Tag Archive for: Roundup

Cyber Security News Weekly Round-Up (Vulnerabilities, Threats & New Stories)

/in


The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.

A well-developed knowledge base is necessary for securing networks from the newest targets and vulnerabilities in the face of the changing risk landscape.

Staying updated with the latest trends, reports, and news is completely necessary nowadays.

Cyber Attacks

CoralRaider Hackers Steal Data

XClient stealer and RotBot are two attack tools that Vietnamese threat actor CoralRaider uses to steal financial data, login credentials, and social media information from victims in Asian and Southeast Asian countries.

Since 2023, the group has been operational with complex approaches where they would integrate Vietnamese vocabularies into their payloads as a sort of hard coding.

The most recent campaign by this threat group involves using Windows shortcut files to distribute malware targeting South Korean, Bangladeshi, and Chinese nationals. This is a significant threat to individuals and businesses in the region.

Chinese Hackers Using AI Tools To Influence Upcoming Elections

The report concerns how Chinese hackers could use AI to influence the elections. While no instances are specifically mentioned in the report, it cautions against this cyber risk. 

Not only that even AI can be used to generate deepfake videos, control social media sites and undertake highly developed cyber offences which makes it a very powerful tool to influence the elections. 

Moreover, the report stresses on increasing cybersecurity defenses against such threats including improvements in detection and response capabilities. 

While it highlights the need of remaining alert and proactive towards changing cyber risks especially in line with elections and politics at large.

Threat Actors Deliver Malware Via YouTube Video

The report highlights a recent malware campaign in which Vidar, StealC, and Lumma Stealer information-stealing malware are disseminated via YouTube videos by hackers. 

These videos that pretend to be guides for getting free software or game upgrades have links to cracked video games and pirated…

Source…

Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)

/in


Welcome to the Cyber Security News Weekly Round-Up. Each week, we will explore the latest cyber threats, vulnerabilities, and notable stories that have shaped the cybersecurity landscape.

From sophisticated malware attacks to innovative phishing schemes, we cover the crucial updates you need to stay informed and protected.

Threats

Notepad++ Plugin Compromised by Hackers

Hackers have targeted a widely used Notepad++ plugin, “mimeTools.dll,” injecting malicious code that compromises users’ systems upon execution. The attack, discovered by the AhnLab Security Intelligence Center, leverages DLL Hijacking to execute encrypted malicious Shell Code, posing a significant threat to programmers and writers who rely on Notepad++ for its versatility and plugin support; read more.

Weaponized PDF Files Deliver Byakugan Malware

Cybersecurity researchers at Fortinet have uncovered a new attack vector involving weaponized PDF files used to deliver the multi-functional Byakugan malware. By exploiting the trust and popularity of PDFs, hackers have been able to infiltrate systems through malicious codes embedded in seemingly innocuous documents, highlighting the need for heightened awareness and protection against such files.

Fake E-Shopping Attack Targets Banking Credentials

A sophisticated fake e-shop scam campaign has been targeting users in Southeast Asia, hijacking banking credentials through phishing emails and malicious APKs. The attackers have expanded their operations, utilizing screen-sharing and exploiting accessibility services to gain more control over victims’ devices. This campaign underscores the evolving tactics of cybercriminals in their efforts to steal sensitive information.

Rhadamanthys Stealer Targets Oil and Gas Sector

The oil and gas sector has become the latest target of the Rhadamanthys Stealer malware, delivered through weaponized PDF files. This attack emphasizes the ongoing threat to critical infrastructure sectors and the importance of robust cybersecurity measures to protect against such sophisticated threats.

Ransomware Exploits Unpatched Vulnerabilities

A recent report highlights the increasing trend of ransomware attacks exploiting unpatched…

Source…

Security Roundup: Leak of Top-Secret US Intel Risks a New Wave of Mass Surveillance

/in


US defense secretary Lloyd Austin on Thursday said he was considering “additional measures necessary to safeguard our nation’s secrets,” and he ordered a review of “our intelligence access, accountability, and control procedures within the department to inform our efforts to prevent this kind of incident from happening again.”

Hackers who claim to have breached data storage company Western Digital earlier this month say they are holding 10 terabytes of stolen data hostage and are ready to publish it unless the company pays a “minimum 8 figure” ransom, TechCrunch reports. 

An individual who says they carried out the hack spoke to TechCrunch on Thursday, claiming to have reams of customer information. While the hacker showed TechCrunch screenshots of internal emails and contact information of Western Digital’s employees, it’s still unclear exactly what data has been stolen.

“Cut the crap, get the money, and let’s both go our separate ways,” the hackers wrote in an email to several company executives. “Simply put, let us put our egos aside and work to find a resolution to this chaotic scenario.” 

A secretive Israeli spyware company’s hacking tools have been used to target politicians and journalists in at least 10 countries, according to research by Microsoft and the University of Toronto’s Citizen Lab made public Tuesday. 

The company, QuaDream, is a small, low-profile Israeli firm that develops smartphone hacking tools intended for government clients. The firm was established in 2016 by former employees of NSO Group, the maker of the Pegasus spyware.

The QuaDream spyware targeted older versions of Apple’s iOS phone software, and it worked by sending malicious calendar invites that would not be seen by the targets, researchers say.

According to the report, Citizen Lab has located QuaDream servers in Bulgaria, the Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, the United Arab Emirates, and Uzbekistan. 

WhatsApp has introduced a new security feature that makes it harder for scammers to steal users’ accounts. The feature will require individuals who download WhatsApp to a new device to use their old device to confirm their account….

Source…

Email Security News Round-Up [November 2022]

/in


Email security issues plague every single business because it’s an easy point of failure for scammers and hackers to exploit. Your business is vulnerable to cyberattacks if you don’t take the necessary steps to secure your email domain and IT infrastructure. 

When it comes to cybersecurity, it seems the news headlines are never ending, and this month was no different.

Keep reading for more on the latest cybersecurity and email security news.

We kick off our monthly email security news round-up with the story of a new and dangerous phishing campaign.

On November 17th, security experts at Armorblox reported a credential phishing attack targeting 22,000 students. The campaign exploited and impersonated the popular social media platform Instagram to trick students from national educational institutions.

The threat actors made the phishing email look like it originates from Instagram Support; with the sender’s name, Instagram handle, and email address all matching legitimate Instagram credentials. 

The email phishing campaign used social engineering tactics and a false sense of urgency indicating that the victim’s Insta account was breached. It included a malicious link that redirected users to a fake landing page with Instagram branding and details around the “unusual login attempt” detected, with a ‘This Wasn’t Me’ button.

Upon clicking the button, victims were then redirected to another fake landing web page to enter their sensitive account details. By doing so, they unknowingly handed over their credentials to the bad actors.

Surprisingly, this email attack bypassed native Microsoft email security controls and email authentication checks with the domain “instagramsupport.net” when the official Instagram domain ends with “.com.”

A Chinese-based cybercriminal group has been exploiting the popularity and trust of famous international brands with a large-scale phishing campaign since 2019.

Banking, retail, travel, and energy have been among the various business industries that the threat actors exploit with 42,000 imposter domains reportedly registered. Victims are tricked into spreading the campaign via Whatsapp with the promise of financial rewards or…

Source…