Advertisement
Top

Category: Hacking


Hacking, Security

Hackers Target Middle East Governments with Evasive “CR4T” Backdoor

April 19, 2024

Via: The Hacker News

Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T. Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it […]


Hacking, Security

Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks

April 17, 2024

Via: The Hacker News

A previously undocumented “flexible” backdoor called Kapeka has been “sporadically” observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked […]


Hacking, Security

Watch Out for ‘Latrodectus’ – This Malware Could Be In Your Inbox

April 8, 2024

Via: The Hacker News

Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. “Latrodectus is an up-and-coming downloader with various sandbox evasion functionality,” researchers from Proofpoint and Team […]


Hacking, Security

Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

April 5, 2024

Via: The Hacker News

Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another […]


Hacking, Security

China-linked Hackers Deploy New ‘UNAPIMON’ Malware for Stealthy Operations

April 2, 2024

Via: The Hacker News

A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. “Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage […]


Hacking, Security

Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions

March 27, 2024

Via: The Hacker News

A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users’ systems and carry out malicious actions. “This flaw could have allowed an attacker to exploit a private API, initially intended […]


Hacking, Security

Ethical hackers show how to open millions of hotel keycard locks

March 21, 2024

Via: TechSpot

Researchers recently disclosed a significant security flaw in Dormakaba’s Saflok electronic RFID locks, which are popular with hotels. It could allow a hacker to clone a hotel’s keycard to access any room in the building. It is unclear whether hackers […]


Hacking, Security

New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT

March 19, 2024

Via: The Hacker News

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu. “The PhantomBlu operation introduces a nuanced […]


Hacking, Security

RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage

March 14, 2024

Via: The Hacker News

The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands. “The Program Compatibility Assistant Service (pcalua.exe) is a Windows service designed to identify and address compatibility issues […]


Hacking, Security

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

February 14, 2024

Via: The Hacker News

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders. Trend Micro, which began tracking the campaign in late […]


Hacking, Security

Alert: CISA Warns of Active ‘Roundcube’ Email Attacks – Patch Now

February 13, 2024

Via: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), […]


Hacking, Security

Hackers used Ars Technica and Vimeo to deliver malware using obfuscated binary instructions in a URL

January 31, 2024

Via: TechSpot

Security analytics firm Mandiant recently uncovered a “never-before-seen” attack chain that used Base 64 encoding on at least two different websites to deliver the second-stage payload of a three-stage malware. The two sites were tech publication Ars Technica and video […]


Hacking, Security

Graphics card flaw enables data theft in AMD, Apple, and Qualcomm chips by exploiting GPU memory

January 17, 2024

Via: Tom's Hardware

A new security vulnerability called LeftoverLocals affects GPUs made by some of the leading names, like AMD, Apple, and Qualcomm. It enables data theft from the GPU’s memory irrespective of the form factor and operating system. The flaw was discovered […]


Hacking, Security

Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts

December 19, 2023

Via: The Hacker News

Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. “Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and […]


Hacking, Security

Ransomware-as-a-Service: The Growing Threat You Can’t Ignore

December 8, 2023

Via: The Hacker News

Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals […]


Hacking, Security

Hacking the Human Mind: Exploiting Vulnerabilities in the ‘First Line of Cyber Defense’

December 7, 2023

Via: The Hacker News

Understanding what defines our humanity, recognizing how our qualities can be perceived as vulnerabilities, and comprehending how our minds can be targeted provide the foundation for identifying and responding when we inevitably become the target. The human mind is a […]


Hacking, Security

Malicious bots make up nearly three-quarters of Internet traffic

November 30, 2023

Via: TechSpot

According to fraud control platform Arkose Labs, a staggering 73 percent of Internet traffic to websites and apps measured between January 2023 and September 2023 was related to bots performing malicious activities like SMS toll fraud, scraping, and card testing. […]


Hacking, Security

Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware

November 17, 2023

Via: The Hacker News

Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEO#LURKER. […]


Hacking, Security

HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

November 2, 2023

Via: The Hacker News

Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. “In both instances, the adversary attempted to deploy ransomware binaries on […]


Hacking, Security

The FTC’s amended Safeguards Rule requires financial institutions report security breaches within 30 days

October 31, 2023

Via: TechSpot

The FTC’s Safeguards Rule mandates that “non-banking” financial institutions must securely manage and store their customers’ information. This requirement applies to organizations such as mortgage brokers, motor vehicle dealers, and payday lenders, necessitating the development, implementation, and maintenance of a […]