This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T20:38:50+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly as early as April 2019, leveraged a now-patched flaw that allowed for]]> 2024-04-23T09:53:00+00:00 https://thehackernews.com/2024/04/russias-apt28-exploited-windows-print.html www.secnews.physaphae.fr/article.php?IdArticle=8487211 False Malware,Tool,Threat APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server IP address has been previously identified as associated with the malware. RedLine Stealer, ]]> 2024-04-21T14:12:00+00:00 https://thehackernews.com/2024/04/new-redline-stealer-variant-disguised.html www.secnews.physaphae.fr/article.php?IdArticle=8486229 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform. "The documents contained VBA code to drop and run an executable with the name \'ctrlpanel.exe,\'"]]> 2024-04-18T19:55:00+00:00 https://thehackernews.com/2024/04/offlrouter-malware-evades-detection-in.html www.secnews.physaphae.fr/article.php?IdArticle=8484779 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest," Kaspersky researcher Dmitry Kalinin said in a technical analysis.]]> 2024-04-18T16:01:00+00:00 https://thehackernews.com/2024/04/new-android-trojan-soumnibot-evades.html www.secnews.physaphae.fr/article.php?IdArticle=8484686 False Malware,Mobile,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations. Detecting Threats in PDFs PDF files are frequently exploited by threat actors to]]> 2024-04-18T16:01:00+00:00 https://thehackernews.com/2024/04/how-to-conduct-advanced-static-analysis.html www.secnews.physaphae.fr/article.php?IdArticle=8484687 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent threat (APT) group tracked as Sandworm (aka APT44 or]]> 2024-04-17T19:02:00+00:00 https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=8484148 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside]]> 2024-04-16T19:09:00+00:00 https://thehackernews.com/2024/04/ta558-hackers-weaponize-images-for-wide.html www.secnews.physaphae.fr/article.php?IdArticle=8483498 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware "gave the malware purchasers control over victim computers and enabled them to access victims\' private communications, their login credentials, and]]> 2024-04-16T13:03:00+00:00 https://thehackernews.com/2024/04/hive-rat-creators-and-35m-cryptojacking.html www.secnews.physaphae.fr/article.php?IdArticle=8483304 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a credit card skimmer that\'s concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the "Miscellaneous Scripts" section of the Magento admin panel. "]]> 2024-04-12T10:39:00+00:00 https://thehackernews.com/2024/04/sneaky-credit-card-skimmer-disguised-as.html www.secnews.physaphae.fr/article.php?IdArticle=8480496 False Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is not linked to any known threat actor or group. It\'s tracking the group behind the operation under the]]> 2024-04-10T19:54:00+00:00 https://thehackernews.com/2024/04/exotic-visit-spyware-campaign-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8479379 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that propagates the malware through malicious Windows Script Files (WSFs) since March 2024. "Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its distributors have experimented with other initial infection vectors," HP Wolf Security said in a report]]> 2024-04-10T18:40:00+00:00 https://thehackernews.com/2024/04/raspberry-robin-returns-new-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8479339 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are now taking advantage of GitHub\'s search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that\'s designed to download next-stage payloads from a remote URL,]]> 2024-04-10T18:08:00+00:00 https://thehackernews.com/2024/04/beware-githubs-fake-popularity-scam.html www.secnews.physaphae.fr/article.php?IdArticle=8479340 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet]]> 2024-04-09T12:54:00+00:00 https://thehackernews.com/2024/04/attackers-using-obfuscation-tools-to.html www.secnews.physaphae.fr/article.php?IdArticle=8478562 False Malware,Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in]]> 2024-04-09T11:16:00+00:00 https://thehackernews.com/2024/04/critical-flaws-leave-92000-d-link-nas.html www.secnews.physaphae.fr/article.php?IdArticle=8478517 False Malware,Vulnerability,Threat None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it\'s designed to retrieve]]> 2024-04-08T16:59:00+00:00 https://thehackernews.com/2024/04/watch-out-for-latrodectus-this-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8478076 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader application to view the content. According to Fortinet FortiGuard Labs, clicking the URL]]> 2024-04-05T15:10:00+00:00 https://thehackernews.com/2024/04/from-pdfs-to-payload-bogus-adobe.html