Infosec News
- Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loaderwww.trustwave.com Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader
Trustwave's Threat Intelligence team has discovered a new malware dubbed Pronsis Loader, with its earliest known variant dating back to November 2023.
- North Korea Hackers Get Cash Fast in Linux Cyber Heistswww.darkreading.com North Korea Hackers Get Cash Fast in Linux Cyber Heists
The thieves modify transaction messages to initiate unauthorized withdrawals, even when there are insufficient funds.
- Blooms Today - 3,184,010 breached accountshaveibeenpwned.com Have I Been Pwned: Pwned websites
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
- From QR to compromise: The growing “quishing” threatnews.sophos.com From QR to compromise: The growing “quishing” threat
Attackers leverage QR codes in PDF email attachments to spearphish corporate credentials from mobile devices
- Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activitythehackernews.com Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity
Cybercriminals abuse EDRSilencer to disable endpoint detection tools, making malicious activity harder to detect.
- More than two dozen countries have used internet outages to sway elections: reporttherecord.media More than two dozen countries have used internet outages to sway elections: report
Forty-three governments worldwide have attacked or killed citizens for their online speech and 25 cut off internet access during election periods, metrics which contributed to an overall decline in internet freedoms in 2024, a new report says.
- Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Mediawww.trustwave.com Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media
With the US election on the horizon, it’s a good time to explore the concept of social media weaponization and its use in manipulating public opinion.
- Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abusewww.elastic.co Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse — Elastic Security Labs
The REF6138 campaign involved cryptomining, DDoS attacks, and potential money laundering via gambling APIs, highlighting the attackers' use of evolving malware and stealthy communication channels.
- TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patternsthehackernews.com TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns
TrickMo Android malware now steals unlock patterns, PINs, and more, posing a severe threat to mobile banking.
- Trustwave SpiderLabs Research: 20% of Ransomware Attacks in Financial Services Target Banking Institutionswww.trustwave.com Trustwave SpiderLabs Research: 20% of Ransomware Attacks in Financial Services Target Banking Institutions
The 2024 Trustwave Risk Radar Report: Financial Services Sector underscores the escalating threat landscape facing the industry.
- Awaken Likho is awake: new techniques of an APT groupsecurelist.com Analyzing the Awaken Likho APT group implant: new tools and techniques
Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations.
- Cups Overflow: When your printer spills more than Inkwww.elastic.co Cups Overflow: When your printer spills more than Ink — Elastic Security Labs
Elastic Security Labs discusses detection and mitigation strategies for vulnerabilities in the CUPS printing system, which allow unauthenticated attackers to exploit the system via IPP and mDNS, resulting in remote code execution (RCE) on UNIX-based systems such as Linux, macOS, BSDs, ChromeOS, and ...
- Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malwareunit42.paloaltonetworks.com Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware
Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers. Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers.
- Storm-0501: Ransomware attacks expanding to hybrid cloud environmentswww.microsoft.com Storm-0501: Ransomware attacks expanding to hybrid cloud environments | Microsoft Security Blog
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, ...
- Announcing the 11th Annual Flare-On Challengecloud.google.com Announcing the 11th Annual Flare-On Challenge | Google Cloud Blog
If you successfully complete all 10 Flare-On challenges, you will be eligible to receive a prize.
- China Says Volt Typhoon Is U.S. Espionage and Disinformation Campaignthecyberexpress.com China Calls Volt Typhoon Attribution A US Cover-Up
Beijing has challenged the U.S. narrative on the China-linked Volt Typhoon group and accused Washington of being the real aggressor in global cyber espionage.
- An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Readercloud.google.com An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader | Google Cloud Blog
UNC2970 is a cyber espionage group suspected to have a North Korea nexus.
- Games Box - 1,439,354 breached accountshaveibeenpwned.com Have I Been Pwned: Pwned websites
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
- Pokémon video game developer confirms its systems were breached by hackerstherecord.media Pokémon video game developer confirms its systems were breached by hackers
Japanese video game developer Game Freak confirmed last week that it suffered a cyberattack earlier this year, resulting in a data leak.
- FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulationthehackernews.com FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation
U.S. DoJ charges 18 in a $25M cryptocurrency fraud operation, uncovering market manipulation through an FBI-led sting.
- Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platformswww.microsoft.com Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms | Microsoft Security Blog
Gartner® names Microsoft a Leader in Endpoint Protection Platforms. Read how we're helping organizations protect endpoints while driving efficiency.
- Cyber Resilience Act: EU Adopts New Law to Strengthen Digital Product Securitythecyberexpress.com Cyber Resilience Act: EU Adopts Strict Cybersecurity Law
The Cyber Resilience Act is part of a broader push by the EU to enhance its cybersecurity framework in response to growing threats.
- Lazarus Group Deploys Linux FASTCash Malware to Steal Millions in Coordinated ATM Attacks | Black Hat Ethical Hackingwww.blackhatethicalhacking.com Lazarus Group Deploys Linux FASTCash Malware to Steal Millions in Coordinated ATM Attacks | Black Hat Ethical Hacking
North Korean state-sponsored hacking group Hidden Cobra, also known as APT38 or Lazarus, has expanded its notorious FASTCash malware to Linux systems, specifically targeting Ubuntu 22.04 LTS distributions. The new variant allows the group to infiltrate payment switch systems, enabling unauthorized A...
- Lynx Ransomware: A Rebranding of INC Ransomwareunit42.paloaltonetworks.com Lynx Ransomware: A Rebranding of INC Ransomware
Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double...