Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus
News

Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus

Researchers studying cybersecurity have revealed information on Sticky Werewolf, a threat actor connected to cyberattacks against targets in Belarus and Russia. In addition to government agencies, the phishing assaults also targeted a pharmaceutical company, a Russian research institute that specializes in microbiology and vaccine development, and the aviation industry, according to a study released by Morphisec last week. Security researcher Arnold Osipov stated, "In prior campaigns, the infection chain started with phishing emails containing a link to download a malicious file from platforms like gofile.io." The most recent campaign made use of archive files that pointed to a payload kept on WebDAV servers via LNK files. In October 2023, BI.ZONE first reported about Sticky Were...
More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack
News

More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack

Researchers studying cybersecurity have discovered a phishing attempt that disseminates the More_eggs malware by pretending to be a resume—a tactic that was first identified over two years ago. Canadian cybersecurity company eSentire revealed this week that the unsuccessful attempt occurred in May 2024 and was directed towards an unidentified business in the industrial services sector. "Specifically, the targeted individual was a recruiter that was deceived by the threat actor into thinking they were a job applicant and lured them to their website to download the loader," it stated. The modular backdoor known as More_eggs is thought to be the creation of a threat actor called the Golden Chickens read more More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attac...
Snowflake Breach Exposes 165 Customers’ Data in Ongoing Extortion Campaign
News

Snowflake Breach Exposes 165 Customers’ Data in Ongoing Extortion Campaign

According to reports, up to 165 Snowflake clients may have had their information exposed as part of a continuous campaign to aid in data theft and extortion. This suggests the operation may have wider ramifications than first believed. The as-yet-unclassified activity cluster is being tracked by Google-owned Mandiant, which is supporting the cloud data warehousing platform in its incident response activities. It is identified as a financially driven threat actor and goes by the name UNC5537. According to the threat intelligence organization, UNC5537 is utilizing stolen customer credentials to methodically compromise Snowflake client instances, post victim data for sale on cybercrime sites, and attempt to extort many of the victims. UNC5537 often extorts people for financial benef...
China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics
News

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

Researchers studying cybersecurity have discovered that a new campaign is using an updated strain of malware known as ValleyRAT. Researchers from Zscaler ThreatLabz Muhammed Irfan V A and Manisha Ramcharan Prajapati stated, "In the most recent version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing Windows event logs." In 2023, QiAnXin and Proofpoint first reported findings related to ValleyRAT, which was associated with a phishing campaign aimed at Chinese-speaking users and Japanese organizations. The campaign disseminated multiple malware families, including Purple Fox and Sainbox RAT read more China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics. Get up to date on the latest cybersecurit...
New York Times source code stolen using exposed GitHub token
News

New York Times source code stolen using exposed GitHub token

The New York Times confirmed to BleepingComputer that internal source code and data were stolen from the company's GitHub repositories in January 2024 and released on the 4chan message board. The internal data was disclosed on Thursday by an unknown user who uploaded a torrent to a 273GB folder containing the stolen material, as first reported by VX-Underground. "Basically all source code belonging to The New York Times Company, 270GB," the post on 4chan stated. "There are around 5 thousand repos (out of them less than 30 are additionally encrypted I think), 3.6 million files total, uncompressed tar." The threat actor released a text file with a comprehensive inventory of the 6,223 folders that were pilfered from the company's GitHub repository, even though BleepingComputer di...
Malicious VSCode extensions with millions of installs discovered
News

Malicious VSCode extensions with millions of installs discovered

Through the use of trojanized copies of the well-known "Dracula Official theme," a group of Israeli researchers investigated the security of the Visual Studio Code marketplace and were able to "infect" over 100 businesses with malicious code. After more investigation, thousands of extensions with millions of installs were discovered in the VSCode Marketplace. Microsoft Visual Studio Code (VSCode) is a source code editor that is widely used by professional software developers across the globe. Additionally, Microsoft runs the Visual Studio Code Marketplace, an add-on marketplace for the IDE that offers upgrades that increase the functionality and personalization possibilities of the program. Prior analyses have uncovered vulnerabilities in VSCode's security that permit publisher a...
Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns
News

Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns

Microsoft announced on Friday that it will make its highly criticized Recall feature driven by artificial intelligence (AI) opt-in and deactivate by default. Recall is a "explorable visual timeline" that is presently in preview and will be available only on Copilot+ PCs on June 18, 2024. It works by taking screenshots of users' screens every five seconds, which are then processed and interpreted to bring up pertinent data. However, the security and privacy community swiftly reacted negatively to the feature, which was intended to function as a kind of AI-enabled photographic memory. They chastised the company for failing to consider and put in place sufficient safeguards that could have prevented malicious actors from easily gaining access to a victim's digital life read more Mi...
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
News

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

Information has surfaced on a new serious security vulnerability affecting PHP that, in some cases, might be used to accomplish remote code execution. The flaw, identified as CVE-2024-4577, is said to be a CGI argument injection vulnerability that affects all PHP versions that are installed on Windows computers. The vulnerability, according to security researcher DEVCORE, allows one to go around defenses put in place for another security weakness, CVE-2012-1823. Security researcher Orange Tsai stated, "The team did not notice the Best-Fit feature of encoding conversion within the Windows operating system while implementing PHP." Due to this error, attackers without authorization can now get beyond read more about New PHP Vulnerability Exposes Windows Servers to Remote Code Execut...