the investigation, we …

Western Digital says hackers stole customer data in March cyberattack Read More »

Cyber Attackers Continue Threatening Education and Healthcare Organizations

The recent cyber attacks on Bluefield University and University Urology highlight the increasing risk of cybercrime targeting organizations in the education and healthcare industries. As organizations become more reliant on technology for storing and processing data, they must remain vigilant and invest in comprehensive cybersecurity measures to protect themselves and the individuals they serve from …

Cyber Attackers Continue Threatening Education and Healthcare Organizations Read More »

Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN

Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019. “The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments trying to alter legitimate banking transfers performed by the victims by changing the …

Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN Read More »

New LOBSHOT malware gives hackers hidden VNC access to Windows devices

A new malware known as ‘LOBSHOT’ distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC. Earlier this year, BleepingComputer and numerous cybersecurity researchers reported a dramatic increase in threat actors utilizing Google ads to distribute malware in search results. These advertising campaigns impersonated websites for 7-ZIP, VLC, OBS, …

New LOBSHOT malware gives hackers hidden VNC access to Windows devices Read More »

T-Mobile discloses second data breach since the start of 2023

T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023. Compared to previous data breaches reported by T-Mobile, the latest of which impacted 37 million people, this incident affected only 836 customers. Still, the …

T-Mobile discloses second data breach since the start of 2023 Read More »

Wanted Dead or Alive: Real-Time Protection Against Lateral Movement

Just a few short years ago, lateral movement was a tactic confined to top APT cybercrime organizations and nation-state operators. Today, however, it has become a commoditized tool, well within the skillset of any ransomware threat actor. This makes real-time detection and prevention of lateral movement a necessity to organizations of all sizes and across …

Wanted Dead or Alive: Real-Time Protection Against Lateral Movement Read More »

Google banned 173K developer accounts to block malware, fraud rings

Google says it banned 173,000 developer accounts in 2022 to block malware operations and fraud rings from infecting Android users’ devices with malicious apps. The company revealed in its “bad apps” yearly report that it also prevented almost 1.5 million apps linked to various policy violations from reaching the Google Play Store. The Google Play …

Google banned 173K developer accounts to block malware, fraud rings Read More »

New Atomic macOS info-stealing malware targets 50 crypto wallets

A new macOS information-stealing malware named ‘Atomic’ (aka ‘AMOS’) is being sold to cybercriminals via private Telegram channels for a subscription of $1,000 per month. For this hefty price, buyers get a DMG file containing a 64-bit Go-based malware designed to target macOS systems and steal keychain passwords, files from the local filesystem, passwords, cookies, …

New Atomic macOS info-stealing malware targets 50 crypto wallets Read More »

Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks

The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That’s according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal. Alloy Taurus is …

Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks Read More »

CISA warns of Android bug exploited by Chinese app to spy on users

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of a high-severity Android vulnerability believed to have been exploited by a Chinese e-commerce app Pinduoduo as a zero-day to spy on its users. This Android Framework security flaw (tracked as CVE-2023-20963) allows attackers to escalate privileges on unpatched Android devices without requiring user interaction. …

CISA warns of Android bug exploited by Chinese app to spy on users Read More »

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of …

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability Read More »

Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen

Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company’s MyBB forum database containing user data and private messages. What’s more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace. “MyBB admin logs show the account …

Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen Read More »

Microsoft: Phishing attack targets accountants as Tax Day approaches

Microsoft is warning of a phishing campaign targeting accounting firms and tax preparers with remote access malware allowing initial access to corporate networks. With the USA reaching the end of its annual tax season, accountants are scrambling to gather clients’ tax documents to complete and file their tax returns. Due to this, it makes it …

Microsoft: Phishing attack targets accountants as Tax Day approaches Read More »

Recent Data Breaches: Hyundai, NorthOne Bank, and Kodi

Data breaches have become widespread in the digital age, leaving companies and individuals at risk of cyber attacks. Three high-profile companies – Hyundai, NorthOne Bank, and Kodi – recently experienced significant data breaches impacting customers. These incidents have raised concerns about potential identity theft. This blog will provide specifics of each incident and examine the …

Recent Data Breaches: Hyundai, NorthOne Bank, and Kodi Read More »

Dutch Police mails RaidForums members to warn they’re being watched

Dutch Police is sending emails to former RaidForums members, asking them to delete stolen data and stop illegal cyber activities and warning that they are not anonymous. RaidForums was a very popular and notorious hacking and data leak forum known for hosting, leaking, and selling stolen data obtained from breached organizations. Threat actors who frequented …

