Malware-as-a-Service (MaaS) infections were the biggest threat to organizations in the second half of 2023, according to a new Darktrace report. The 2023 End of Year Threat Report highlighted the cross-functional adaption of many of the malware strains. This includes malware loaders like remote access trojans (RATs) being combined with information-stealing malware. Through reverse engineering
Feb 06, 2024NewsroomSocial Engineering / Malvertising Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer. “This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors,” Trustwave SpiderLabs said
The US has slammed Iran for “destabilizing and potentially escalatory” cyber-attacks on critical infrastructure. The remarks were made in a statement that announced sanctions against six Iranians for last year’s cyber-attack against Unitronics, an Israeli manufacturer of programmable logic controllers used in the water sector and other critical infrastructure organizations. The Department of the Treasury’s
Feb 05, 2024The Hacker NewsData Protection / Threat Intelligence A significant challenge within cyber security at present is that there are a lot of risk management platforms available in the market, but only some deal with cyber risks in a very good way. The majority will shout alerts at the customer as and when they
Cloudflare has revealed its systems were compromised on Thanksgiving last year, leading to source code being accessed by threat actors. The IT service provider believes the attack, which took place on November 23, 2023, was perpetrated by a nation-state actor, who used credentials stolen during a breach of identity and access management (IAM) specialist Okta.
ESET researchers have identified twelve Android espionage apps that share the same malicious code: six were available on Google Play, and six were found on VirusTotal. All the observed applications were advertised as messaging tools apart from one that posed as a news app. In the background, these apps covertly execute remote access trojan (RAT)
Feb 03, 2024NewsroomVulnerability / Social Media The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. “Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account,” the maintainers said in a terse advisory. The vulnerability, tracked
Romance scam victims surged by more than a fifth (22%) in 2023, compared to 2022, according to new figures from Lloyds Bank. The average amount lost per incident was £6937 ($8847) last year. This was lower than in 2022, when the average loss was £8237 ($10,505). Romance scams have exploded in prominence in recent years,
Video The banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windows 02 Feb 2024 This week, law enforcement in Brazil took action to disrupt the Grandoreiro banking malware in a joint effort that was also supported by the ESET
Feb 03, 2024NewsroomIntelligence Agency / Cyber Security The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. The officials include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and
Wizz, a growing social media app among US teenagers, was removed from the Apple App Store and the Google Play Store on January 30. Apple and Google had been contacted by the National Center on Sexual Exploitation, a US conservative anti-pornography organization, who thanked the two giants on X “for booting the Wizz app from
ESET Research An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes ESET Research 31 Jan 2024 • , 2 min. read In this episode of the ESET Research Podcast, we dissect the most interesting findings of the ESET Threat Report H2
Feb 02, 2024NewsroomCryptojacking / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency attributed the campaign to a threat actor it calls UAC-0027. DirtyMoe, active since at least 2016, is capable of carrying
Security researchers have recently unearthed a supply-chain vulnerability within Bazel, one of Google’s flagship open-source products. The flaw centered around a command injection vulnerability in a dependent GitHub Actions workflow, potentially allowing malicious actors to insert harmful code into Bazel’s codebase. According to Cycode researchers, the gravity of this situation means it could affect millions of projects
Feb 01, 2024NewsroomCryptojacking / Linux Security Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. “The campaign deploys a benign container generated using the Commando project,” Cado security researchers Nate Bill and Matt Muir said in a new report published today. “The attacker escapes this container
A substantial 91% of runtime scans are failing within organizations, signaling a significant reliance on identifying issues rather than preventing them, according to Sysdig’s latest report. The new research also revealed that 69% of enterprises have yet to integrate artificial intelligence (AI) into their cloud environments. Even among the companies that have embraced AI frameworks,
ESET has collaborated with the Federal Police of Brazil in an attempt to disrupt the Grandoreiro botnet. ESET contributed to the project by providing technical analysis, statistical information, and known command and control (C&C) server domain names and IP addresses. Due to a design flaw in Grandoreiro’s network protocol, ESET researchers were also able to
Jan 31, 2024NewsroomVulnerability / Zero Day Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of vulnerabilities is as follows – CVE-2024-21888 (CVSS score: 8.8) – A privilege escalation vulnerability in the
Payloads recently found on compromised Ivanti Connect Secure appliances could be from the same, sophisticated threat actor, according to incident response provider Synacktiv. A new malware analysis from Synacktiv researcher Théo Letailleur showed that the 12 Rust payloads discovered by Volexity as part of its investigation into two Ivanti Connect Secure VPN remote code execution
Digital Security In today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike Andy Garth 29 Jan 2024 • , 4 min. read For thousands of years, nations have engaged in espionage, spying on their neighbors, allies, and adversaries. Traditionally, this realm of
Jan 30, 2024NewsroomMalware / Cyber Espionage The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar’s Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activities took place in November 2023 and January
Teenagers from Western English-speaking countries are increasingly targeted by financial sextortion attacks conducted by Nigeria-based cybercriminals, the Network Contagion Research Institute (NCRI) has found. A majority of these happen on social media platforms like TikTok, Snapchat, Instagram, and Wizz. Financial sextortion, the illegal act of adults manipulating minors, or other adults, into sharing sexually suggestive
Jan 29, 2024NewsroomVulnerability / NTML Security A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file. The issue, tracked as CVE-2023-35636 (CVSS score: 6.5), was addressed by the tech giant as part of its Patch Tuesday updates
More than a quarter (27%) of organizations have banned the use of generative AI among their workforce over privacy and data security risks, at least temporarily, according to the Cisco 2024 Data Privacy Benchmark Study. Most organizations have also instituted controls on these tools. Nearly two-thirds (63%) have established limitations on what data can be
Business Security Blindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk management Phil Muncaster 25 Jan 2024 • , 5 min. read The world is built on supply chains. They are the connective tissue that facilitates global trade and prosperity. But
Jan 26, 2024NewsroomMalvertising / Phishing-as-a-service Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. “The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead,” Malwarebytes’
Ukrainian security services have arrested a hacker for allegedly targeting government websites and providing intelligence to Russia to carry out missile strikes on the city of Kharkiv. Security Service of Ukraine (SSU) revealed that its cyber unit has identified the individual, who it accused of following instructions from Russia’s intelligence service, the FSB. Hacker Spied
Video The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK 26 Jan 2024 This week, ESET researchers released their findings about an attack where a previously unknown threat actor deployed a sophisticated multistage implant, which ESET named NSPX30, through adversary-in-the-middle
Jan 27, 2024NewsroomMalware / Software Update Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. The campaign has been active
New evidence shows that Iran’s intelligence and military services are associated with cyber activities targeting Western countries through their network of contracting companies. A string of multi-year leaks and doxxing efforts led by anti-Iranian government hacktivists and dissident networks has uncovered an intricate web of entities associated with the Islamic Revolutionary Guard Corps (IRGC) involved
- « Previous Page
- 1
- …
- 25
- 26
- 27
- 28
- 29
- …
- 118
- Next Page »