FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
☐ β˜† βœ‡ The Hacker News

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

By: Newsroom β€” April 13th 2024 at 14:25
A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July. "At the time of both attacks,
☐ β˜† βœ‡ The Hacker News

Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware

By: Newsroom β€” April 10th 2024 at 12:38
Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL,
☐ β˜† βœ‡ The Hacker News

10-Year-Old 'RUBYCARP' Romanian Hacker Group Surfaces with Botnet

By: Newsroom β€” April 9th 2024 at 14:01
A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with The Hacker News. "Its primary method of operation
☐ β˜† βœ‡ The Hacker News

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

By: Newsroom β€” April 9th 2024 at 07:24
Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet
☐ β˜† βœ‡ The Hacker News

Google Sues App Developers Over Fake Crypto Investment App Scam

By: Newsroom β€” April 8th 2024 at 05:25
Google has filed a lawsuit in the U.S. against two app developers for allegedly engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns. The individuals in question are Yunfeng Sun (aka Alphonse Sun) and Hongnam
☐ β˜† βœ‡ The Hacker News

From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

By: Newsroom β€” April 5th 2024 at 09:40
Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader application to view the content. According to Fortinet FortiGuard Labs, clicking the URL
☐ β˜† βœ‡ The Hacker News

Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

By: Newsroom β€” April 5th 2024 at 07:15
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the uncategorized monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Also previously linked to the exploitation spree is a Chinese
☐ β˜† βœ‡ The Hacker News

Indian Government Rescues 250 Citizens Forced into Cybercrime in Cambodia

By: Newsroom β€” April 1st 2024 at 13:51
The Indian government said it has rescued and repatriated about 250 citizens in Cambodia who were held captive and coerced into running cyber scams. The Indian nationals "were lured with employment opportunities to that country but were forced to undertake illegal cyber work," the Ministry of External Affairs (MEA) said in a statement, adding it had rescued 75 people in the past three
☐ β˜† βœ‡ The Hacker News

Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware

By: Newsroom β€” March 30th 2024 at 07:16
Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a report published Friday. One
☐ β˜† βœ‡ The Hacker News

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining

By: Newsroom β€” March 27th 2024 at 10:39
Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to take over the companies' computing power and leak sensitive data," Oligo Security researchers Avi
☐ β˜† βœ‡ The Hacker News

U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions

By: Newsroom β€” March 26th 2024 at 08:31
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (
☐ β˜† βœ‡ The Hacker News

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

By: Newsroom β€” March 25th 2024 at 11:58
Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. "The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom
☐ β˜† βœ‡ The Hacker News

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

By: Newsroom β€” March 25th 2024 at 09:02
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent prefetcher (DMP) to target constant-time cryptographic implementations and capture sensitive data
☐ β˜† βœ‡ The Hacker News

German Police Seize 'Nemesis Market' in Major International Darknet Raid

By: Newsroom β€” March 24th 2024 at 05:24
German authorities have announced the takedown of an illicit underground marketplace called Nemesis Market that peddled narcotics, stolen data, and various cybercrime services. The Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said it seized the digital infrastructure associated with the darknet service located in Germany and Lithuania and confiscated €94,000 ($102,107)
☐ β˜† βœ‡ The Hacker News

U.S. Sanctions Russians Behind 'Doppelganger' Cyber Influence Campaign

By: Newsroom β€” March 21st 2024 at 08:07
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations. Ilya Andreevich Gambashidze (Gambashidze), the founder of the Moscow-based company Social Design Agency (SDA), and Nikolai Aleksandrovich Tupikin (Tupikin), the CEO and
☐ β˜† βœ‡ The Hacker News

TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks

By: Newsroom β€” March 20th 2024 at 11:26
Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of CVE-2024-27198 (CVSS score: 9.8) that enables an adversary to bypass authentication measures and gain administrative
☐ β˜† βœ‡ The Hacker News

New BunnyLoader Malware Variant Surfaces with Modular Attack Features

By: Newsroom β€” March 20th 2024 at 09:43
Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims," Palo Alto Networks
☐ β˜† βœ‡ The Hacker News

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

By: Newsroom β€” March 18th 2024 at 17:56
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky (aka Emerald Sleet, Springtail, or Velvet Chollima). "The malware payloads used in
☐ β˜† βœ‡ The Hacker News

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

By: Newsroom β€” March 18th 2024 at 12:35
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs
☐ β˜† βœ‡ The Hacker News

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

By: Newsroom β€” March 14th 2024 at 13:47
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit
☐ β˜† βœ‡ The Hacker News

Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets

By: The Hacker News β€” March 12th 2024 at 12:13
Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet. The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs. The packages were collectively downloaded 7,451 times prior to them being removed from
☐ β˜† βœ‡ The Hacker News

BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks

By: Newsroom β€” March 11th 2024 at 09:53
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident "began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of
☐ β˜† βœ‡ The Hacker News

Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks

By: Newsroom β€” March 7th 2024 at 13:45
Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, β€œtarget WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said. The activity is part of a&
☐ β˜† βœ‡ The Hacker News

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

By: Newsroom β€” March 6th 2024 at 16:58
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. β€œThe attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and
☐ β˜† βœ‡ The Hacker News

Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout

By: Newsroom β€” March 6th 2024 at 15:03
The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice." "There
☐ β˜† βœ‡ The Hacker News

New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users

By: Newsroom β€” March 1st 2024 at 13:32
A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed CryptoChameleon that’s designed to primarily target mobile devices. β€œThis kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combination of email, SMS, and voice phishing to trick the target into sharing
☐ β˜† βœ‡ The Hacker News

WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites

By: Newsroom β€” February 27th 2024 at 05:43
A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw. In an advisory published last week, WordPress
☐ β˜† βœ‡ The Hacker News

North Korean Hackers Targeting Developers with Malicious npm Packages

By: The Hacker News β€” February 26th 2024 at 12:27
A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show. The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils. One of the packages in question, execution-time-async, masquerades as its legitimate
☐ β˜† βœ‡ The Hacker News

Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessage

By: Newsroom β€” February 22nd 2024 at 16:25
Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the threat of a practical quantum computer. "With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach
☐ β˜† βœ‡ The Hacker News

New Migo Malware Targeting Redis Servers for Cryptocurrency Mining

By: Newsroom β€” February 20th 2024 at 15:20
A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves the use of a number of novel system weakening techniques against the data store itself," Cado security researcher Matt Muir said in a technical report. The cryptojacking attack is facilitated
☐ β˜† βœ‡ The Hacker News

LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released

By: Newsroom β€” February 20th 2024 at 12:55
The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as a wealth of intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos. "Some of the data on LockBit's systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a ransom is paid, it
☐ β˜† βœ‡ The Hacker News

CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability

By: Newsroom β€” February 16th 2024 at 15:42
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it's being likely exploited in Akira ransomware attacks. The vulnerability in question is CVE-2020-
☐ β˜† βœ‡ The Hacker News

Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit

By: Newsroom β€” February 13th 2024 at 14:37
The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware. "This bootkit can intervene and control the [operating system] boot process, enabling Glupteba to hide itself and create a stealthy persistence that can be extremely difficult to
☐ β˜† βœ‡ The Hacker News

U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders

By: Newsroom β€” February 12th 2024 at 04:31
The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation. It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person "conspiring to participate in or attempting to participate in Hive ransomware activity."
☐ β˜† βœ‡ The Hacker News

New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack

By: Newsroom β€” February 9th 2024 at 10:28
Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote. "This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection," Russian cybersecurity firm Kaspersky said in a Thursday report. What
☐ β˜† βœ‡ The Hacker News

Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials

By: Newsroom β€” February 6th 2024 at 14:09
Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer. "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News. Ov3r_Stealer
☐ β˜† βœ‡ The Hacker News

Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering

By: Newsroom β€” February 5th 2024 at 16:36
A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed money services business. Aliaksandr Klimenka, who was arrested in Latvia on December 21, 2023, was extradited to the U.S. and is currently being held in custody. If convicted, he faces a maximum penalty
☐ β˜† βœ‡ The Hacker News

DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking

By: Newsroom β€” February 2nd 2024 at 13:17
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency attributed the campaign to a threat actor it calls UAC-0027. DirtyMoe, active since at least 2016, is capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks. In March
☐ β˜† βœ‡ The Hacker News

FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network

By: Newsroom β€” February 1st 2024 at 15:44
The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security
☐ β˜† βœ‡ The Hacker News

Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking Campaign

By: Newsroom β€” February 1st 2024 at 13:36
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. "The campaign deploys a benign container generated using the Commando project," Cado security researchers Nate Bill and Matt Muir said in a new report published today. "The attacker escapes this container and runs multiple payloads on the
☐ β˜† βœ‡ The Hacker News

HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining

By: Newsroom β€” February 1st 2024 at 11:22
Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world since early September 2021. The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the financially-motivated threat actor behind the campaign is actively adapting and
☐ β˜† βœ‡ The Hacker News

Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware

By: Newsroom β€” January 31st 2024 at 11:00
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics. "UNC4990 operations generally involve widespread USB infection followed by the deployment of the
☐ β˜† βœ‡ The Hacker News

