FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
☐ β˜† βœ‡ The Hacker News

Beware: These Fake Antivirus Sites Spreading Android and Windows Malware

By: Newsroom β€” May 24th 2024 at 12:50
Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices
☐ β˜† βœ‡ The Hacker News

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

By: Newsroom β€” May 22nd 2024 at 08:57
Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese
☐ β˜† βœ‡ The Hacker News

Network Threats: A Step-by-Step Attack Demonstration

By: The Hacker News β€” April 25th 2024 at 11:13
Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit
☐ β˜† βœ‡ The Hacker News

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

By: Newsroom β€” April 24th 2024 at 07:02
A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed 
☐ β˜† βœ‡ The Hacker News

Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor

By: Newsroom β€” April 18th 2024 at 04:48
A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. "The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby
☐ β˜† βœ‡ The Hacker News

Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files

By: Newsroom β€” April 10th 2024 at 13:10
Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files (WSFs) since March 2024. "Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its distributors have experimented with other initial infection vectors," HP Wolf Security researcher Patrick
☐ β˜† βœ‡ The Hacker News

SASE Solutions Fall Short Without Enterprise Browser Extensions, New Report Reveals

By: The Hacker News β€” March 27th 2024 at 10:56
As SaaS applications dominate the business landscape, organizations need optimized network speed and robust security measures. Many of them have been turning to SASE, a product category that offers cloud-based network protection while enhancing network infrastructure performance. However, a new report: "Better Together: SASE and Enterprise Browser Extension for the SaaS-First Enterprise" (
☐ β˜† βœ‡ The Hacker News

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

By: Newsroom β€” March 27th 2024 at 07:56
A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment notification, urging the user to open an archive file attachment. The archive ("Bank Handlowy w Warszawie
☐ β˜† βœ‡ The Hacker News

New BunnyLoader Malware Variant Surfaces with Modular Attack Features

By: Newsroom β€” March 20th 2024 at 09:43
Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims," Palo Alto Networks
☐ β˜† βœ‡ The Hacker News

China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz

By: Newsroom β€” January 30th 2024 at 13:45
The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activities took place in November 2023 and January 2024 after artifacts in connection with the attacks were uploaded to the
☐ β˜† βœ‡ The Hacker News

Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and Golang

By: Newsroom β€” January 29th 2024 at 11:03
Cybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust. Fortinet FortiGuard Labs, which detailed the latest iteration of the ransomware, said it's being propagated by means of an infection that delivers a Microsoft Excel document (.XLAM) containing a VBA script. "The attackers utilized the Gitea service to store several files
☐ β˜† βœ‡ The Hacker News

New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits

By: Newsroom β€” January 25th 2024 at 07:21
A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader's icon and name masquerades as the legitimate CherryTree note-taking application to dupe potential victims
☐ β˜† βœ‡ The Hacker News

New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

By: Newsroom β€” January 17th 2024 at 10:22
Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator.  Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file
☐ β˜† βœ‡ The Hacker News

NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining

By: Newsroom β€” January 10th 2024 at 15:15
A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. β€œThe capabilities of the new botnet, NoaBot, include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread itself to new victims,” Akamai security researcher Stiv Kupchik said in a report shared with The
☐ β˜† βœ‡ The Hacker News

Researchers Unveil GuLoader Malware's Latest Anti-Analysis Techniques

By: Newsroom β€” December 9th 2023 at 07:16
Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process," Elastic Security Labs
☐ β˜† βœ‡ The Hacker News

Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software

By: Newsroom β€” December 8th 2023 at 09:52
Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to launch attacks on websites, companies and individuals, buy guns, drugs, and other illicit
☐ β˜† βœ‡ The Hacker News

Discover Why Proactive Web Security Outsmarts Traditional Antivirus Solutions

By: The Hacker News β€” November 29th 2023 at 09:21
In a rapidly evolving digital landscape, it's crucial to reevaluate how we secure web environments. Traditional antivirus-approach solutions have their merits, but they're reactive. A new report delves into the reasons for embracing proactive web security solutions, ensuring you stay ahead of emerging threats.  To learn more, download the full report here. The New Paradigm If you’ve
☐ β˜† βœ‡ The Hacker News

DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks

By: Newsroom β€” November 20th 2023 at 14:50
Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. β€œThese include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an infection chain nearly identical to what we have seen with QakBot delivery,” CofenseΒ saidΒ in a report
☐ β˜† βœ‡ The Hacker News

Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware

By: Newsroom β€” October 30th 2023 at 04:21
A new cyber attack campaign has been observed using spuriousΒ MSIXΒ Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbedΒ GHOSTPULSE. "MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users," Elastic
☐ β˜† βœ‡ The Hacker News

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

By: THN β€” September 4th 2023 at 05:40
Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbedΒ MalDoc in PDFΒ by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023. "A file created with MalDoc in PDF can be opened in Word even though it has magic numbers and file structure of PDF,"
☐ β˜† βœ‡ The Hacker News

VirusTotal Data Leak Exposes Some Registered Customers' Details

By: THN β€” July 18th 2023 at 11:34
Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform. The security incident, which comprises a database of 5,600 names in a 313KB file, was first disclosed byΒ Der SpiegelΒ andΒ Der StandardΒ yesterday. Launched in 2004, VirusTotal is a
☐ β˜† βœ‡ The Hacker News

Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems

By: Ravie Lakshmanan β€” June 19th 2023 at 12:37
Cybersecurity researchers have uncovered a set of malicious artifacts that they say is part of a sophisticated toolkit targeting Apple macOS systems. "As of now, these samples are still largely undetected and very little information is available about any of them," Bitdefender researchers Andrei Lapusneanu and Bogdan BotezatuΒ saidΒ in a preliminary report published on Friday. The Romanian firm's
❌