New ZeroFont phishing tricks Outlook into showing fake AV-scans
News

New ZeroFont phishing tricks Outlook into showing fake AV-scans

To deceive security mechanisms in Microsoft Outlook into thinking that dangerous emails have been successfully inspected, hackers are now using zero-point typefaces in emails. This is the first instance of the ZeroFont phishing tactic being utilized in this manner, despite the fact that it has been employed in the past. According to a recent analysis by ISC Sans analyst Jan Kopriva, users should be aware of this trick's use in the wild and its potential to significantly increase the success of phishing operations read more New ZeroFont phishing tricks Outlook into showing fake AV-scans. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.
New AtlasCross hackers use American Red Cross as phishing lure
News

New AtlasCross hackers use American Red Cross as phishing lure

AtlasCross, a new APT hacking outfit, uses phishing lures that impersonate the American Red Cross to target businesses and spread backdoor software. DangerAds and AtlasAgent, two previously unreported trojans, have been linked to attacks by the new APT organization, according to cybersecurity firm NSFocus. According to NSFocus, the AtlasCross hackers are skilled and evasive, making it difficult for the researchers to pinpoint their origin. This APT attacker is quite different from known attacker characteristics in terms of execution flow, attack technology stack, attack tools, implementation details, attack objectives, behavior tendency, and other main attribution indicators, according to NSFOCUS Security Labs, which conducted an in-depth analysis of the attack process read more ...
Google assigns new maximum rated CVE to libwebp bug exploited in attacks
News

Google assigns new maximum rated CVE to libwebp bug exploited in attacks

A security flaw in libwebp that was patched two weeks ago and exploited as a zero-day in attacks has received a new CVE ID from Google (CVE-2023-5129). Instead of attributing the vulnerability to the free and open-source libwebp library, which is used to encode and decode images in the WebP format, the business initially identified the problem as a Chrome weakness, listed as CVE-2023-4863. The Citizen Lab at The University of Toronto's Munk School and Apple Security Engineering and Architecture (SEAR) jointly disclosed this zero-day problem on Wednesday, September 6, and Google rectified it less than a week later. Citizen Lab's security researchers have a proven track record of finding and disclosing zero-day vulnerabilities that have been used in specialized spyware campaigns re...
Microsoft is Rolling out Support for Passkeys in Windows 11
News

Microsoft is Rolling out Support for Passkeys in Windows 11

As part of a significant update to the desktop operating system, Windows 11 now formally introduces support for passkeys. Through the use of their device PIN or biometric data, users are able to log into websites and applications without having to enter their username and password. Passkeys was initially introduced in May 2022 as a password replacement that is both secure and resistant to phishing attacks based on FIDO standards. Since then, Apple, Google, and a number of other services have all adopted it. Passkey management was already a function in the tech giant's Windows Insider program as of June 2023 read more Microsoft is Rolling out Support for Passkeys in Windows 11. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our compre...
Hackers actively exploiting Openfire flaw to encrypt servers
News

Hackers actively exploiting Openfire flaw to encrypt servers

Openfire messaging servers have a high-severity vulnerability that hackers are actively using to install cryptominers and encrypt servers with ransomware. A popular Java-based open-source chat (XMPP) server called Openfire has been downloaded 9 million times and is frequently used for private, cross-platform chat communications. The vulnerability, identified as CVE-2023-32315, affects Openfire's administrative dashboard and results in an authentication bypass, enabling unauthenticated attackers to establish new admin accounts on vulnerable servers. These accounts are used by the attackers to install malicious Java plugins (JAR files), which then carry out instructions received via GET and POST HTTP requests read more Hackers actively exploiting Openfire flaw to encrypt servers. ...
ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers
News

ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers

Security experts have discovered the physical assets of a threat actor known as ShadowSyndicate, which is believed to have used seven different ransomware families in attacks over the past year. ShadowSyndicate's usage of the Quantum, Nokoyawa, BlackCat/ALPHV, Clop, Royal, Cactus, and Play ransomware is attributed with varying degrees of confidence by Group-IB analysts working with Bridewell and independent researcher Michael Koczwara. The threat actor may be an initial access broker (IAB), according to the researchers' conclusions, even if the data points out that ShadowSyndicate is connected to a number of ransomware activities. Based on a unique SSH fingerprint they found on 85 IP servers, the majority of which were identified as Cobalt Strike command and control machines read...
Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers
News

Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

Unauthenticated attackers may use a significant security flaw in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software to execute remote code on vulnerable systems. Following a responsible disclosure on September 6, 2023, the bug, tracked as CVE-2023-42793, was fixed in TeamCity version 2023.05.4 with a CVSS score of 9.8. In a study published this week, Sonar security researcher Stefan Schiller stated that "attackers could use this access to steal source code, service secrets, and private keys, take control over attached build agents, and poison build artifacts. If the problem is successfully exploited, threat actors may be able to enter the build pipelines and insert arbitrary code, breaching system integrity and compromising the supply chain r...
Xenomorph Banking Trojan Targeting 35+ U.S. Financial Institutions
News

Xenomorph Banking Trojan Targeting 35+ U.S. Financial Institutions

Over 35 financial institutions in the United States have been targeted by the Xenomorph banking virus, an enhanced variant of the Android banking trojan. According to Dutch security company ThreatFabric, the operation makes use of phishing websites that are intended to get users to download malicious Android apps that target a wider range of apps than its forerunners. Spain, Canada, Italy, and Belgium are a few of the other well-known nations targeted. The business stated in an analysis released on Monday that the latest list "adds dozens of new overlays for institutions from the United States, Portugal, and multiple crypto wallets, continuing a trend that has been consistent amongst all banking malware families in the last year read more Xenomorph Banking Trojan Targeting 35+ U.S. ...
National Student Clearinghouse data breach impacts 890 schools
News

National Student Clearinghouse data breach impacts 890 schools

890 schools around the country that use National Student Clearinghouse's services have been affected by a data hack, according to the nonprofit educational organization. Attackers got access to Clearinghouse's MOVEit managed file transfer (MFT) server on May 30 and stole files containing a variety of personal information, according to a breach notification letter submitted to the Office of the California Attorney General. The Clearinghouse was warned of a cybersecurity problem with Progress Software's MOVEit Transfer solution on May 31, 2023, according to a statement from the Clearinghouse. We immediately launched an inquiry after becoming aware of the problem, assisted by top cybersecurity authorities read more National Student Clearinghouse data breach impacts 890 schools. S...
Fake celebrity photo leak videos flood TikTok with Temu referral codes
News

Fake celebrity photo leak videos flood TikTok with Temu referral codes

Videos advertising phony celebrity nude photo releases are overrun on TikTok and used to promote referral bonuses for the Temu online megastore. Temu is an online retailer that offers millions of items at deeply discounted prices, the majority of which are sent from China. Since the online store opened in September 2022, there has been a lot of debate about it, with some people calling it a hoax and others praising the cheap goods they get. Customers can create referral codes and links on Temu to share with family, friends, and on social media in order to promote the website and earn store credit, freebies, or points for their rewards program read more Fake celebrity photo leak videos flood TikTok with Temu referral codes. Stay informed with the best cybersecurity news and rai...