www.secnews.physaphae.fr/article.php?IdArticle=8476429 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an "evolving threat" called JSOutProx. "JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET," Resecurity said in a technical report published this week. "It employs the .NET (de)serialization feature to interact with a core]]> 2024-04-05T13:18:00+00:00 https://thehackernews.com/2024/04/new-wave-of-jsoutprox-malware-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8476376 False Malware,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it as financially motivated. Targets of the campaign include India, China, South Korea, Bangladesh, Pakistan, Indonesia,]]> 2024-04-04T21:12:00+00:00 https://thehackernews.com/2024/04/vietnam-based-hackers-steal-financial.html www.secnews.physaphae.fr/article.php?IdArticle=8476000 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. "The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident," Cofense researcher Dylan Duncan said. The]]> 2024-04-04T21:00:00+00:00 https://thehackernews.com/2024/04/new-phishing-campaign-targets-oil-gas.html www.secnews.physaphae.fr/article.php?IdArticle=8476001 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Tuesday said it\'s piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware. The prototype – currently tested against "some" Google Account users running Chrome Beta – is built with an aim to make it an open web standard, the tech giant\'s Chromium team said. "By binding authentication sessions to the]]> 2024-04-03T18:37:00+00:00 https://thehackernews.com/2024/04/google-chrome-beta-tests-new-dbsc.html www.secnews.physaphae.fr/article.php?IdArticle=8475272 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security researcher Christopher So said in a report published today. "It has been observed to]]> 2024-04-02T16:30:00+00:00 https://thehackernews.com/2024/04/china-linked-hackers-deploy-new.html www.secnews.physaphae.fr/article.php?IdArticle=8474613 False Malware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren\'t just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy businesses and put national security at risk. But if that wasn\'t enough – North Korea appears to be using revenue from cyber]]> 2024-04-01T16:50:00+00:00 https://thehackernews.com/2024/04/detecting-windows-based-malware-through.html www.secnews.physaphae.fr/article.php?IdArticle=8474025 False Ransomware,Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims\' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a report published Friday. One]]> 2024-03-30T12:46:00+00:00 https://thehackernews.com/2024/03/hackers-target-macos-users-with.html www.secnews.physaphae.fr/article.php?IdArticle=8472978 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET ]]> 2024-03-28T22:32:00+00:00 https://thehackernews.com/2024/03/linux-version-of-dinodasrat-spotted-in.html www.secnews.physaphae.fr/article.php?IdArticle=8472155 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). "The information stealer was delivered via a phishing email, masquerading as an invitation letter]]> 2024-03-27T20:54:00+00:00 https://thehackernews.com/2024/03/hackers-target-indian-defense-and.html www.secnews.physaphae.fr/article.php?IdArticle=8471481 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment notification, urging the user to open an archive file attachment. The archive ("Bank Handlowy w Warszawie]]> 2024-03-27T13:26:00+00:00 https://thehackernews.com/2024/03/alert-new-phishing-attack-delivers.html www.secnews.physaphae.fr/article.php?IdArticle=8471226 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging Compiled HTML Help (CHM) files as vectors to deliver malware for harvesting sensitive data. Kimsuky, active since at least 2012, is known to target entities located in South Korea as well as North America, Asia, and Europe. According]]> 2024-03-24T11:08:00+00:00 https://thehackernews.com/2024/03/n-korea-linked-kimsuky-shifts-to.html www.secnews.physaphae.fr/article.php?IdArticle=8469454 False Malware,Threat APT 43 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia\'s Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft. The findings come from Mandiant, which said Midnight Blizzard (aka APT29, BlueBravo, or]]> 2024-03-23T11:33:00+00:00 https://thehackernews.com/2024/03/russian-hackers-use-wineloader-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8468914 False Malware APT 29 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign. Google-owned Mandiant is tracking the activity under its uncategorized moniker UNC5174 (aka Uteus or Uetus), describing it as a "former]]> 2024-03-22T16:58:00+00:00 https://thehackernews.com/2024/03/china-linked-group-breaches-networks.html www.secnews.physaphae.fr/article.php?IdArticle=8468470 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to redirect users to scam