Tag: cyberattack news

Fake Google Chrome errors trick you into running malicious PowerShell scripts
News

Fake Google Chrome errors trick you into running malicious PowerShell scripts

A recent malware distribution operation tricks users into running malicious PowerShell "fixes" that install malware by pretending to be problems with Word, OneDrive, and Google Chrome. Several threat actors were seen using the new campaign, including the ones behind ClickFix, a new attack cluster, and ClearFake. The TA571 threat actor is well-known for acting as a spam distributor that distributes enormous amounts of email, which can result in malware and ransomware outbreaks. Website overlays used in earlier ClearFake attacks trick users into installing malware-installing phony browser updates. In the new attacks, malicious actors also use JavaScript on hacked websites and HTML attachments read more about Fake Google Chrome errors trick you into running malicious PowerShell scri...
UK Man Suspected of Being ‘Scattered Spider’ Leader Arrested
News

UK Man Suspected of Being ‘Scattered Spider’ Leader Arrested

A 22-year-old British male was recently taken into custody in Spain on suspicion of being the group's commander in the infamous Scattered Spider cybercrime organization. On June 14, the Spanish news outlet Murcia Today announced that a British male who was not identified had been taken into custody in Palma de Mallorca while attempting to board a flight to Italy. The arrest was made possible by the FBI and Spanish police working together. The Scattered Spider cybercrime gang, whose members are primarily thought to be from the US and western nations, with a small number also from eastern Europe, was the subject of an FBI announcement in May that it was looking to charge members. A Florida 19-year-old who was one of the group's purported members was taken into custody in January. S...
China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices
News

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices

An extended assault against an unidentified East Asian organization over a period of approximately three years has been linked to a suspected China-nexus cyber espionage actor. The adversary established persistence using legacy F5 BIG-IP appliances and used it as an internal command-and-control (C&C) for defense evasion. The behavior is being tracked under the name Velvet Ant by the cybersecurity company Sygnia, which responded to the infiltration in late 2023. The company describes Velvet Ant as having strong ability to quickly pivot and adjust their methods to counter-remediation attempts. The Israeli company said in a technical study that it provided with The Hacker News that Velvet Ant is an inventive and clever threat actor. Over a protracted length of time, they gathered s...
ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
News

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

Software patches have been released by ASUS to fix a serious security vulnerability that was affecting its routers and could be used by hostile actors to get beyond authentication. The vulnerability, identified as CVE-2024-3080, has a CVSS score of 9.8 out of a possible 10.0. According to a description of the vulnerability provided by the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC), some ASUS router models have an authentication bypass vulnerability that makes it possible for unauthenticated remote attackers to log in to the device. The Taiwanese company also addressed a high-severity buffer overflow vulnerability known as CVE-2024-3079 (CVSS score: 7.2), which may be used as a weapon by remote attackers with administrative rights to take control of ...
New ARM ‘TIKTAG’ attack impacts Google Chrome,Linux systems
News

New ARM ‘TIKTAG’ attack impacts Google Chrome,Linux systems

With almost a 95% likelihood of success, a novel speculative execution attack called "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data, enabling hackers to get around the security measure. The attack on Google Chrome and the Linux kernel is demonstrated in the paper, which is co-signed by a group of Korean academics from Samsung, Seoul National University, and the Georgia Institute of Technology. MTE is a feature intended to identify and stop memory corruption that was added to the ARM v8.5-A architecture (and later). By making sure that the tag in the pointer matches the accessible memory region, the system employs low-overhead tagging, which assigns 4-bit tags to 16-byte memory chunks, to defend against memory corruption attacks read more New ARM 'TIKTAG' attac...
Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan
News

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

The Smishing Triad is a threat actor that has expanded its reach outside the United States, the United Arab Emirates, Saudi Arabia, and the European Union. Its current target is Pakistan. Resecurity claimed in a study earlier this week that the group's most recent strategy entails delivering malicious messages to mobile carrier customers via iMessage and SMS on behalf of Pakistan Post. The intention is to steal their financial and personal data. The threat actors, who are thought to speak Chinese, are well-known for using stolen datasets that are sold on the dark web to send phony text messages that lure receivers into clicking on links pretending to tell them that their product has not arrived as expected and that they should alter their address read more Grandoreiro Banking Trojan...
NiceRAT Malware Targets South Korean Users via Cracked Software
News

NiceRAT Malware Targets South Korean Users via Cracked Software

It has been discovered that malicious actors use a piece of malware known as NiceRAT to trick compromised devices into joining a botnet. Targeting users in South Korea, the attacks are made to spread the virus by masquerading as programs that enable Microsoft Office license verification or as cracked versions of popular software like Microsoft Windows. The AhnLab Security Intelligence Center (ASEC) stated that because of the nature of crack programs, information sharing among regular users aids in the malware's dissemination independently of the initial distributor. It is challenging to identify spread malware since threat actors usually provide instructions on how to uninstall anti-malware software during the dissemination stage read more NiceRAT Malware Targets South Korean Use...
Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor
News

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Under the pretense of false browser upgrades, a Windows backdoor known as BadSpace is being distributed via reputable but corrupted websites. To install a backdoor into the victim's machine, the threat actor uses a multi-stage assault chain that includes an infected website, a command-and-control (C2) server, a JScript downloader, and occasionally a phony browser update, according to a report from German cybersecurity company G DATA. Researchers Gi7w0rm and Kevross33 revealed the malware's details for the first time last month. The first step in the process is to hack a website, even one that uses WordPress, and then insert code that uses logic to ascertain whether a person has already visited the site read more Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Back...
Truist Bank confirms breach after stolen data shows up on hacking forum
News

Truist Bank confirms breach after stolen data shows up on hacking forum

Prominent American commercial bank Truist disclosed that a threat actor had sold some of the company's data on a hacker forum, indicating that the hacking incident had compromised its systems in October 2023. After SunTrust Banks and BB&T (Branch Banking and Trust Company) combined in December 2019, Truist Bank—which has its headquarters in Charlotte, North Carolina—was established. With $535 billion in total assets, Truist is currently ranked among the top 10 commercial banks. It provides a broad range of services, such as corporate and investment banking, insurance, wealth management, and small and consumer banking. James Hub, an intelligence analyst at DarkTower, initially discovered that a threat actor going by the handle Sp1d3r is offering to sell read more Truist Bank c...
Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS
News

Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS

Since at least 2018, threat actors with connections to Pakistan have been associated with a protracted malware campaign known as Operation Celestial Force. According to Cisco Talos, the activity is still ongoing and involves the use of two malware programs: one for Android called GravityRAT and the other for Windows called HeavyLift. Both programs are managed by a separate standalone utility called GravityAdmin. The cybersecurity claimed that an opponent it follows by the name of Cosmic Leopard, also known as SpaceCobra, was responsible for the intrusion and that it shared some tactical similarities with Transparent Tribe read more Pakistan-linked Malware Campaign Evolves to Target Windows Android and macOS. Get up to date on the latest cybersecurity news and enhance your knowled...