Dutch Police mails RaidForums members to warn they’re being watched Read More »

All Dutch govt networks to use RPKI to prevent BGP hijacking

The Dutch government will upgrade the security of its internet routing by adopting before the end of 2024 the Resource Public Key Infrastructure (RPKI) standard. RPKI, or Resource Certification protects against erroneous rerouting of internet traffic, maliciously or not, through cryptographic verification of the routes. The standard uses digital certificates to secure the Border Gateway …

All Dutch govt networks to use RPKI to prevent BGP hijacking Read More »

Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise

The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That’s according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed DEV-1084. …

Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise Read More »

Taiwanese PC Company MSI Falls Victim to Ransomware Attack

Taiwanese PC company MSI (short for Micro-Star International) officially confirmed it was the victim of a cyber attack on its systems. The company said it “promptly” initiated incident response and recovery measures after detecting “network anomalies.” It also said it alerted law enforcement agencies of the matter. That said, MSI did not disclose any specifics …

Taiwanese PC Company MSI Falls Victim to Ransomware Attack Read More »

Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks

An unknown threat actor used a malicious self-extracting archive (SFX) file in an attempt to establish persistent backdoor access to a victim’s environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software to display the file contents. It achieves this by including …

Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks Read More »

Hackers can open Nexx garage doors remotely, and there’s no fix

Multiple vulnerabilities discovered Nexx smart devices can be exploited to control garage doors, disable home alarms, or smart plugs. There are five security issues disclosed publicly, with severity scores ranging from medium to critical that the vendor has yet to acknowledge and fix. The most significant discovery is the use of universal credentials that are hardcoded …

Hackers can open Nexx garage doors remotely, and there’s no fix Read More »

Google will require Android apps to let you delete your account

Google has announced a new Google Play Store data deletion policy that will require Android developers to provide users with an online option to delete their accounts and in-app data. According to the new policy, starting in early 2024, Google Play users will have better control over their data since every store listing will display links in …

Google will require Android apps to let you delete your account Read More »

Fake ransomware gang targets U.S. orgs with empty data leak threats

Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid. Sometimes the actors add the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with the instructions in the message. Bad Actors The attackers behind this …

Fake ransomware gang targets U.S. orgs with empty data leak threats Read More »

Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk!

Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version 3.11.7 released on March 22. “Improved code security enforcement in WooCommerce …

Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk! Read More »

Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam

The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. Two of the apprehended affiliates are believed to be organizers, with 10 others detained in other territories across the European Union. The suspects are alleged …

Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam Read More »

Twitter Source Code Leaked on Public GitHub Repository

The popular social media platform Twitter is actively searching for the person responsible for a recent data leak and any other individuals who became involved in the incident by downloading the data. A GitHub user publicly exposed a part of the platform’s proprietary source code and internal tools for approximately three months before Twitter issued …

Twitter Source Code Leaked on Public GitHub Repository Read More »

Hacktivism on the Rise: KillNet Anonymous Sudan’s Cyber Campaign Targets Australia

The world of cyberattacks continues to evolve with the emergence of new hacktivist groups that target different countries for various political reasons. One such group that has been making headlines is KillNet Anonymous Sudan, which is affiliated with the pro-Russian hacktivist group KillNet. The dark web team of SOCRadar has discovered alarming posts on the …

Hacktivism on the Rise: KillNet Anonymous Sudan’s Cyber Campaign Targets Australia Read More »

20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison

Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been formally charged in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker “pompompurin,” faces a maximum penalty of up to five years in prison. He was arrested on March 15, …

20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison Read More »

Emotet malware distributed as fake W-9 tax forms from the IRS

A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with. Emotet is a notorious malware infection distributed through phishing emails that in the past contained Microsoft Word and Excel documents with malicious macros that install the malware. However, after Microsoft began …

Emotet malware distributed as fake W-9 tax forms from the IRS Read More »

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users’ personal information and chat titles in the upstart’s ChatGPT service earlier this week. The glitch, which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users’ conversations from …

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident Read More »

Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich. Attack chains mounted by the group commence with a spear-phishing email …

Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies Read More »

2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks

In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate security budgets have risen significantly because of the growing sophistication of attacks and the number of cybersecurity solutions introduced into the market. With this rise in threats, budgets, and solutions, how prepared are industries and …

