Lucene search
K

1663 matches found

hivepro
hivepro
added 2022/12/07 10:44 a.m.21 views

Recent Lazarus campaign leveraged Crypto App to spread AppleJeus malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus Group threat actor was noticed employing fake cryptocurrency apps as a ruse to transmit a previously unidentified version of the AppleJeus malware masquerading as malicious Microsoft Office...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/07 4:3 a.m.43 views

New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network

NOTE: In this blog, Zerobot refers to a botnet that spreads primarily through IoT and web application vulnerabilities. It is not associated with the chatbot ZeroBot.ai. A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/05 10:30 a.m.24 views

North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps

The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. "This activity notably involves a campaign likely targeting cryptocurrency users and...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/30 6:30 p.m.153 views

North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets

The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor ... has a wide range of spying capabilities, including monitoring drives and portable...

8.8CVSS8.6AI score0.81103EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/11/23 12:39 p.m.27 views

Ducktail Malware Operation Evolves with New Malicious Capabilities

The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign. "The malware is designed to steal browser cookies and take advantage of authenticated Facebook session...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/23 5:40 a.m.35 views

Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike

A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 by a red team with a number of test emai...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/21 5:42 a.m.37 views

Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild

Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Clou...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2022/11/18 5:42 p.m.21 views

Threat Round up for November 11 to 18

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Nov. 11 and Nov. 18. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/15 12:58 p.m.21 views

Deep Packet Inspection vs. Metadata Analysis of Network Detection & Response (NDR) Solutions

Today, most Network Detection and Response NDR solutions rely on traffic mirroring and Deep Packet Inspection DPI. Traffic mirroring is typically deployed on a single-core switch to provide a copy of the network traffic to a sensor that uses DPI to thoroughly analyze the payload. While this...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/11 12:33 p.m.24 views

Malicious Google Play Store App Spotted Distributing Xenomorph Banking Trojan

Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware. "Xenomorph is a trojan that steals credentials from banking applications on users' devices,"...

0.3AI score
Exploits0
Securelist
Securelist
added 2022/11/02 8:0 a.m.34 views

Server-side attacks, C&C in public clouds and other MDR cases we observed

Introduction This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response MDR team. The goal of the report is to inform our customers about techniques used by attackers. We hope that learning about the attacks that took place in the wild helps you t...

Exploits0
The Hacker News
The Hacker News
added 2022/10/31 2:28 p.m.214 views

Fodcha DDoS Botnet Resurfaces with New Capabilities

The threat actor behind the Fodcha distributed denial-of-service DDoS botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target,...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/26 10:30 p.m.18 views

Point-of-sale malware used to steal 167,000 credit cards

In the 19 months between February 2021 and September 2022, two point-of-sale POS malware operators have stolen more than 167,000 payment records, mainly from the US, according to researchers at Group-IB. The researchers were able to retrieve information about infected machines and compromised...

7.5AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2022/10/26 4:0 p.m.21 views

What Does The Fox Hack? Breaking Down the Anonymous Fox F-Automatical Script

While performing routine security research, one of our threat analysts discovered the latest version of a Command and Control C2 script, which is referred to as F-Automatical within the script’s code and was commonly known as FoxAuto in older versions. This is the seventh version of this automati...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/18 5:29 a.m.143 views

Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software

HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update to address a remote code execution vulnerability that could allow an attacker to take control of targeted systems. Cobalt Strike is a commercial red-team framework that's mainly used f...

9.8CVSS0.46446EPSS
Exploits6
The Hacker News
The Hacker News
added 2022/10/14 1:27 p.m.28 views

New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos

Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19. The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft...

1AI score
Exploits0
CISA
CISA
added 2022/10/14 12:0 a.m.15 views

CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool

CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye allows an operator to quickly assess complex data, evaluate mitigation strategies, and enable effective decision making. For more information, CISA encourages...

1.8AI score
Exploits0References2
MSRC
MSRC
added 2022/10/13 4:0 p.m.17 views

Hunting for Cobalt Strike: Mining and plotting for fun and profit

Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you...

1.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/13 12:17 p.m.96 views

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

A previously undocumented command-and-control C2 framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payloa...

7.8CVSS1.4AI score0.94921EPSS
Exploits151
The Hacker News
The Hacker News
added 2022/10/13 7:18 a.m.35 views

Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers

A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021. The intrusions were aimed at organizations in various verticals, such as engineering, information technology,...

7.4AI score
Exploits0
Rows per page
Query Builder