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware

By: Newsroom β€” January 31st 2024 at 07:23
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused
☐ β˜† βœ‡ The Hacker News

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

By: Newsroom β€” January 27th 2024 at 06:55
Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin America-based financially motivated threat actor. The campaign has been active since at least 2021. "Lures use Mexican Social
☐ β˜† βœ‡ The Hacker News

U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach

By: Newsroom β€” January 24th 2024 at 08:55
Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network as well as the theft and release of Personally Identifiable
☐ β˜† βœ‡ The Hacker News

"Activator" Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets

By: Newsroom β€” January 23rd 2024 at 12:27
Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data. Kaspersky, which identified the artifacts in the wild, said they are designed to target machines running macOS Ventura 13.6 and later, indicating the malware's ability to infect Macs on both Intel and
☐ β˜† βœ‡ The Hacker News

New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic

By: Newsroom β€” January 18th 2024 at 16:31
Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. "This is the first documented case of malware deploying the 9Hits application as a payload," cloud security firm Cado said, adding the development is a sign that adversaries are
☐ β˜† βœ‡ The Hacker News

MFA Spamming and Fatigue: When Security Measures Go Wrong

By: The Hacker News β€” January 18th 2024 at 12:02
In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to provide multiple authentication factors to verify their identity, providing an
☐ β˜† βœ‡ The Hacker News

Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims

By: Newsroom β€” January 16th 2024 at 07:59
The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023. The scheme β€œleveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackers’ infrastructure that spoofed Web3 protocols to trick victims into authorizing transactions,”
☐ β˜† βœ‡ The Hacker News

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

By: Newsroom β€” January 16th 2024 at 07:13
Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. β€œPhemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said. β€œIt also
☐ β˜† βœ‡ The Hacker News

29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services

By: Newsroom β€” January 13th 2024 at 10:01
A 29-year-old Ukrainian national has been arrested in connection with running a β€œsophisticated cryptojacking scheme,” netting them over $2 million (€1.8 million) in illicit profits. The person, described as the β€œmastermind” behind the operation, was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider
☐ β˜† βœ‡ The Hacker News

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks

By: Newsroom β€” January 12th 2024 at 07:56
Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker's use of packers and rootkits to conceal the malware," Aqua security researchers Nitzan Yaakov and Assaf Morag said in an analysis published earlier
☐ β˜† βœ‡ The Hacker News

Mandiant's X Account Was Hacked Using Brute-Force Attack

By: Newsroom β€” January 11th 2024 at 06:10
The compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a drainer-as-a-service (DaaS) group. "Normally, [two-factor authentication] would have mitigated this, but due to some team transitions and a change in X's 2FA policy, we were not adequately protected," the threat intelligence firm said 
☐ β˜† βœ‡ The Hacker News

NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining

By: Newsroom β€” January 10th 2024 at 15:15
A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. β€œThe capabilities of the new botnet, NoaBot, include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread itself to new victims,” Akamai security researcher Stiv Kupchik said in a report shared with The
☐ β˜† βœ‡ The Hacker News

Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware Victims

By: Newsroom β€” January 10th 2024 at 10:31
A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest the threat actor behind the operations. The encryption key has also been shared with Avast,
☐ β˜† βœ‡ The Hacker News

North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023

By: Newsroom β€” January 8th 2024 at 04:59
Threat actors affiliated with the Democratic People's Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency in 2023. The DPRK "was responsible for almost a third of all funds stolen in crypto attacks last year, despite a 30% reduction from the USD 850 million haul in 2022," blockchain analytics firm TRM Labs said last week. "Hacks
☐ β˜† βœ‡ The Hacker News

SpectralBlur: New macOS Backdoor Threat from North Korean Hackers

By: Newsroom β€” January 5th 2024 at 15:35
Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors. β€œSpectralBlur is a moderately capable backdoor that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based on commands issued from the [
☐ β˜† βœ‡ The Hacker News

Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks

By: Newsroom β€” December 30th 2023 at 09:30
Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. "These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu,
☐ β˜† βœ‡ The Hacker News

Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining

By: Newsroom β€” December 27th 2023 at 05:29
Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks. "Threat actors can also choose to install only scanners and sell the breached IP and account credentials on
☐ β˜† βœ‡ The Hacker News

German Authorities Dismantle Dark Web Hub 'Kingdom Market' in Global Operation

By: Newsroom β€” December 21st 2023 at 10:03
German law enforcement has announced the disruption of a dark web platform called Kingdom Market that specialized in the sales of narcotics and malware to "tens of thousands of users." The exercise, which involved collaboration from authorities from the U.S., Switzerland, Moldova, and Ukraine, began on December 16, 2023, the Federal Criminal Police Office (BKA) said. Kingdom
❌