0 Comments
ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group ESET researchers have analyzed a previously unreported backdoor used by the ScarCruft APT group. The backdoor, which we named Dolphin, has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and
0 Comments
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. “Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary
0 Comments
Nearly nine in 10 (87%) of US defense contractors are failing to meet basic cybersecurity regulation requirements, according to research commissioned by CyberSheath. The survey of 300 US-based Department of Defense (DoD) contractors found that just 13% of respondents have a Supplier Risk Performance System (SPRS) score of 70 or above. Under the Defense Federal
0 Comments
The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. “The backdoor […] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing
0 Comments
The US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw affecting Oracle Fusion Middleware systems to its Known Exploited Vulnerabilities (KEV) Catalog on Monday. The bug, which CISA confirmed has been exploited in the wild, allows unauthenticated attackers with network access via HTTP to compromise Oracle Access Manager. Successful attacks targeting this vulnerability
0 Comments
by Paul Ducklin Researchers at secure coding company Checkmarx have warned of porn-themed malware that’s been attracting and attacking sleazy internet users in droves. Unfortunately, the side-effects of this malware, dubbed Unfilter or Space Unfilter, apparently involve plundering data from the victim’s computer, including Discord passwords, thus indirectly exposing the victim’s contacts – such as
0 Comments
ESET researchers spot a new ransomware campaign that goes after Ukrainian organizations and has Sandworm’s fingerprints all over it The ESET research team has spotted a new wave of ransomware attacks taking aim at multiple organizations in Ukraine and bearing the hallmarks of other campaigns previously unleashed by the Sandworm APT group. Even though the
0 Comments
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as
0 Comments
The Bahamut APT group distributes at least eight malicious apps that pilfer victims’ data and monitor their messages and conversations This week, ESET researchers published their analysis of a malicious campaign where the Bahamut APT group targets Android users via trojanized versions of two legitimate VPN apps – SoftVPN and OpenVPN. Since January 2022, Bahamut
0 Comments
The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an “unacceptable” national security threat. All these Chinese telecom and video surveillance companies were previously included in the Covered List as of March 12, 2021. “The FCC is committed to protecting
0 Comments
Google released new software patches on Thursday to address a new zero-day vulnerability in its Chrome web browser. Writing in a security bulletin, the tech giant described the high-severity vulnerability (tracked CVE-2022-4135) as a heap buffer overflow in the graphics processing unit (GPU) component. Google attributed the discovery of the vulnerability to Clement Lecigne from its
0 Comments
For 6 months, the infamous Emotet botnet has shown almost no activity, and now it’s distributing malicious spam. Let’s dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans ever created. The
0 Comments
Authored by Dennis Pang What is antivirus? That’s a good question. What does it really protect? That’s an even better question.  Over the years, I’ve come to recognize that different people define antivirus differently. Some see it as way to keep hackers from crashing their computers. Others see it as a comprehensive set of protections.
0 Comments
Remote monitoring and management (RMM) platform ConnectWise has patched a cross-site scripting (XSS) vulnerability that could lead to remote code execution (RCE). Security researchers at Guardio Labs wrote about the flaw earlier this week, saying threat actors could exploit it to take complete control of the ConnectWise platform. “After testing and validating several attack vectors,
0 Comments
What color jersey will you be sporting this November and December? The World Cup is on its way to television screens around the world, and scores of fans are dreaming of cheering on their team at stadiums throughout Qatar. Meanwhile, cybercriminals are dreaming of stealing the personally identifiable information (PII) of fans seeking last-minute vacation
0 Comments
Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram ESET researchers have identified an active campaign targeting Android users, conducted by the Bahamut APT group. This campaign has been active since January 2022 and malicious apps are distributed