Lucene search
K

1665 matches found

The Hacker News
The Hacker News
added 2022/10/13 12:17 p.m.96 views

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

A previously undocumented command-and-control C2 framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payloa...

7.8CVSS1.4AI score0.94921EPSS
Exploits151
The Hacker News
The Hacker News
added 2022/10/13 7:18 a.m.35 views

Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers

A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021. The intrusions were aimed at organizations in various verticals, such as engineering, information technology,...

7.4AI score
Exploits0
MSRC
MSRC
added 2022/10/13 7:0 a.m.13 views

Hunting for Cobalt Strike: Mining and plotting for fun and profit

Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you...

7.1AI score
Exploits0
MSRC
MSRC
added 2022/10/13 7:0 a.m.25 views

Hunting for Cobalt Strike: Mining and plotting for fun and profit

Introduction Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies ...

1.9AI score
Exploits0
hivepro
hivepro
added 2022/10/12 1:11 p.m.14 views

POLONIUM employs backdoors to target Israel

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary POLONIUM is a cyber espionage gang that leverages OneDrive and Dropbox cloud services for command and control C&C by employing a custom toolkit that includes seven backdoors and various spying modules to...

3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/07 12:59 p.m.42 views

LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data

Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/05 3:45 p.m.19 views

Bogus job offers hide trojanised open-source software

Microsoft researchers are warning of fake job offers where the only actual compensation available is a golden handshake of malware and trickery. The campaign targets those with technical know-how because, despite what some may think, scams are for everybody, not just people unfamiliar with tech...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/04 3:39 p.m.57 views

Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer

A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser. Kaspersky dubbed the campaign OnionPoison, with all of the victims located in China. The scale of the attack remains unclear, but the Russian...

2.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/27 9:46 a.m.32 views

North Korea's Lazarus Hackers Targeting macOS Users Interested in Crypto Jobs

The infamous Lazarus Group has continued its pattern of leveraging unsolicited job opportunities to deploy malware targeting Apple's macOS operating system. In the latest variant of the campaign observed by cybersecurity company SentinelOne last week, decoy documents advertising positions for the...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/22 6:17 a.m.168 views

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple an...

9.8CVSS0.4AI score0.99999EPSS
Exploits225
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/09/21 5:0 p.m.26 views

Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices

Our analysis of a recent version of a previously reported info-stealing Android malware, delivered through an ongoing SMS campaign, demonstrates the continuous evolution of mobile threats. Masquerading as a banking rewards app, this new version has additional remote access trojan RAT capabilities...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/16 2:17 p.m.32 views

Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services

Cybersecurity researchers have exposed new connections between a widely used pay-per-install PPI malware service known as PrivateLoader and another PPI platform offered by a cybercriminal actor dubbed ruzki. "The threat actor ruzki aka les0k, zhigalsz advertises their PPI service on underground...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/07 6:57 a.m.98 views

Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities

A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits. "If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further...

10CVSS2.6AI score0.97101EPSS
Exploits4
The Hacker News
The Hacker News
added 2022/09/05 7:10 a.m.46 views

Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan

The notorious Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. "This new dropper doesn't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware,"...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/29 10:15 a.m.48 views

Nitrokod Crypto Miner Infected Over 111,000 Users with Copies of Popular Software

A Turkish-speaking entity called Nitrokod has been attributed to an active cryptocurrency mining campaign that involves impersonating a desktop application for Google Translate to infect over 111,000 victims in 11 countries since 2019. "The malicious tools can be used by anyone," Maya Horowitz,...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/27 3:23 a.m.234 views

Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater aka...

10CVSS2.5AI score0.99999EPSS
Exploits347
The Hacker News
The Hacker News
added 2022/08/26 6:52 a.m.75 views

Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework

Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control C2 framework in their intrusion campaigns as a replacement for Cobalt Strike. "Given Cobalt Strike's popularity as an attack tool, defenses against it have also improved over time," Microsoft...

0.7AI score
Exploits0
hivepro
hivepro
added 2022/08/25 4:24 a.m.12 views

Grandoreiro Banking Trojan Attacks Industries in Spanish-Speaking Countries

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Grandoreiro banking trojan is a campaign that has been active since at least 2016 and targets a variety of businesses in Mexico and Spain, including automotive, chemical production, and others. Threat actors...

3.4AI score
Exploits0
Securelist
Securelist
added 2022/08/25 1:0 a.m.23 views

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky also known as Thallium, Black Banshee and Velvet Chollima is a prolific and active threat actor primarily targeting Korea-related entities. Like other sophisticated adversaries, this group also updates its tools very quickly. In early 2022, we observed this group was attacking the media a...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/24 5:59 p.m.56 views

Crypto Miners Using Tox P2P Messenger as Command and Control Server

Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format ELF artifact "72client"...

7.5AI score
Exploits0
Rows per page
Query Builder