New phishing toolkit uses PWAs to steal login credentials
News

New phishing toolkit uses PWAs to steal login credentials

Red teamers and hackers may now develop progressive web apps (PWAs) that look like official corporate login forms in order to steal passwords thanks to the introduction of a new phishing kit. A Progressive Web App (PWA) is an HTML, CSS, and JavaScript web application that can be downloaded from a website and used similarly to a standard desktop application. After installation, the operating system will make a PWA shortcut and add it to the Add or Remove Programs list on Windows and the Applications/ folder under /Users/ in macOS. A progressive web application will appear as a desktop application with all of the regular browser controls hidden when it is launched, and it will operate in the browser from which you installed it. Many websites, like X, Instagram, Facebook, and TikTok...
Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day
News

Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

Google has issued a warning, stating that a zero-day exploit has been used to target a security vulnerability in the Pixel Firmware. The elevation of privilege problem in Pixel Firmware has been identified as the high-severity vulnerability, designated as CVE-2024-32896. Regarding the type of attacks that are taking advantage of it, the company only disclosed that "there are indications that CVE-2024-32896 may be under limited, targeted exploitation." Fifty security vulnerabilities are addressed in the June 2024 security update, five of which are related to different Qualcomm chipset components. Several noteworthy vulnerabilities that were addressed included a denial-of-service (DoS) attack that affected Modem and many information disclosure weaknesses that affected Trusty rea...
Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups
News

Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups

A local individual who is believed to have provided his services to the LockBit and Conti ransomware organizations has been arrested, according to the announcement made by the Ukrainian Cyber Police. The 28-year-old Kharkiv native, who will remain nameless, is purportedly an expert in the creation of crypters, which are used to obfuscate and encrypt malicious payloads to prevent detection by security tools. The Conti and LockBit ransomware syndicates are thought to have received the software, which they used to cover up the file-encrypting virus and carry out successful assaults. Additionally, a translated version of the agency's statement claims that in the end of 2021, members of the [Conti] group implanted hidden malware into the computer networks of businesses in the Netherla...
Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware
News

Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware

The loader PhantomLoader, which was previously undocumented, is being used to distribute the malware known as SSLoad, as per the research conducted by cybersecurity firm Intezer. In a paper released this week, security experts Nicole Fishbein and Ryan Robinson stated, "The loader is added to a legitimate DLL, usually EDR or AV products, by binary patching the file and employing self-modifying techniques to evade detection." Because of its various delivery methods, SSLoad is probably provided to other threat actors under a Malware-as-a-Service (MaaS) model. It uses phishing emails to penetrate networks, performs reconnaissance, and pushes more malware to victims read more Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware. Get up to date on the latest cybersecurity n...
JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens
News

JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens

Customers of JetBrains' IntelliJ integrated development environment (IDE) apps are advised to repair a major vulnerability that exposes GitHub access tokens. This security vulnerability, tracked as CVE-2024-37051, affects all IntelliJ-based IDEs running 2023.1 or later when the JetBrains GitHub plugin is activated, set up, or in use. Ilya Pleskunin, a security support team lead at JetBrains, stated, "On May 29, 2024, we received an external security report with details of a possible vulnerability that would affect pull requests within the IDE." In particular, access tokens would be exposed to a third-party host if malicious content was included in a pull request for a GitHub project that was managed by IntelliJ-based IDEs read more JetBrains warns of IntelliJ IDE bug exposing Git...
China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally
News

China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally

By taking advantage of a known major security vulnerability between 2022 and 2023, state-sponsored threat actors supported by China were able to access 20,000 Fortinet FortiGate systems globally, suggesting that the operation had a wider effect than previously thought. The Dutch National Cyber Security Centre (NCSC) stated in a recent bulletin that the state actor behind this operation knew about the FortiGate system vulnerability at least two months before Fortinet revealed it. In just one "zero-day" period, 14,000 devices were infected by the actor alone. Numerous Western countries, international organizations, and a sizable number of defense industry businesses were the targets of the effort read more China-Backed Hackers Exploit Fortinet Flaw Infecting 20000 Systems Globally. ...
Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale
News

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

Researchers studying cybersecurity have provided additional information about SecShow, a Chinese actor that has been seen performing Domain Name System (DNS) globally since at least June 2023. Dr. Renée Burton and Dave Mitchell, security researchers at Infoblox, claim that the attacker is based out of the China Education and Research Network (CERNET), a government-funded initiative. In a study that was released last week, they stated that these probes look for and measure DNS responses at open resolvers. Although the ultimate purpose of the SecShow operations is unknown, the information obtained is only for the actor's benefit and may be utilized for malevolent purposes. However, there's some evidence that suggests it might have been connected to some sort of academic study that ...
New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers
News

New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

Researchers studying cybersecurity have made public the specifics of a continuous phishing effort that uses baits related to jobs and recruitment to spread the Windows backdoor WARMCOOKIE. According to a recent investigation by researcher Daniel Stepanic of Elastic Security Labs, "WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional payloads." "Each sample is compiled with a hard-coded [command-and-control] IP address and RC4 key." The backdoor may take screenshots, drop further malicious programs, and fingerprint compromised PCs. The action is being monitored by the company using the code REF6127. Since late April, assault chains have been noticed that utilize emails posing as correspondence from employment agencies such as Ha...