FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
☐ β˜† βœ‡ The Hacker News

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

By: Newsroom β€” April 13th 2024 at 14:25
A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July. "At the time of both attacks,
☐ β˜† βœ‡ The Hacker News

Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware

By: Newsroom β€” April 10th 2024 at 12:38
Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL,
☐ β˜† βœ‡ The Hacker News

10-Year-Old 'RUBYCARP' Romanian Hacker Group Surfaces with Botnet

By: Newsroom β€” April 9th 2024 at 14:01
A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with The Hacker News. "Its primary method of operation
☐ β˜† βœ‡ The Hacker News

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

By: Newsroom β€” April 9th 2024 at 07:24
Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet
☐ β˜† βœ‡ The Hacker News

Google Sues App Developers Over Fake Crypto Investment App Scam

By: Newsroom β€” April 8th 2024 at 05:25
Google has filed a lawsuit in the U.S. against two app developers for allegedly engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns. The individuals in question are Yunfeng Sun (aka Alphonse Sun) and Hongnam
☐ β˜† βœ‡ The Hacker News

From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

By: Newsroom β€” April 5th 2024 at 09:40
Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader application to view the content. According to Fortinet FortiGuard Labs, clicking the URL
☐ β˜† βœ‡ The Hacker News

Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

By: Newsroom β€” April 5th 2024 at 07:15
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the uncategorized monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Also previously linked to the exploitation spree is a Chinese
☐ β˜† βœ‡ Security – Cisco Blog

Cryptocurrency and Blockchain security due diligence: A guide to hedge risk

By: Dr. Giannis Tziakouris β€” April 1st 2024 at 16:30

Blockchain technology has experienced remarkable adoption in recent years, driven by its use across a broad spectrum of institutions, governments, retail investors, and users. However, this surge in… Read more on Cisco Blogs

☐ β˜† βœ‡ The Hacker News

Indian Government Rescues 250 Citizens Forced into Cybercrime in Cambodia

By: Newsroom β€” April 1st 2024 at 13:51
The Indian government said it has rescued and repatriated about 250 citizens in Cambodia who were held captive and coerced into running cyber scams. The Indian nationals "were lured with employment opportunities to that country but were forced to undertake illegal cyber work," the Ministry of External Affairs (MEA) said in a statement, adding it had rescued 75 people in the past three
☐ β˜† βœ‡ The Hacker News

Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware

By: Newsroom β€” March 30th 2024 at 07:16
Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a report published Friday. One
☐ β˜† βœ‡ The Hacker News

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining

By: Newsroom β€” March 27th 2024 at 10:39
Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to take over the companies' computing power and leak sensitive data," Oligo Security researchers Avi
☐ β˜† βœ‡ The Hacker News

U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions

By: Newsroom β€” March 26th 2024 at 08:31
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (
☐ β˜† βœ‡ The Hacker News

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

By: Newsroom β€” March 25th 2024 at 11:58
Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. "The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom
☐ β˜† βœ‡ The Hacker News

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

By: Newsroom β€” March 25th 2024 at 09:02
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent prefetcher (DMP) to target constant-time cryptographic implementations and capture sensitive data
☐ β˜† βœ‡ The Hacker News

German Police Seize 'Nemesis Market' in Major International Darknet Raid

By: Newsroom β€” March 24th 2024 at 05:24
German authorities have announced the takedown of an illicit underground marketplace called Nemesis Market that peddled narcotics, stolen data, and various cybercrime services. The Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said it seized the digital infrastructure associated with the darknet service located in Germany and Lithuania and confiscated €94,000 ($102,107)
☐ β˜† βœ‡ The Hacker News

U.S. Sanctions Russians Behind 'Doppelganger' Cyber Influence Campaign

By: Newsroom β€” March 21st 2024 at 08:07
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations. Ilya Andreevich Gambashidze (Gambashidze), the founder of the Moscow-based company Social Design Agency (SDA), and Nikolai Aleksandrovich Tupikin (Tupikin), the CEO and
☐ β˜† βœ‡ The Hacker News

TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks

By: Newsroom β€” March 20th 2024 at 11:26
Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of CVE-2024-27198 (CVSS score: 9.8) that enables an adversary to bypass authentication measures and gain administrative
☐ β˜† βœ‡ The Hacker News

New BunnyLoader Malware Variant Surfaces with Modular Attack Features

By: Newsroom β€” March 20th 2024 at 09:43
Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims," Palo Alto Networks
☐ β˜† βœ‡ The Hacker News

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

By: Newsroom β€” March 18th 2024 at 17:56
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky (aka Emerald Sleet, Springtail, or Velvet Chollima). "The malware payloads used in
☐ β˜† βœ‡ The Hacker News

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

By: Newsroom β€” March 18th 2024 at 12:35
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs
☐ β˜† βœ‡ The Hacker News

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

By: Newsroom β€” March 14th 2024 at 13:47
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit
☐ β˜† βœ‡ The Hacker News

Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets

By: The Hacker News β€” March 12th 2024 at 12:13
Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet. The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs. The packages were collectively downloaded 7,451 times prior to them being removed from
☐ β˜† βœ‡ WIRED

Binance’s Top Crypto Crime Investigator Is Being Detained in Nigeria

By: Andy Greenberg β€” March 12th 2024 at 04:03
Tigran Gambaryan, a former crypto-focused US federal agent, and a second Binance executive, Nadeem Anjarwalla, have been held in Abuja without passports for two weeks.
☐ β˜† βœ‡ The Hacker News

BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks

By: Newsroom β€” March 11th 2024 at 09:53
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident "began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of
☐ β˜† βœ‡ The Hacker News

Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks

By: Newsroom β€” March 7th 2024 at 13:45
Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, β€œtarget WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said. The activity is part of a&
☐ β˜† βœ‡ The Hacker News

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

By: Newsroom β€” March 6th 2024 at 16:58
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. β€œThe attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and
☐ β˜† βœ‡ The Hacker News

Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout

By: Newsroom β€” March 6th 2024 at 15:03
The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice." "There
☐ β˜† βœ‡ The Hacker News

New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users

By: Newsroom β€” March 1st 2024 at 13:32
A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed CryptoChameleon that’s designed to primarily target mobile devices. β€œThis kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combination of email, SMS, and voice phishing to trick the target into sharing
☐ β˜† βœ‡ The Hacker News

WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites

By: Newsroom β€” February 27th 2024 at 05:43
A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw. In an advisory published last week, WordPress
☐ β˜† βœ‡ The Hacker News

North Korean Hackers Targeting Developers with Malicious npm Packages

By: The Hacker News β€” February 26th 2024 at 12:27
A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show. The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils. One of the packages in question, execution-time-async, masquerades as its legitimate
☐ β˜† βœ‡ The Hacker News

Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessage

By: Newsroom β€” February 22nd 2024 at 16:25
Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the threat of a practical quantum computer. "With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach
❌