Tag: malicious
-
Software Supply Chain Vendor Landscape
by
in SecurityNewsAn analysis of over 20 supply chain security vendors, from securing source code access and CI/CD pipelines to SCA, malicious dependencies, container s… First seen on tldrsec.com Jump to article: tldrsec.com/p/software-supply-chain-vendor-landscape
-
The Hidden Dangers in Open Source Libraries: A Closer Look at the Malicious Go Binary Hidden in a PyPI Package
by
in SecurityNewsFirst seen on thefinalhop.com Jump to article: www.thefinalhop.com/the-hidden-dangers-in-open-source-libraries-a-closer-look-at-the-malicious-go-binary-hidden-in-a-pypi-package/
-
Unmasking Malicious OneNote Files: How Attackers Exploit Embedded Payloads
by
in SecurityNewsFirst seen on thefinalhop.com Jump to article: www.thefinalhop.com/unmasking-malicious-onenote-files-how-attackers-exploit-embedded-payloads/
-
Shortcut-based (LNK) attacks delivering malicious code on the rise
by
in SecurityNewsFirst seen on resecurity.com Jump to article: www.resecurity.com/blog/article/shortcut-based-lnk-attacks-delivering-malicious-code-on-the-rise
-
Millions of Undetectable Malicious URLs Generated Via the Abuse of Public Cloud and Web 3.0 Services
by
in SecurityNewsFirst seen on resecurity.com Jump to article: www.resecurity.com/blog/article/millions-of-undetectable-malicious-urls-generated-via-the-abuse-of-public-cloud-and-web-30-services
-
CVE-2024-3094: Malicious Code in XZ Utils Enables RCE on Linux Systems
by
in SecurityNewsA recent analysis has revealed that the malicious code embedded in the widely-used open-source library XZ Utils (present in multiple Linux distros) ca… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-3094-xz-utils-linux/
-
CVE-2024-21388 Enables Silent Installation of Malicious Extensions
by
in SecurityNewsA recently patched security vulnerability in Microsoft Edge could have allowed malicious actors to stealthily install arbitrary extensions on users’ s… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-21388-edge-flaw/
-
BadPack Android Malware: Difficult to Detect and Remove
by
in SecurityNewsBadPack is a malicious APK file intentionally altered to exploit the Android operating system’s file structure. Typically, attackers maliciously modif… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/badpack-android-malware/
-
Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested
by
in SecurityNewsA Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country.According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return…
-
Wanted Russian Cybercriminal Linked to Hive and LockBit Ransomware Has Been Arrested
by
in SecurityNewsA Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country.According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return…
-
Just Like Windows: Linux Targeted by First-Ever UEFI Bootkit
by
in SecurityNewsLinux-Targeting Bootkitty Appears More Proof-of-Concept Than Threat, Researchers Say. Cybersecurity researchers have discovered the first-ever UEFI bootkit designed to target Linux systems and subvert their boot process for malicious purposes. The Bootkitty malware, first uploaded to VirusTotal this month, appears to be more proof of concept than full-fledged threat, they said. First seen on govinfosecurity.com…
-
Godot Engine Exploited to Spread Malware on Windows, macOS, Linux
by
in SecurityNewsCheck Point Research has discovered cybercriminals exploiting the popular Godot Game Engine to deliver malicious software. Discover the techniques used by attackers and how to protect yourself from these threats. First seen on hackread.com Jump to article: hackread.com/godot-engine-malware-on-windows-macos-linux/
-
Phishing-as-a-Service Rockstar 2FA continues to be prevalent
by
in SecurityNews
Tags: 2fa, attack, authentication, credentials, malicious, mfa, microsoft, monitoring, phishing, service, threat, toolPhishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA. Rockstar 2FA targets Microsoft 365 accounts and bypasses multi-factor authentication with adversary-in-the-middle (AitM) attacks. In AiTM phishing, threat…
-
Popular game script spoofed to infect thousands of game developers
by
in SecurityNewsA malware loader, now named GodLoader, has been observed to be using Godot, a free and open-source game engine, as its runtime to execute malicious codes and has dropped known malware on at least 17,000 machines.Unaware users of the engine, which helps create 2D and 3D games and deploy them across various platforms including Windows,…
-
Phishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks
by
in SecurityNews
Tags: 2fa, attack, authentication, credentials, cybersecurity, email, malicious, mfa, microsoft, phishing, serviceCybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials.”This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA) First seen on thehackernews.com Jump to…
-
XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner
by
in SecurityNewsCybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems.The package, named @0xengine/xmlrpc, was originally published on October 2, 2023 as…
-
SMOKEDHAM Backdoor: UNC2465’s Stealth Weapon for Extortion and Ransomware Campaigns
by
in SecurityNewsA comprehensive analysis by TRAC Labs has shed light on the SMOKEDHAM backdoor, a malicious tool leveraged by the financially motivated threat actor UNC2465. Active since 2019, SMOKEDHAM plays a... First seen on securityonline.info Jump to article: securityonline.info/smokedham-backdoor-unc2465s-stealth-weapon-for-extortion-and-ransomware-campaigns/