2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks Read More »

Hackers use new PowerMagic and CommonMagic malware to steal data

Security researchers have discovered attacks from an advanced threat actor that used “a previously unseen malicious framework” called CommonMagic and a new backdoor called PowerMagic. Both malware pieces have been used since at least September 2021 in operations that continue to this day and target organizations in the administrative, agriculture, and transportation sectors for espionage …

Hackers use new PowerMagic and CommonMagic malware to steal data Read More »

New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks

A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS (distributed denial of service) swarm with the potential for massive attacks. The new botnet was discovered by researchers at Akamai at the start of the year, who caught it on their HTTP and SSH honeypots, …

New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks Read More »

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim …

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack Read More »

Emotet malware now distributed in Microsoft OneNote files to evade defenses

The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. Emotet is a notorious malware botnet historically distributed through Microsoft Word and Excel attachments that contain malicious macros. If a user opens the attachment and enables macros, a DLL will be downloaded and executed …

Emotet malware now distributed in Microsoft OneNote files to evade defenses Read More »

FakeCalls Android malware returns with new ways to hide on phones

Android malware ‘FakeCalls’ is circulating again in South Korea, imitating phone calls for over 20 financial organizations and attempting to fool bankers into giving away their credit card details. The particular malware isn’t new, as Kaspersky published a report about it a year ago. However, Check Point researchers now report that more recent versions have implemented …

FakeCalls Android malware returns with new ways to hide on phones Read More »

BianLian ransomware gang shifts focus to pure data extortion

The BianLian ransomware group has shifted its focus from encrypting its victims’ files to only exfiltrating data found on compromised networks and using them for extortion. This operational development in BianLian was reported by cybersecurity company Redacted, who have seen signs of the threat group attempting to craft their extortion skills and increase the pressure on …

BianLian ransomware gang shifts focus to pure data extortion Read More »

Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets

Project Zero, Google’s zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung’s Exynos chipsets used in mobile devices, wearables, and cars. The Exynos modem security flaws were reported between late 2022 and early 2023. Four of the eighteen zero-days were identified as the most serious, enabling remote code execution from the Internet to the baseband. …

Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets Read More »

Mental health provider Cerebral alerts 3.1M people of data breach

Healthcare platform Cerebral is sending data breach notices to 3.18 million people who have interacted with its websites, applications, and telehealth services. Cerebral is a remote telehealth company that provides online therapy and medication management for various mental health conditions, including anxiety, depression, ADHD, Bipolar Disorder, and substance abuse. In a ‘Notice of HIPAA Privacy …

Mental health provider Cerebral alerts 3.1M people of data breach Read More »

Major Cyberattacks in Review: February 2023

As we enter March 2023, the world continues to face a surge in cyberattacks that threaten individuals, businesses, and government agencies. The last month has already witnessed some of the most significant cyber incidents, including data breaches and ransomware attacks that have impacted millions of people and organizations worldwide. As the threat landscape continues to …

Major Cyberattacks in Review: February 2023 Read More »

Acer Breached, Hacker Selling Access to 160GB of Stolen Data

Acer has been breached by a hacker who claims to have stolen confidential data from the PC maker, including files on the company’s products.  The culprit is now selling access to the stolen files on a forum frequented by hackers. “The leak contains a total 160GB of 655 directories, and 2,869 files,” the attacker wrote …

Acer Breached, Hacker Selling Access to 160GB of Stolen Data Read More »

New TPM 2.0 flaws could let hackers steal cryptographic keys

The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access or overwrite sensitive data, such as cryptographic keys. TPM is a hardware-based technology that provides operating systems with tamper-resistant secure cryptographic functions. It can be used to store cryptographic keys, passwords, and other critical data, …

New TPM 2.0 flaws could let hackers steal cryptographic keys Read More »

Bing Chat has a secret ‘Celebrity’ mode to impersonate celebrities

A secret Bing Chat ‘Celebrity’ mode allows users to instruct the AI to impersonate celebrities, answering questions and talking like the person it imitates. Microsoft is constantly testing new, hidden features in Bing Chat that allow you to turn it into different chat modes, such as gaming, personal assistant, or a friend who can help you …

Bing Chat has a secret ‘Celebrity’ mode to impersonate celebrities Read More »

SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering. Cybersecurity …

SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics Read More »

