News

Daily News Articles

NodeStealer Malware Hijacking Facebook Business Accounts for Malicious Ads
News

NodeStealer Malware Hijacking Facebook Business Accounts for Malicious Ads

Phishing advertisements using "revealing photos of young women" are being used on hacked Facebook business accounts to entice users to download an updated version of the malware known as NodeStealer. In a study released this week, Bitdefender stated that clicking on advertisements instantly downloads an archive containing a malicious "Photo Album".exe file that also drops a second executable written in.NET. This payload is responsible for stealing passwords and browser cookies. In May 2023, NodeStealer—a JavaScript virus intended to enable account takeovers—was first made public by Meta. Since then, a Python-based variation has been used by the operation's threat actors in their attacks. With Facebook advertising serving as the primary read more NodeStealer Malware Hijacking Face...
Google Play Store Highlights ‘Independent Security Review’ Badge for VPN Apps
News

Google Play Store Highlights ‘Independent Security Review’ Badge for VPN Apps

Google is launching a new banner to draw attention to the "Independent security review" label for Android VPN apps that have passed a Mobile Application Security Assessment (MASA) audit in the Play Store's Data safety section. According to Nataliya Stanetsky of the Android Security and Privacy Team, "We've launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle." A global security standard like the Mobile Application Security Verification Standard (MASVS) can be independently used by developers to validate their apps through MASA, giving users more information and empowering them to make educated read more Google Play Store Highlights Independent Security Review Badge for VPN Apps. Get up to date on the latest cybers...
U.S. Treasury Targets Russian Money Launderer in Cybercrime Crackdown
News

U.S. Treasury Targets Russian Money Launderer in Cybercrime Crackdown

A Russian lady who participated in the laundering of virtual currency for the nation's elites and cybercrime groups, such as the Ryuk ransomware organization, has been sanctioned by the U.S. Department of the Treasury. According to the department, Ekaterina Zhdanova is suspected of facilitating significant cross-border transactions to help Russian citizens avoid international sanctions and obtain access to Western financial markets. The treasury department stated last week that Zhdanova uses organizations that are exempt from Anti-Money Laundering/Combatting the Financing of Terrorism (AML/CFT) regulations, such as the Russian cryptocurrency exchange Garantex Europe OU (Garantex), which has been designated by OFAC. Zhdanova uses a variety of value transfer techniques to transfer ...
Mozi malware botnet goes dark after mysterious use of kill-switch
News

Mozi malware botnet goes dark after mysterious use of kill-switch

After an unidentified mysterious entity released a payload on September 27, 2023, deactivating all bots with a kill switch, Mozi virus botnet activities stopped in August. The well-known DDoS (distributed denial of service) malware botnet Mozi first surfaced in 2019 and is mostly focused on Internet of Things (IoT) gadgets including routers, DVRs, and other internet-connected devices. The malware infiltrated devices into its decentralized peer-to-peer network by taking advantage of well-known vulnerabilities or weak default passwords. BitTorrent's DHT (distributed hash table) protocol is used for communication between devices in this network read more Mozi malware botnet goes dark after mysterious use of kill-switch. Get up to date on the latest cybersecurity news and enhance you...
Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East
News

Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East

For at least a year, a threat actor connected to Iran's Ministry of Intelligence and Security (MOIS) has been spotted conducting a sophisticated cyber espionage campaign against the Middle East's financial, government, military, and telecommunications sectors. The actor is being tracked under the name Scarred Manticore by Israeli cybersecurity firm Check Point, which also found the campaign alongside Sygnia. This actor is believed to have a close overlap with an emerging cluster called Storm-0861, which is one of the four Iranian groups connected to damaging attacks on the Albanian government last year. The operation claimed the lives of people in Saudi Arabia, the United Arab Emirates, Jordan, Kuwait, Oman, Iraq, and Israel, among other nations. Additionally, Scarred Manticore ...
North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware
News

North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware

Using a unique macOS malware known as KANDYKORN, state-sponsored threat actors from the Democratic People's Republic of Korea (DPRK) have been discovered using Discord to target blockchain engineers of an unidentified cryptocurrency exchange company. According to Elastic Security Labs, which cited an examination of the network architecture and methods employed, the activity, which dates back to April 2023, shows similarities with the notorious antagonistic collective Lazarus Group. "In order to obtain first access to the environment, threat actors enticed blockchain engineers with a Python application," security experts Ricardo Ungureanu, Seth Goodwin, and Andrew Pease stated in a paper released today. This intrusion involved multiple complex stages that each employed deliberate ...
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability
News

HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

Researchers studying cybersecurity are alerting users to the possibility of remote code execution due to the possible exploitation of a recently discovered, serious security vulnerability in the Apache ActiveMQ open-source message broker service. The cybersecurity company Rapid7 revealed in a study released on Wednesday that the adversary attempted to install ransomware binaries on target computers in both cases with the intention of holding the victim organization ransom. We identify the activity as coming from the HelloKitty ransomware family, whose source code was made public on a forum in early October, based on the ransom message and the information that is now accessible. According to reports, the incursions entail the use of Apache read more HelloKitty Ransomware Group Exp...
Avast confirms it tagged Google app as malware on Android phones
News

Avast confirms it tagged Google app as malware on Android phones

The Google Android app has been reported as malware by the Czech cybersecurity company Avast's antivirus SDK on Huawei, Vivo, and Honor handsets since Saturday. Users were advised to remove the Google app from their impacted smartphones very away because it may download and install other apps, send SMS messages covertly, or steal their private data. A different message was sent to other users, informing them that the Google app was actually a trojan that might grant hackers direct access to their device, enable the installation of malware, and steal personal data. Users on Huawei's forum, Reddit (Vivo thread), Google's support forum (Vivo post), and several other Android groups noticed the false positive issue read more Avast confirms it tagged Google app as malware on Android ph...
Canada Bans WeChat and Kaspersky Apps On Government Devices
News

Canada Bans WeChat and Kaspersky Apps On Government Devices

Canada on Monday announced a ban on the use of apps from Tencent and Kaspersky on government mobile devices, citing an "unacceptable level of risk to privacy and security." "The Government of Canada is committed to keeping government information and networks secure," the Canadian government said. "We regularly monitor potential threats and take immediate action to address risks." To that end, Tencent's WeChat and Kaspersky's suite of applications have been removed from government-issued mobile devices effective October 30, 2023. Going forward, users of these devices will be blocked from downloading the apps. Anita Anand, President of the Treasury Board, stated in a statement that "we are taking a risk-based approach to cyber security by removing access read more Canada Bans WeCha...
Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App
News

Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App

The threat actor Arid Viper (also known as APT-C-23, Desert Falcon, or TAG-63) has been implicated in an Android spyware campaign that targets Arabic-speaking users by using a phony dating app that collects information from compromised devices. "Arid Viper's Android malware has a number of features that enable the operators to surreptitiously collect sensitive information from victims' devices and deploy additional executables," Cisco Talos reported on Tuesday. Arid Viper is a cyberespionage group that has been operating since at least 2017 and is associated with Hamas, the Islamist militant organization that controls the Gaza Strip. According to the cybersecurity company, there is no proof linking the effort to the current conflict between Israel and Hamas read more Arid Viper Targ...