Tag: reconbee

Revolver Rabbit gang registers 500,000 domains for malware campaigns
News

Revolver Rabbit gang registers 500,000 domains for malware campaigns

A cybercriminal gang known to researchers as Revolver Rabbit has registered over 500,000 domain names for use in infostealer operations against Windows and macOS machines. To operate on such a massive scale, the threat actor leverages registered domain generation algorithms (RDGAs), an automated method that allows the rapid registration of several domain names. RDGAs are similar to domain registration algorithms (DGAs) that cybercriminals use in malware to generate a list of potential places for communication between command and control (C2). One way that the two differs is that although DGAs are implanted in malware strains and just a portion of the generated domains are registered read more about Revolver Rabbit gang registers 500000 domains for malware campaigns. Get up to ...
Meta Halts AI Use in Brazil Following Data Protection Authority’s Ban
News

Meta Halts AI Use in Brazil Following Data Protection Authority’s Ban

After Brazil's data protection authorities imposed a preliminary prohibition in opposition to Meta's new privacy policy, Meta decided to halt the usage of generative artificial intelligence (GenAI) in that country. News agency Reuters was the first to report on the development. In response to concerns raised by Brazil's National Data Protection Authority (ANPD) regarding the company's use of GenAI technology, the company said that it has chosen to halt the tools while it holds negotiations with the agency. The social media giant's new privacy policy, which gave it access to users' personal data to train its GenAI systems, was immediately suspended by ANPD earlier this month read more Meta Halts AI Use in Brazil Following Data Protection Authority's Ban. Get up to date on the&n...
SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks
News

SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks

The cloud-based SAP AI Core platform for developing and implementing predictive artificial intelligence (AI) workflows has security flaws that cybersecurity researchers have discovered that might be used to obtain client data and access tokens. Cloud security company Wiz has collectively named the five flaws as SAPwned. Security researcher Hillai Ben-Sasson stated in a report shared with The Hacker News that "the vulnerabilities we found could have allowed attackers to access customers' data and contaminate internal artifacts – spreading to related services and other customers' environments." SAP fixed the flaws as of May 15, 2024, following the responsible disclosure on January 25, 2024. To put it briefly, the vulnerabilities allow someone to gain unauthorized access to priva...
WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach
News

WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach

The Indian cryptocurrency exchange WazirX has acknowledged that $230 million worth of bitcoin assets were stolen as a result of a security incident that affected it. One of our [multi-signature] wallets experienced a cyberattack that resulted in a loss of money surpassing $230 million, the business claimed in a statement. "Starting in February 2023, this wallet was managed through the use of Liminal's digital asset custody and wallet infrastructure. The Mumbai-based business said that an inconsistency between the data that Liminal's interface showed and the data that was really signed was the cause of the assault. It claimed that the payload was changed such that an attacker could take control of the wallet. One of the six signatories on the wallet is the cryptocurrency custody c...
Cisco SSM On-Prem bug lets hackers change any user’s password
News

Cisco SSM On-Prem bug lets hackers change any user’s password

A maximum severity vulnerability that allowed attackers to alter the password of any user, including administrators, on susceptible Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers has been patched by Cisco. The vulnerability also affects Cisco Smart Software Manager Satellite (SSM Satellite) On-Prem installations that were made prior to Release 7.0. SSM On-Prem helps Cisco partners and service providers manage customer accounts and product licenses as a component of Cisco Smart Licensing. The authentication system of SSM On-Prem is vulnerable to an unconfirmed password update vulnerability, which is being tracked as CVE-2024-20419. When exploitation is successful, remote, unauthenticated attackers can create new user passwords read more about Cisco SSM On...
Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks
News

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

Microsoft has disclosed that the notorious cybercrime collective known as Scattered Spider has included ransomware strains like Qilin and RansomHub in its repertoire. A threat actor noted for using complex social engineering techniques to compromise targets and create persistence for later exploitation and data theft is called the "Scattered Spider." Additionally, it has a history of using the BlackCat ransomware to attack VMware ESXi servers. It overlaps with activity clusters that are monitored under the names 0ktapus, Octo Tempest, and UNC3944 by the larger cybersecurity community. An important gang member was reportedly detained in Spain last month read more about Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks. Get up to date on the latest cybersecur...
FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums
News

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums

FIN7, a financially driven threat actor, has been seen advertising a tool known to be utilized by ransomware gangs like Black Basta on different underground forums under various pseudonyms. The cybersecurity company SentinelOne said in a report provided with The Hacker News that "AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground and used by multiple ransomware groups." From its beginnings as an attacker of point-of-sale (PoS) terminals, to serving as a ransomware affiliate for now-defunct gangs like REvil and Conti, to the launch of its own ransomware-as-a-service (RaaS) programs DarkSide and BlackMatter, FIN7, an e-crime group of Russian and Ukrainian origin, has been a consistent...
North Korean Hackers Update BeaverTail Malware to Target MacOS Users
News

North Korean Hackers Update BeaverTail Malware to Target MacOS Users

Researchers studying cybersecurity have found an upgraded version of a stealer virus that was previously distributed by attackers connected to the Democratic People's Republic of Korea (DPRK) as part of cyberespionage operations aimed at job seekers. According to security researcher Patrick Wardle, the artifact in question is an Apple macOS disk image (DMG) file called "MiroTalk.dmg" that appears to be a legitimate video conversation service of the same name, but in actuality acts as a conduit to deliver a native version of BeaverTail. In November 2023, Palo Alto Networks Unit 42 discovered BeaverTail, a JavaScript stealer malware. The campaign, called Contagious Interview, tries to infect software developers with malware by posing as a job interview process read more about North Ko...
Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer
News

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer

An information stealer known as Atlantida has been reported to be delivered by the advanced persistent threat (APT) group Void Banshee, which is taking use of a recently discovered security hole in the Microsoft MHTML browser engine as a zero-day. The vulnerability, tracked as CVE-2024-38112, was utilized as part of a multi-stage attack chain utilizing specially constructed internet shortcut (URL) files, according to cybersecurity firm Trend Micro, which noticed the activity in mid-May 2024. Security researchers Peter Girnus and Aliakbar Zahravi stated that "variations of the Atlantida campaign have been highly active throughout 2024 and have evolved to use CVE-2024-38112 as part of Void Banshee infection chains." "APT groups like Void Banshee pose a serious threat to companies arou...
Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks
News

Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks

As part of a recent attack effort, the Iranian nation-state actor MuddyWater was detected utilizing a backdoor that had never been seen before. This marks a departure from its well-known strategy of utilizing genuine remote monitoring and management (RMM) software to maintain permanent access. Independent research conducted by cybersecurity companies Check Point and Sekoia, who have nicknamed the malware strains BugSleep and MuddyRot, respectively, indicates as much. The legal Atera remote monitoring and management program (RRM) was not used by MuddyWater as a validator this time around, in contrast to prior efforts, according to a report provided with The Hacker News by Sekoia read more about Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks. Get up to da...