BidenCash market leaks over 2 million stolen credit cards for free

A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary. Rather than keeping it under wraps, the threat actors advertised this massive leak on an underground cybercrime forum for more extensive reach and to attract as much attention as possible. According …

BidenCash market leaks over 2 million stolen credit cards for free Read More »

Hackers Exploit Containerized Environments to Steals Proprietary Data and Software

A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. “The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials,” Sysdig said in a new report. The advanced cloud attack also entailed the deployment of …

Hackers Exploit Containerized Environments to Steals Proprietary Data and Software Read More »

New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers

Misconfigured Redis database servers are the target of a novel cryptojacking campaign that leverages a legitimate and open source command-line file transfer service to implement its attack. “Underpinning this campaign was the use of transfer[.]sh,” Cado Security said in a report shared with The Hacker News. “It’s possible that it’s an attempt at evading detections based on …

New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers Read More »

Hackers use fake ChatGPT apps to push Windows, Android malware

Threat actors are exploiting the popularity of OpenAI’s ChatGPT chatbot to distribute malware for Windows and Android, or direct unsuspecting vitims to phishing pages. ChatGPT gained immense traction since its launch in November 2022, becoming the most rapidly growing consumer application in modern history with more then100 million users by January 2023. This massive popularity and …

Hackers use fake ChatGPT apps to push Windows, Android malware Read More »

TELUS Probing Stolen Source Code and Employee Data Leak

TELUS, Canada’s second-largest telecom, is investigating a potential data breach after a threat actor claimed to have employee data and private source code repositories belonging to the company. The threat actor posted screenshots showing payroll records and private source code repositories for sale. Although TELUS has not found evidence of corporate or retail customer data …

TELUS Probing Stolen Source Code and Employee Data Leak Read More »

Fruit Giant Dole Suffers Ransomware Attack Impacting Operations

Dole Food Company, a leading provider of fresh fruits and vegetables, is currently dealing with a ransomware attack that has affected its operations. The company has stated that the impact is limited, but leaked information from a Texan grocery store suggests that the attack has forced Dole to shut down production plants in North America …

Fruit Giant Dole Suffers Ransomware Attack Impacting Operations Read More »

GoDaddy Hackers Stole Source Code, Customer Details

GoDaddy, a web hosting behemoth, said the company suffered from a multi-year breach with attackers installing malware on its servers. Unknown attackers accessed GoDaddy’s servers via cPanel shared hosting environment and installed malware, in an attack spanning several years. According to the company, the breach was discovered in December 2022, after investigating customer complaints about …

GoDaddy Hackers Stole Source Code, Customer Details Read More »

Activision Hackers Exposed Employee and Game Info

Activision has suffered a data breach, with threat actors accessing the game publisher’s corporate Slack environment and game release calendar. Activision confirmed it was breached. Researchers at VX-Underground first announced the breach, adding that Activision decided to keep the security incident under wraps. “They [the attackers] exfiltrated sensitive workplace documents, as well as content scheduled …

Activision Hackers Exposed Employee and Game Info Read More »

Coinbase Targeted by Cyberattackers using SMS phishing tactics

Cryptocurrency exchange Coinbase recently experienced a cyber attack in which attackers gained access to the company’s data. However, Coinbase claims that it caught the attack in time, preventing any loss of funds or customer information. The exchange has determined that the same group that targeted Twilio and Cloudflare is likely behind the attack. According to …

Coinbase Targeted by Cyberattackers using SMS phishing tactics Read More »

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software

Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser component. The flaw affects versions 1.0.0 …

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software Read More »

Experts Warn of RambleOn Android Malware Targeting South Korean Journalists

Suspected North Korean nation-state actors targeted a journalist in South Korea with a malware-laced Android app as part of a social engineering campaign. The findings come from South Korea-based non-profit Interlab, which coined the new malware RambleOn. The malicious functionalities include the “ability to read and leak target’s contact list, SMS, voice call content, location and …

Experts Warn of RambleOn Android Malware Targeting South Korean Journalists Read More »

Scandinavian Airlines says cyberattack caused passenger data leak

Scandinavian Airlines (SAS) has posted a notice warning passengers that a recent multi-hour outage of its website and mobile app was caused by a cyberattack that also exposed customer data. The cyberattack caused some form of a malfunction on the airline’s online system, causing passenger data to become visible to other passengers. This data includes …

Scandinavian Airlines says cyberattack caused passenger data leak Read More »

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy

Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAC, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity. Top of the list is a severe bug residing in the FortiNAC network …

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy Read More »

Mobile game with 10m+ downloads spills source code, endangers user data

The source code of Escalators, a mobile game available on Google Play Store and Apple’s App Store, was allegedly posted on several popular hacker forums. The threat actor posted a dataset of nearly 600 MB of likely stolen information. Source code leaks pose a significant security threat to developers as their intellectual property can be …

Mobile game with 10m+ downloads spills source code, endangers user data Read More »

AI-based visual editing service leaks user images and customer data

Cutout.pro, an AI media manipulation service, leaked nine gigabytes of data, including usernames and images it created using specific queries. Artificial intelligence-based tools such as ChatGPT or DALL-E have caught the attention of swaths of internet users. However, few have likely considered the security implications of uploading text or images to such tools, and a recent Cybernews discovery is …

AI-based visual editing service leaks user images and customer data Read More »

San Diego healthcare provider admits breach involving patient data

Sharp HealthCare, a San Diego-based group with ten healthcare institutions and over 18,000 employees, said certain patient information was compromised in a January breach. The company detected suspicious activity on a server that runs the Sharp.com website on January 12. An unauthorized party gained access to the server for a few hours and was able …

San Diego healthcare provider admits breach involving patient data Read More »

Researcher Successfully Hacked Toyota’s Global Network

A Florida-based cybersecurity researcher had a slow week in late October 2022 and decided to inspect the systems of various major companies for exploits. In a week, he detected four different security issues at Toyota, all of which he deemed critical. Eaton Zveare, Director of Technology at Grape Intentions, an online wine store, has a …

Researcher Successfully Hacked Toyota’s Global Network Read More »

Hackers Use Fake Crypto Job Offers to Push info-Stealing Malware

A campaign operated by Russian threat actors uses fake job offers to target Eastern Europeans working in the cryptocurrency industry, aiming to infect them with a modified version of the Stealerium malware named ‘Enigma.’ According to Trend Micro, which has been tracking the malicious activity, the threat actors use a set of heavily obfuscated loaders that …

Hackers Use Fake Crypto Job Offers to Push info-Stealing Malware Read More »

Hackers Breach Reddit to Steal Source Code and Internal Data

Reddit suffered a cyberattack Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code. The company says the hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site. This site attempted to steal employees’ credentials and two-factor authentication tokens. After one employee fell …

Hackers Breach Reddit to Steal Source Code and Internal Data Read More »

Ransomware Attack on ION Group Impacts Derivatives Trading Market

The LockBit ransomware gang has claimed responsibility for the cyberattack on ION Group, a UK-based software company whose products are used by financial institutions, banks, and corporations for trading, investment management, and market analytics. On January 31, 2023, the firm disclosed the incident in a short statement saying that it impacted ION Cleared Derivatives, a …

Ransomware Attack on ION Group Impacts Derivatives Trading Market Read More »

Florida hospital takes IT systems offline after cyberattack

Tallahassee Memorial HealthCare (TMH) has taken its IT systems offline and suspended non-emergency procedures following a late Thursday cyberattack. While all its network systems were taken online, TMH says this attack only impacted some of them. Patients who require emergency medical services (EMS) will also be diverted to other hospitals, as TMH will only accept …

Florida hospital takes IT systems offline after cyberattack Read More »

TruthFinder, Instant Checkmate confirm data breach affecting 20M customers

PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirmed they suffered a data breach after hackers leaked a 2019 backup database containing the info of millions of customers. TruthFinder and Instant Checkmate are subscription-based services allowing customers to perform background checks on other people. When conducting background checks, the sites will …

TruthFinder, Instant Checkmate confirm data breach affecting 20M customers Read More »

The Week in Ransomware – February 3rd 2023 – Ending with a mess

While the week started slowly, it turned into a big ransomware mess, with attacks striking a big blow at businesses running VMware ESXi servers. The attacks started Friday morning, with threat actors targeting unpatched VMware ESXi servers with a new ransomware variant dubbed ESXiArgs. The attacks were fast and widespread, with admins worldwide soon reporting that they were …

The Week in Ransomware – February 3rd 2023 – Ending with a mess Read More »

Digital taxi service offline after cyberattack

A taxi-booking service in Australia has been forced to shut down after a cyberattack, leaving disabled and child passengers temporarily stranded. Frustrated users have vented their displeasure on Twitter following the announcement on the social media platform. Another day, another business compromised by threat actors. The latest victim is Black and White Cabs, a digital …

