Tag: cybersecurity news

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions
News

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

PoolParty is a new set of eight process injection techniques that can be used to execute code on Windows systems while avoiding detection by endpoint detection and response (EDR) systems. According to Alon Leviev, a researcher at SafeBreach, the techniques are "more flexible than existing process injection techniques, as they can work across all processes without any limitations." The results were initially presented last week at the Black Hat Europe 2023 conference.The term "process injection" describes an evasion method for introducing arbitrary code into a target process. Process injection techniques are numerous and include thread execution hijacking read more New PoolParty Process Injection Techniques Outsmart Top EDR Solutions. Get up to date on the latest cybersecurity...
200+ Malicious Android Apps Targeting Iranian Banks
News

200+ Malicious Android Apps Targeting Iranian Banks

In order to stay under the radar, an Android malware campaign that targets Iranian banks has increased its functionality and added new evasion techniques. According to a recent Zimperium report, the threat actor was also seen executing phishing attacks against the targeted financial institutions. The report also found over 200 malicious apps connected to the malicious operation. The campaign was initially made public in late July 2023 after Sophos published information about a collection of 40 apps that harvest credentials from users of Bank Mellat, Bank Saderat, Resalat Bank, and the Central Bank of Iran. The main objective of the fraudulent applications is to deceive users into giving them excessive permissions read more 200+ Malicious Android Apps Targeting Iranian Banks. G...
Microsoft deprecates Defender Application Guard for Office
News

Microsoft deprecates Defender Application Guard for Office

Microsoft suggests using Windows Defender Application Control, Protected View, and Defender for Endpoint as an alternative to Defender Application Guard for Office and the Windows Security Isolation APIs, which are being deprecated. Word, Excel, and PowerPoint for Microsoft 365 Apps are compatible with Application Guard for Office, a security feature designed for Windows 10 and Windows 11 Enterprise editions. By limiting files downloaded from untrusted sources, making sure they are opened in a secure sandbox, and blocking access to trusted resources on the user's device, its main goal read more Microsoft deprecates Defender Application Guard for Office. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the da...
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
News

Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections

According to a recent study, passive network attackers can potentially obtain private RSA host keys from a susceptible SSH server by timing naturally occurring computational errors that arise during the connection establishment process. Over an unprotected network, commands can be safely transmitted and computer logins can be accomplished with the help of the Secure Shell (SSH) protocol. SSH, which has a client-server architecture, encrypts and verifies device connections using cryptography. In the SSH protocol, a cryptographic key called a host key is used to authenticate computers. Key pairs known as "host keys" are usually produced by public-key cryptosystems read more Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections. Get up to date on the latest...
NetSupport RAT Infections Targeting Government and Business Sectors
News

NetSupport RAT Infections Targeting Government and Business Sectors

With a remote access trojan called NetSupport RAT, threat actors are aiming their attacks at the business services, government, and education sectors. According to a report shared with The Hacker News by VMware Carbon Black researchers, "the delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as GHOSTPULSE) and various forms of phishing campaigns." In the past few weeks, the cybersecurity company claimed to have found at least 15 new NetSupport RAT-related infections. Although NetSupport Manager was initially intended to be a legitimate remote administration tool for technical help and support read more NetSupport RAT Infections Targeting Government and Business Sectors. Get up to date on the latest cyb...
Google ads push malicious CPU-Z app from fake Windows news site
News

Google ads push malicious CPU-Z app from fake Windows news site

A threat actor has been distributing a trojanized version of the CPU-Z tool to deliver the Redline information-stealing malware via Google Ads. The new campaign was discovered by Malwarebytes analysts, who believe it is part of the same operation that used Notepad++ malvertising to deliver malicious payloads. The malicious Google advertisement for the trojanized CPU-Z, a Windows tool for profiling computer hardware, is hosted on a cloned copy of the legitimate Windows news site WindowsReport. CPU-Z is a popular free utility that allows users to monitor various hardware components read more Google ads push malicious CPU-Z app from fake Windows news site. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the...
New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics
News

New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics

Updated Jupyter information-stealing malware has reappeared with "simple yet impactful changes" intended to quietly take over compromised systems and become persistent. In a report shared with The Hacker News, VMware Carbon Black researchers stated, "The team has discovered new waves of Jupyter Infostealer attacks which leverage PowerShell command modifications and signatures of private keys in attempts to pass off the malware as a legitimately signed file." Also going by the names Polazert, SolarMarker, and Yellow Cockatoo, Jupyter Infostealer has a history of using malvertising and manipulated search engine optimization (SEO) techniques as an initial access vector to trick people looking for popular software into downloading read more New Jupyter Infostealer Version Emerges with S...
SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities
News

SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

The threat actor with ties to Pakistan, SideCopy, has been seen using the WinRAR security flaw in its assaults against Indian government institutions to spread trojans that provide remote access, including DRat, Ares RAT, and AllaKore RAT. According to enterprise security firm SEQRITE, the campaign is multi-platform and includes attacks aimed at infiltrating Linux computers through an Ares RAT compatible version. Since at least 2019, SideCopy has been recognized for attacking organizations in Afghanistan and India. It is believed to be a branch of the Transparent Tribe actor group (also known as APT36). In order to aggressively target India, SideCopy and APT36 both share infrastructure and code, according to a paper released on Monday by SEQRITE researcher Sathwik Ram Prakki read mo...
New GootLoader Malware Variant Evades Detection and Spreads Rapidly
News

New GootLoader Malware Variant Evades Detection and Spreads Rapidly

It has been discovered that GootBot, a new GootLoader malware variant, makes it easier for compromised systems to move laterally and avoid detection. According to IBM X-Force experts Golo Mühr and Ole Villadsen, "the GootLoader group's introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2 such as CobaltStrike or RDP." This new version of the virus is lightweight yet powerful, enabling attackers to quickly propagate over the network and drop more payloads. As its name suggests, GootLoader is a malware that can lure in potential victims by employing search engine optimization (SEO) poisoning techniques read more New GootLoader Malware Variant Evades Detection and Spreads Rapidly. Ge...
BlazeStealer Malware Discovered in Python Packages on PyPI
News

BlazeStealer Malware Discovered in Python Packages on PyPI

The ultimate goal of a fresh batch of malicious Python packages that have made their way into the Python Package Index (PyPI) repository is to steal private data from developer computers that have been breached. The packages, according to Checkmarx in a report shared with The Hacker News, pose as benign obfuscation tools but actually include a piece of malware known as BlazeStealer. Security researcher Yehuda Gelb stated that "[BlazeStealer] retrieves an additional malicious script from an external source, enabling a Discord bot that gives attackers complete control over the victim's computer read more BlazeStealer Malware Discovered in Python Packages on PyPI. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage o...