-
Interpol, African Nations Arrest 1,006 in Sweeping ‘Operation Serengeti’
by
in SecurityNewsInterpol led 19 African countries in a massive anti-cybercriminal effort dubbed “Operation Serengeti” that shut down a range of scams and attacks that bled $193 million from 35,000 victims. More than 1,000 people were arrested and more than 134,000 malicious infrastructures shut down. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/interpol-african-nations-arrest-1006-in-sweeping-operation-serengeti/
-
Russian APT RomCom combines Firefox and Windows zero-day flaws in drive-by exploit
by
in SecurityNews
Tags: access, antivirus, apt, attack, backdoor, browser, business, computer, cve, cybercrime, cyberespionage, defense, endpoint, exploit, flaw, germany, government, group, insurance, intelligence, malicious, microsoft, msp, password, powershell, russia, software, threat, ukraine, vulnerability, windows, zero-dayA Russia-aligned group that engages in both cybercrime and cyberespionage operations used a zero-click exploit chain last month that combined previously unknown and unpatched vulnerabilities in Firefox and Windows.The campaign, whose goal was to deploy the group’s RomCom backdoor on computers, targeted users from Europe and North America. The APT group, also known as Storm-0978,…
-
Lazarus Hackers Exploits macOS Extended Attributes To Evade Detection
by
in SecurityNewsThe xattr command in Unix-like systems allows for the embedding of hidden metadata within files, similar to Windows ADS, known as Rustyattr, which is being exploited by threat actors like Lazarus Group to stealthily conceal malicious payloads within seemingly benign files. The Lazarus Group is covertly embedding malicious data within system files using xattr, a…
-
Gaming Engines: An Undetected Playground for Malware Loaders
by
in SecurityNewsey Points Introduction Cybercriminals constantly try to evolve their tactics and techniques, aiming to increase infections. Their need to stay undetected pushes them to innovate and discover new methods of delivering and executing malicious code, which can result in credentials theft and even ransomware encryption. Check Point Research discovered a new undetected technique that uses…
-
Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries
by
in SecurityNewsOperation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries and dismantled 134,089 malicious networks. A joint law enforcement operation by INTERPOL and AFRIPOL across 19 African countries, dubbed Operation Serengeti, led to the arrest of 1,006 suspects. The authorities dismantled 134,089 malicious infrastructures and networks. >>Operation Serengeti (2 September 31 October) targeted criminals […]…
-
Hackers Exploit Firefox and Windows Flaws: RomCom’s Advanced Attack Unveiled
by
in SecurityNewsA Russia-aligned hacking group, known as RomCom (also identified as Storm-0978, Tropical Scorpius, or UNC2596), has successfully exploited two zero-day vulnerabilities”, one in Mozilla Firefox and another in Microsoft Windows Task Scheduler. These vulnerabilities, identified as CVE-2024-9680 and CVE-2024-49039, were chained together to allow the group to execute arbitrary code and install malicious backdoors on…
-
INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled
by
in SecurityNewsAn INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent.Dubbed Serengeti, the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware,…
-
New NachoVPN attack uses rogue VPN servers to install malicious updates
by
in SecurityNewsA set of vulnerabilities dubbed “NachoVPN” allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-nachovpn-attack-uses-rogue-vpn-servers-to-install-malicious-updates/
-
OpenSea Phishers Aim to Drain Crypto Wallets of NFT Enthusiasts
by
in SecurityNewsCyberattackers have been targeting the online NFT marketplace with emails claiming to make an offer to a targeted user; in reality, clicking on a malicious link takes victims to a crypto-draining site. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/opensea-phishers-aim-drain-crypto-wallets-nft-enthusiasts
-
VMware Patches High-Severity Vulnerabilities in Aria Operations
by
in SecurityNewsThe company warns that malicious hackers can craft exploits to elevate privileges or launch cross-site scripting attacks. The post VMware Patches High-Severity Vulnerabilities in Aria Operations appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/vmware-patches-high-severity-vulnerabilities-in-aria-operations/
-
Authorities disrupt major cybercrime operation, 1000+ suspects arrested
by
in SecurityNewsAuthorities across 19 African countries have arrested 1,006 suspects and dismantled 134,089 malicious infrastructures and networks thanks to a joint operation by INTERPOL and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/26/operation-serengeti-cybercrime-operation-arrests/
-
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
by
in SecurityNewsTwo critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution.The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in…
-
LottieFiles supply chain attack exposes users to malicious crypto wallet drainer
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/31/lottiefiles_supply_chain_attack/