News

Daily News Articles

Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer
News

Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

Threat actors are using free or illegal copies of popular software to trick unwary users into downloading a malware loader called Hijack Loader, which then launches an information-stealing program named Vidar Stealer. In a Monday investigation, Trellix security researcher Ale Houspanossian stated, "Adversaries had managed to trick users into downloading password-protected archive files containing trojanized copies of a Cisco Webex Meetings App (ptService.exe)". The Cisco Webex Meetings application secretly loaded a covert malware loader that resulted in the execution of an information-stealing module when unwary victims extracted and ran a "Setup.exe" binary file. The initial step involves opening a RAR archive file that appears to be an executable named "Setup.exe," but is actua...
Signal Foundation Warns Against EU’s Plan to Scan Private Messages for CSAM
News

Signal Foundation Warns Against EU’s Plan to Scan Private Messages for CSAM

Meredith Whittaker, president of the Signal Foundation, which upholds the name-brand messaging service, alerted users to the serious risks to end-to-end encryption (E2EE) posed by a contentious proposal put forth by the European Union to scan users' private messages for detection of child sexual abuse material (CSAM). Encryption is seriously undermined when private communications are need to be scanned in bulk. Completely Stop," Whittaker declared on Monday in a statement. This can occur through various means, such as manipulating the random number generation process of an encryption algorithm, establishing a key escrow system, or compelling communications to go via a surveillance system prior to encryption read more about Signal Foundation Warns Against EU's Plan to Scan Private Me...
Fake Google Chrome errors trick you into running malicious PowerShell scripts
News

Fake Google Chrome errors trick you into running malicious PowerShell scripts

A recent malware distribution operation tricks users into running malicious PowerShell "fixes" that install malware by pretending to be problems with Word, OneDrive, and Google Chrome. Several threat actors were seen using the new campaign, including the ones behind ClickFix, a new attack cluster, and ClearFake. The TA571 threat actor is well-known for acting as a spam distributor that distributes enormous amounts of email, which can result in malware and ransomware outbreaks. Website overlays used in earlier ClearFake attacks trick users into installing malware-installing phony browser updates. In the new attacks, malicious actors also use JavaScript on hacked websites and HTML attachments read more about Fake Google Chrome errors trick you into running malicious PowerShell scri...
UK Man Suspected of Being ‘Scattered Spider’ Leader Arrested
News

UK Man Suspected of Being ‘Scattered Spider’ Leader Arrested

A 22-year-old British male was recently taken into custody in Spain on suspicion of being the group's commander in the infamous Scattered Spider cybercrime organization. On June 14, the Spanish news outlet Murcia Today announced that a British male who was not identified had been taken into custody in Palma de Mallorca while attempting to board a flight to Italy. The arrest was made possible by the FBI and Spanish police working together. The Scattered Spider cybercrime gang, whose members are primarily thought to be from the US and western nations, with a small number also from eastern Europe, was the subject of an FBI announcement in May that it was looking to charge members. A Florida 19-year-old who was one of the group's purported members was taken into custody in January. S...
China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices
News

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices

An extended assault against an unidentified East Asian organization over a period of approximately three years has been linked to a suspected China-nexus cyber espionage actor. The adversary established persistence using legacy F5 BIG-IP appliances and used it as an internal command-and-control (C&C) for defense evasion. The behavior is being tracked under the name Velvet Ant by the cybersecurity company Sygnia, which responded to the infiltration in late 2023. The company describes Velvet Ant as having strong ability to quickly pivot and adjust their methods to counter-remediation attempts. The Israeli company said in a technical study that it provided with The Hacker News that Velvet Ant is an inventive and clever threat actor. Over a protracted length of time, they gathered s...
ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
News

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

Software patches have been released by ASUS to fix a serious security vulnerability that was affecting its routers and could be used by hostile actors to get beyond authentication. The vulnerability, identified as CVE-2024-3080, has a CVSS score of 9.8 out of a possible 10.0. According to a description of the vulnerability provided by the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC), some ASUS router models have an authentication bypass vulnerability that makes it possible for unauthenticated remote attackers to log in to the device. The Taiwanese company also addressed a high-severity buffer overflow vulnerability known as CVE-2024-3079 (CVSS score: 7.2), which may be used as a weapon by remote attackers with administrative rights to take control of ...
New ARM ‘TIKTAG’ attack impacts Google Chrome,Linux systems
News

New ARM ‘TIKTAG’ attack impacts Google Chrome,Linux systems

With almost a 95% likelihood of success, a novel speculative execution attack called "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data, enabling hackers to get around the security measure. The attack on Google Chrome and the Linux kernel is demonstrated in the paper, which is co-signed by a group of Korean academics from Samsung, Seoul National University, and the Georgia Institute of Technology. MTE is a feature intended to identify and stop memory corruption that was added to the ARM v8.5-A architecture (and later). By making sure that the tag in the pointer matches the accessible memory region, the system employs low-overhead tagging, which assigns 4-bit tags to 16-byte memory chunks, to defend against memory corruption attacks read more New ARM 'TIKTAG' attac...
Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan
News

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

The Smishing Triad is a threat actor that has expanded its reach outside the United States, the United Arab Emirates, Saudi Arabia, and the European Union. Its current target is Pakistan. Resecurity claimed in a study earlier this week that the group's most recent strategy entails delivering malicious messages to mobile carrier customers via iMessage and SMS on behalf of Pakistan Post. The intention is to steal their financial and personal data. The threat actors, who are thought to speak Chinese, are well-known for using stolen datasets that are sold on the dark web to send phony text messages that lure receivers into clicking on links pretending to tell them that their product has not arrived as expected and that they should alter their address read more Grandoreiro Banking Trojan...
NiceRAT Malware Targets South Korean Users via Cracked Software
News

NiceRAT Malware Targets South Korean Users via Cracked Software

It has been discovered that malicious actors use a piece of malware known as NiceRAT to trick compromised devices into joining a botnet. Targeting users in South Korea, the attacks are made to spread the virus by masquerading as programs that enable Microsoft Office license verification or as cracked versions of popular software like Microsoft Windows. The AhnLab Security Intelligence Center (ASEC) stated that because of the nature of crack programs, information sharing among regular users aids in the malware's dissemination independently of the initial distributor. It is challenging to identify spread malware since threat actors usually provide instructions on how to uninstall anti-malware software during the dissemination stage read more NiceRAT Malware Targets South Korean Use...
Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor
News

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Under the pretense of false browser upgrades, a Windows backdoor known as BadSpace is being distributed via reputable but corrupted websites. To install a backdoor into the victim's machine, the threat actor uses a multi-stage assault chain that includes an infected website, a command-and-control (C2) server, a JScript downloader, and occasionally a phony browser update, according to a report from German cybersecurity company G DATA. Researchers Gi7w0rm and Kevross33 revealed the malware's details for the first time last month. The first step in the process is to hack a website, even one that uses WordPress, and then insert code that uses logic to ascertain whether a person has already visited the site read more Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Back...