Digital taxi service offline after cyberattack Read More »

GitHub breach: attackers cloned code signing certificates

GitHub claims unknown attackers accessed its code repositories and stole certificates for GitHub Desktop and Atom applications. GitHub, a popular hosting service for software development, notified users of an “unauthorized access” the company detected on December 7, 2022. According to GitHub, the attack only affected repositories used in the planning and development of GitHub Desktop …

GitHub breach: attackers cloned code signing certificates Read More »

Ukraine Hit with New Golang-based ‘SwiftSlicer’ Wiper Malware in Latest Cyber Attack

Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). “Once …

Ukraine Hit with New Golang-based ‘SwiftSlicer’ Wiper Malware in Latest Cyber Attack Read More »

Microsoft Urges Customers to Secure On-Premises Exchange Servers

Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. “Attackers looking to exploit unpatched Exchange servers are not going to go away,” the tech giant’s Exchange Team said in a post. “There are too many aspects of …

Microsoft Urges Customers to Secure On-Premises Exchange Servers Read More »

Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort

In what’s a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) operation has been seized as part of a coordinated law enforcement effort involving 13 countries. “Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying …

Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort Read More »

Peringkatan Ancaman Keamanan dan Kerentanan Sistem

Android merupakan sistem operasi telepon seluler yang menggunakan beberapa fungsi KeyguardServiceWrapper.Java dan file terkait untuk melihat secara singkat apa yang ada di bawah layar kunci yang dapat menyebabkan peningkatan hak istimewa yang dapat menyebabkan eksploitasi berkelanjutan. Lockscreen ByPass adalah upaya untuk mengeksploitasi atau memaksa perilaku tak terduga dari proses yang tidak secara langsung pada lockscreen …

Peringkatan Ancaman Keamanan dan Kerentanan Sistem Read More »

Millions affected as ransomware knocks out French telecom firm

Seven days after the breach, French telecom company La Post Mobile still hasn’t recovered from the attack by LockBit ransomware. The mobile phone network owned by the French Post was hit with a ransomware attack on 4 July, severely disrupting the company’s administrative and management services. Users trying to access La Post Mobile’s website are …

Millions affected as ransomware knocks out French telecom firm Read More »

U.S. Healthcare Orgs Targeted with Maui Ransomware

State-sponsored actors are deploying the unique malware–which targets specific files and leaves no ransomware note–in ongoing attacks. Several federal agencies are warning healthcare organizations that they are under threat of attacks from North Korean state-sponsored actors employing a unique ransomware that targets files with surgical precision, according to U.S. federal authorities. Threat actors from North …

U.S. Healthcare Orgs Targeted with Maui Ransomware Read More »

Clever phishing method bypasses MFA using Microsoft WebView2 apps

A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. With the large number of data breaches, remote access trojan attacks, and phishing campaigns, stolen login credentials have become abundant. However, the increasing adoption of multi-factor authentication (MFA) …

Clever phishing method bypasses MFA using Microsoft WebView2 apps Read More »

Mitel zero-day used by hackers in suspected ransomware attack

Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack. Mitel VOIP devices are used by critical organizations in various sectors for telephony services and were recently exploited by threat actors for high-volume DDoS amplification attacks. In a new report by CrowdStrike, the company …

Mitel zero-day used by hackers in suspected ransomware attack Read More »

Yodel parcel company confirms cyberattack is disrupting delivery

Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online. The company has not published any details about the incident, such as when it occurred or its nature but implies that customer payment information has not been affected since it …

Yodel parcel company confirms cyberattack is disrupting delivery Read More »

Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs

For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers’ accounts on GitHub, Amazon Web Services, and Docker Hub. Researchers at Aqua Security discovered that “tens of thousands of user tokens” are exposed through …

Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs Read More »

Extortion gang ransoms Shoprite, largest supermarket chain in Africa

Shoprite Holdings, Africa’s largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack. Shoprite is Africa’s largest supermarket chain, with a revenue of $5.8 billion and149,000 employees. The retailer has 2,943 stores, serving millions of customers in South Africa, Nigeria, Ghana, Madagascar, Mozambique, Namibia, …

Extortion gang ransoms Shoprite, largest supermarket chain in Africa Read More »

Microsoft patches actively exploited Follina Windows zero-day

Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. “Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need …

Microsoft patches actively exploited Follina Windows zero-day Read More »