New Android Trojan "BlankBot" Targets Turkish Users' Financial Data

Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to steal financial information. "BlankBot features a range of malicious capabilities, which include customer injections, keylogging, screen recording and it communicates with...

China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates

The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider ISP to push malicious software updates to target companies in mid-2023, highlighting a new level of sophistication associated with the group. Evasive Panda, also known by the names Bronze Highlan...

DoJ and FTC Sue TikTok for Violating Children's Privacy Laws

The U.S. Department of Justice DoJ, along with the Federal Trade Commission FTC, filed a lawsuit against popular video-sharing platform TikTok for "flagrantly violating" children's privacy laws in the country. The agencies claimed the company knowingly permitted children to create TikTok accounts...

Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool

Cybersecurity researchers have disclosed details of a new distributed denial-of-service DDoS attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack...

APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack

A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a...

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published...

Webinar: Discover the All-in-One Cybersecurity Solution for SMBs

In today's digital battlefield, small and medium businesses SMBs face the same cyber threats as large corporations, but with fewer resources. Managed service providers MSPs are struggling to keep up with the demand for protection. If your current cybersecurity strategy feels like a house of cards...

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

Enterprise Resource Planning ERP Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critic...

New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication

Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service BITS as a command-and-control C2 mechanism. The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Lab...

U.S. Releases High-Profile Russian Hackers in Diplomatic Prisoner Exchange

In a historic prisoner exchange between Belarus, Germany, Norway, Russia, Slovenia, and the U.S., two Russian nationals serving time for cybercrime activities have been freed and repatriated to their country. This includes Roman Valerevich Seleznev and Vladislav Klyushin, who are part of a group ...

Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware

Cybersecurity companies are warning about an uptick in the abuse of Clouflare's TryCloudflare free service for malware delivery. The activity, documented by both eSentire and Proofpoint, entails the use of TryCloudflare to create a rate-limited tunnel that acts as a conduit to relay traffic from ...

Over 1 Million Domains at Risk of 'Sitting Ducks' Domain Hijacking Technique

Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. The powerful attack vector, which exploits weaknesses in the domain name system DNS, is being exploited by over a dozen Russian-nexus cybercriminal actors to stealthily...

Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer Q&A platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining...

New Android Banking Trojan BingoMod Steals Money, Wipes Devices

Cybersecurity researchers have uncovered a new Android remote access trojan RAT called BingoMod that not only performs fraudulent money transfers from the compromised devices but also wipes them in an attempt to erase traces of the malware. Italian cybersecurity firm Cleafy, which discovered the...

Obfuscation: There Are Two Sides To Everything

How to detect and prevent attackers from using these various techniques Obfuscation is an important technique for protecting software that also carries risks, especially when used by malware authors. In this article, we examine obfuscation, its effects, and responses to it. What Is Obfuscation?...

Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware

Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. "On Windows, Chrome uses the Data Protection API DPAPI which protects the data at rest...

Facebook Ads Lead to Fake Websites Stealing Credit Card Information

Facebook users are the target of a scam e-commerce network that uses hundreds of fake websites to steal personal and financial data using brand impersonation and malvertising tricks. Recorded Future's Payment Fraud Intelligence team, which detected the campaign on April 17, 2024, has given it the...

DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight

Certificate authority CA DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificate...

North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS

The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEVPOPPER and linked to North Korea, has been found to have singled out...

Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware

Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three year...

How To Get the Most From Your Security Team's Email Alert Budget

We'll TL;DR the FUDdy introduction: we all know that phishing attacks are on the rise in scale and complexity, that AI is enabling more sophisticated attacks that evade traditional defenses, and the never-ending cybersecurity talent gap means we're all struggling to keep security teams fully...

Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes

A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least February 2022 as part of a large-scale campaign. The malicious apps, spanning over 107,000 unique samples, are designed to intercept one-time passwords OTPs used for online...

Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova

Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group known as XDSpy. The findings come from cybersecurity firm F.A.C.C.T., which said the infection chains lead to the deployment of a malware called DSDownloader. The...

Meta Settles for $1.4 Billion with Texas Over Illegal Biometric Data Collection

Meta, the parent company of Facebook, Instagram, and WhatsApp, agreed to a record $1.4 billion settlement with the U.S. state of Texas over allegations that it illegally collected biometric data of millions of users without their permission, marking one of the largest penalties levied by regulato...

New Mandrake Spyware Found in Google Play Store Apps After Two Years

A new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for download from the Google Play Store and remained undetected for two years. The applications attracted a total of more than 32,000 installations before being pulled...

The Power and Peril of RMM Tools

As more people work remotely, IT departments must manage devices distributed over different cities and countries relying on VPNs and remote monitoring and management RMM tools for system administration. However, like any new technology, RMM tools can also be used maliciously. Threat actors can...

Cybercriminals Target Polish Businesses with Agent Tesla and Formbook Malware

Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses SMBs in Poland during May 2024 that led to the deployment of several malware families like Agent Tesla, Formbook, and Remcos RAT. Some of the other regions targeted by the campaigns...

Cyber Threat Intelligence: Illuminating the Deep, Dark Cybercriminal Underground

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill's threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk. The deep and dar...

New SideWinder Cyber Attacks Target Maritime Facilities in Multiple Countries

The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. The BlackBerry Research and Intelligence Team, which discovered the activity, said targets of the spear-phishi...

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. "This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising...

VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access

A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain elevated permissions and deploy file-encrypting malware. The attacks involve the exploitation of CVE-2024-37085 CVSS score: 6.8, an Active Directory integration...

Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild

Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure ACI product has been exploited in the wild. The vulnerability, tracked as CVE-2023-45249 CVSS score: 9.8, concerns a case of remote code execution that stems from the use of defau...

Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails

An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint's defenses to send millions of messages spoofing various popular companies like Best Buy, IBM, Nike, and Walt Disney, among others. "These emails...

How Searchable Encryption Changes the Data Security Game

Searchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere. Organizations know they must encrypt their most valuable, sensitive data to prevent data theft and breaches. They also understand that organizational data exists to be used...

'Stargazer Goblin' Creates 3,000 Fake GitHub Accounts for Malware Spread

A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service DaaS that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year. The network, which comprises over 3,000...

Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site

The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website "chrome-web.com" serving malicious installer packages...

French Authorities Launch Operation to Remove PlugX Malware from Infected Systems

French judicial authorities, in collaboration with Europol, have launched a so-called "disinfection operation" to rid compromised hosts of a known malware called PlugX. The Paris Prosecutor's Office, Parquet de Paris, said the initiative was launched on July 18 and that it's expected to continue...

Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials

Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims. The package, named "lr-utils-lib," attracted a total of 59 downloads...

This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service MaaS offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023,...

Offensive AI: The Sine Qua Non of Cybersecurity

"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Interne...

U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals

The U.S. Department of Justice DoJ on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense,...

Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining

Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security firm Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of...

CrowdStrike Warns of New Phishing Scam Targeting German Customers

CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign. The cybersecurity company said it identified what it described as an unattributed...

Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk

Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 CVSS score: 9.9, impacts Report Server version 2024 Q2 10.1.24.514 and...

North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks

A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the...

6 Types of Applications Security Testing You Must Know About

Application security testing is a critical component of modern software development, ensuring that applications are robust and resilient against malicious attacks. As cyber threats continue to evolve in complexity and frequency, the need to integrate comprehensive security measures throughout the...

Meta Removes 63,000 Instagram Accounts Linked to Nigerian Sextortion Scams

Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams. "These included a smaller coordinated network of around 2,500 accounts that we were able to link to a group of around 20...

Webinar: Securing the Modern Workspace: What Enterprises MUST Know about Enterprise Browser Security

The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed. Modern...

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner. Tenable has given the vulnerability the name...

Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins AuthZ under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating...