LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home compute...

Researchers Share New Insights Into RIG Exploit Kit Malware's Operations

The RIG exploit kit EK touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News...

Researchers Share New Insights Into RIG Exploit Kit Malware's Operations

The RIG exploit kit EK touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News...

Shocking Findings from the 2023 Third-Party App Access Report

Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps. SaaS-to-SaaS third-party app installations are growing nonstop at organizations around the world. When an employee needs an additional app to increase their...

Shocking Findings from the 2023 Third-Party App Access Report

Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps. SaaS-to-SaaS third-party app installations are growing nonstop at organizations around the world. When an employee needs an additional app to increase their...

ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks

A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk VHD files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games...

ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks

A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk VHD files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games...

PureCrypter Malware Targets Government Entities in Asia-Pacific and North America

Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit...

PureCrypter Malware Targets Government Entities in Asia-Pacific and North America

Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit...

PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks

The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to...

PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks

The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to...

Dutch Police Arrest 3 Hackers Involved in Massive Data Theft and Extortion Scheme

The Dutch police announced the arrest of three individuals in connection with a "large-scale" criminal operation involving data theft, extortion, and money laundering. The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence. The...

Dutch Police Arrest 3 Hackers Involved in Massive Data Theft and Extortion Scheme

The Dutch police announced the arrest of three individuals in connection with a "large-scale" criminal operation involving data theft, extortion, and money laundering. The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence. The...

Google Teams Up with Ecosystem Partners to Enhance Security of SoC Processors

Google said it's working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what's called the application processor AP, it's just one of the many processors of a system-on-chip SoC that cater to various tasks like...

Google Teams Up with Ecosystem Partners to Enhance Security of SoC Processors

Google said it's working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what's called the application processor AP, it's just one of the many processors of a system-on-chip SoC that cater to various tasks like...

How to Tackle the Top SaaS Challenges of 2023

Are you prepared to tackle the top SaaS challenges of 2023? With high-profile data breaches affecting major companies like Nissan and Slack, it's clear that SaaS apps are a prime target for cyberattacks. The vast amounts of valuable information stored in these apps make them a goldmine for hacker...

How to Tackle the Top SaaS Challenges of 2023

Are you prepared to tackle the top SaaS challenges of 2023? With high-profile data breaches affecting major companies like Nissan and Slack, it's clear that SaaS apps are a prime target for cyberattacks. The vast amounts of valuable information stored in these apps make them a goldmine for hacker...

How to Use AI in Cybersecurity and Avoid Being Trapped

The use of AI in cybersecurity is growing rapidly and is having a significant impact on threat detection, incident response, fraud detection, and vulnerability management. According to a report by Juniper Research, the use of AI for fraud detection and prevention is expected to save businesses $1...

How to Use AI in Cybersecurity and Avoid Being Trapped

The use of AI in cybersecurity is growing rapidly and is having a significant impact on threat detection, incident response, fraud detection, and vulnerability management. According to a report by Juniper Research, the use of AI for fraud detection and prevention is expected to save businesses $1...

CISA Sounds Alarm on Cybersecurity Threats Amid Russia's Invasion Anniversary

The U.S. Cybersecurity and Infrastructure Security Agency CISA is urging organizations and individuals to increase their cyber vigilance, as Russia's military invasion of Ukraine officially enters one year. "CISA assesses that the United States and European nations may experience disruptive and...

CISA Sounds Alarm on Cybersecurity Threats Amid Russia's Invasion Anniversary

The U.S. Cybersecurity and Infrastructure Security Agency CISA is urging organizations and individuals to increase their cyber vigilance, as Russia's military invasion of Ukraine officially enters one year. "CISA assesses that the United States and European nations may experience disruptive and...

Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels

An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its Privacy Not Included initiative, compar...

Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels

An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its Privacy Not Included initiative, compar...

Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware

Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. Jamf Threat Labs, which made the discovery, said the XMRig coin miner was executed by means of an unauthorized modification in Final Cut Pro, a video editing software fr...

Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware

Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. Jamf Threat Labs, which made the discovery, said the XMRig coin miner was executed by means of an unauthorized modification in Final Cut Pro, a video editing software fr...

Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products

Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 CVSS score: 9.8, the remote code execution flaw allows a complete takeover of the...

Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products

Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 CVSS score: 9.8, the remote code execution flaw allows a complete takeover of the...

The Secret Vulnerability Finance Execs are Missing

The Other Risk in Finance A few years ago, a Washington-based real estate developer received a document link from First American – a financial services company in the real estate industry – relating to a deal he was working on. Everything about the document was perfectly fine and normal. The odd...

The Secret Vulnerability Finance Execs are Missing

The Other Risk in Finance A few years ago, a Washington-based real estate developer received a document link from First American – a financial services company in the real estate industry – relating to a deal he was working on. Everything about the document was perfectly fine and normal. The odd...

New Hacking Cluster 'Clasiopa' Targeting Materials Research Organizations in Asia

Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools. Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa. The origins of the hacking group and its affiliations are currently unknown, but ther...

New Hacking Cluster 'Clasiopa' Targeting Materials Research Organizations in Asia

Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools. Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa. The origins of the hacking group and its affiliations are currently unknown, but ther...

Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data

A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete...

Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data

A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete...

New S1deload Malware Hijacking Users' Social Media Accounts and Mining Cryptocurrency

An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems' resources to mine cryptocurrency. Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get...

New S1deload Malware Hijacking Users' Social Media Accounts and Mining Cryptocurrency

An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems' resources to mine cryptocurrency. Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get...

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index PyPI repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib...

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index PyPI repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib...

Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first flaw is a race condition in the Crash Reporter component CVE-2023-23520 that could enable a malicious actor to read arbitrary files as root. The iPhone...

Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first flaw is a race condition in the Crash Reporter component CVE-2023-23520 that could enable a malicious actor to read arbitrary files as root. The iPhone...

Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links

In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one...

Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links

In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one...

3 Steps to Automate Your Third-Party Risk Management Program

If you Google "third-party data breaches" you will find many recent reports of data breaches that were either caused by an attack at a third party or sensitive information stored at a third-party location was exposed. Third-party data breaches don't discriminate by industry because almost every...

3 Steps to Automate Your Third-Party Risk Management Program

If you Google "third-party data breaches" you will find many recent reports of data breaches that were either caused by an attack at a third party or sensitive information stored at a third-party location was exposed. Third-party data breaches don't discriminate by industry because almost every...

Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia

Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried out by a never-before-seen threat actor dubbed Hydrochasma. The activity, which has been ongoing since October 2022, "relies exclusively on publicly available and living-off-the-lan...

Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia

Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried out by a never-before-seen threat actor dubbed Hydrochasma. The activity, which has been ongoing since October 2022, "relies exclusively on publicly available and living-off-the-lan...

Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks

An open source command-and-control C2 framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023...

Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks

An open source command-and-control C2 framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023...

Gcore Thwarts Massive 650 Gbps DDoS Attack on Free Plan Client

At the beginning of January, Gcore faced an incident involving several L3/L4 DDoS attacks with a peak volume of 650 Gbps. Attackers exploited over 2000 servers belonging to one of the top three cloud providers worldwide and targeted a client who was using a free CDN plan. However, due to Gcore's...

Gcore Thwarts Massive 650 Gbps DDoS Attack on Free Plan Client

At the beginning of January, Gcore faced an incident involving several L3/L4 DDoS attacks with a peak volume of 650 Gbps. Attackers exploited over 2000 servers belonging to one of the top three cloud providers worldwide and targeted a client who was using a free CDN plan. However, due to Gcore's...

U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three security flaws to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986 CVSS score: 9.8 - IBM Aspera Faspex Code...