sites. The most recent variant of the malware is estimated to have infected no less than 2,500 sites over the past two months alone, Sucuri said in a report published this week. The attacks entail injecting rogue]]> 2024-03-22T16:57:00+00:00 https://thehackernews.com/2024/03/massive-sign1-campaign-infects-39000.html www.secnews.physaphae.fr/article.php?IdArticle=8468471 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The ThreatLocker® Zero Trust Endpoint Protection Platform implements a strict deny-by-default, allow-by-exception security posture to give organizations the ability to set policy-based controls within their environment and mitigate countless cyber threats, including zero-days, unseen network footholds, and malware attacks as a direct result of user error. With the capabilities of the]]> 2024-03-22T16:45:00+00:00 https://thehackernews.com/2024/03/implementing-zero-trust-controls-for.html www.secnews.physaphae.fr/article.php?IdArticle=8468437 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show. The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with Russian military intelligence. "AcidPour\'s expanded capabilities would enable it to better]]> 2024-03-22T08:36:00+00:00 https://thehackernews.com/2024/03/russian-hackers-target-ukrainian.html www.secnews.physaphae.fr/article.php?IdArticle=8468270 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that\'s used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs researcher Kashinath T Pattan said. "Classified as an SMTP cracker, it exploits SMTP]]> 2024-03-21T18:18:00+00:00 https://thehackernews.com/2024/03/androxgh0st-malware-targets-laravel.html www.secnews.physaphae.fr/article.php?IdArticle=8467923 False Malware,Tool,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims," Palo Alto Networks]]> 2024-03-20T15:13:00+00:00 https://thehackernews.com/2024/03/new-bunnyloader-malware-variant.html www.secnews.physaphae.fr/article.php?IdArticle=8467251 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Large language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of bypassing YARA rules. "Generative AI can be used to evade string-based YARA rules by augmenting the source code of small malware variants, effectively lowering detection rates," Recorded Future said in a new report shared with The Hacker News.]]> 2024-03-19T19:25:00+00:00 https://thehackernews.com/2024/03/from-deepfakes-to-malware-ais-expanding.html www.secnews.physaphae.fr/article.php?IdArticle=8466698 False Malware,Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new variant of a data wiping malware called AcidRain has been detected in the wild that\'s specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for Linux x86 devices, SentinelOne\'s Juan Andres Guerrero-Saade said in a series of posts on X. "The new variant [...] is an ELF binary compiled for x86 (not MIPS) and while it refers to similar devices/]]> 2024-03-19T15:29:00+00:00 https://thehackernews.com/2024/03/suspected-russian-data-wiping-acidpour.html www.secnews.physaphae.fr/article.php?IdArticle=8466610 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it\'s likely associated with the North Korean state-sponsored group tracked as Kimsuky. "The malware payloads used in the DEEP#GOSU represent a]]> 2024-03-18T23:26:00+00:00 https://thehackernews.com/2024/03/new-deepgosu-malware-campaign-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8466221 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs]]> 2024-03-18T18:05:00+00:00 https://thehackernews.com/2024/03/hackers-using-sneaky-html-smuggling-to.html www.secnews.physaphae.fr/article.php?IdArticle=8466033 False Malware,Threat,Commercial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2024-03-18T15:16:00+00:00 https://thehackernews.com/2024/03/wordpress-admins-urged-to-remove.html www.secnews.physaphae.fr/article.php?IdArticle=8465941 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North America, eSentire said. Blind Eagle (aka APT-C-36) is a financially motivated threat actor&]]> 2024-03-14T12:47:00+00:00 https://thehackernews.com/2024/03/ande-loader-malware-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8463656 False Malware,Threat APT-C-36 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. “During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass]]> 2024-03-14T10:27:00+00:00 https://thehackernews.com/2024/03/darkgate-malware-exploits-recently.html www.secnews.physaphae.fr/article.php?IdArticle=8463587 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) One of the most common misconceptions in file upload cybersecurity is that certain tools are “enough” on their own-this is simply not the case. In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today\'s ever-evolving file upload security landscape, and a big part of that is understanding where the]]> 2024-03-13T21:09:00+00:00 https://thehackernews.com/2024/03/demystifying-common-cybersecurity-myth.html www.secnews.physaphae.fr/article.php?IdArticle=8463289 False Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-based downloader. “The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware,” Fortinet FortiGuard Labs researcher Yurren Wan said. An unusual aspect of the]]> 2024-03-13T15:13:00+00:00 https://thehackernews.com/2024/03/alert-cybercriminals-deploying-vcurms.html www.secnews.physaphae.fr/article.php?IdArticle=8463117 False Malware,Commercial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks. "These attacks are orchestrated from domains less than a month old, with registrations dating back to February 12th, 2024," security researcher]]> 2024-03-12T14:45:00+00:00 https://thehackernews.com/2024/03/malware-campaign-exploits-popup-builder.html www.secnews.physaphae.fr/article.php?IdArticle=8462546 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that\'s propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet FortiGuard Labs researcher Cara Lin said. The attack chain involves the use of]]> 2024-03-11T20:17:00+00:00 https://thehackernews.com/2024/03/new-banking-trojan-chavecloak-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8462170 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. “Threat actor group Magnet Goblin\'s hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, particularly targeting]]> 2024-03-11T11:29:00+00:00 https://thehackernews.com/2024/03/magnet-goblin-hacker-group-leveraging-1.html www.secnews.physaphae.fr/article.php?IdArticle=8461990 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023. “The threat actor is distributing Remote Access Trojans (RATs) including SpyNote RAT for Android platforms, and NjRAT and DCRat for Windows]]> 2024-03-07T11:41:00+00:00 https://thehackernews.com/2024/03/watch-out-for-spoofed-zoom-skype-google.html www.secnews.physaphae.fr/article.php?IdArticle=8460180 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. “The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and]]> 2024-03-06T22:28:00+00:00 https://thehackernews.com/2024/03/hackers-exploit-misconfigured-yarn.html www.secnews.physaphae.fr/article.php?IdArticle=8459936 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark. “The threat actor gained access to the victim workstation by exploiting the exposed setup wizard]]> 2024-03-05T21:48:00+00:00 https://thehackernews.com/2024/03/hackers-exploit-connectwise.html www.secnews.physaphae.fr/article.php?IdArticle=8459407 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show. These credentials were found within information stealer logs associated with LummaC2, Raccoon, and RedLine stealer malware. “The number of infected devices decreased slightly in mid- and late]]> 2024-03-05T16:08:00+00:00 https://thehackernews.com/2024/03/over-225000-compromised-chatgpt.html www.secnews.physaphae.fr/article.php?IdArticle=8459273 False Malware ChatGPT 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. “Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and]]> 2024-03-04T10:54:00+00:00 https://thehackernews.com/2024/03/phobos-ransomware-aggressively.html www.secnews.physaphae.fr/article.php?IdArticle=8458699 False Ransomware,Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42 researchers Anmol Maurya and Siddharth Sharma said. BIFROSE is one of the long-standing]]> 2024-03-01T16:26:00+00:00 https://thehackernews.com/2024/03/new-bifrose-linux-malware-variant-using.html www.secnews.physaphae.fr/article.php?IdArticle=8457480 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have discovered a new Linux malware called GTPDOOR that\'s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications. GPRS roaming allows subscribers to access their GPRS services while they are]]> 2024-02-29T17:03:00+00:00 https://thehackernews.com/2024/02/gtpdoor-linux-malware-targets-telecoms.html www.secnews.physaphae.fr/article.php?IdArticle=8456928 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most]]> 2024-02-29T13:47:00+00:00 https://thehackernews.com/2024/02/lazarus-exploits-typos-to-sneak-pypi.html www.secnews.physaphae.fr/article.php?IdArticle=8456854 False Malware APT 38 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as attempted to maintain]]> 2024-02-29T11:19:00+00:00 https://thehackernews.com/2024/02/chinese-hackers-exploiting-ivanti-vpn.html www.secnews.physaphae.fr/article.php?IdArticle=8456812 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos, which discovered the activity, described the authors as skilled and that the "threat actor has previously used similar tactics, techniques and procedures (TTPs) to distribute a banking trojan known]]> 2024-02-28T13:13:00+00:00 https://thehackernews.com/2024/02/timbrestealer-malware-spreading-via-tax.html www.secnews.physaphae.fr/article.php?IdArticle=8456319 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos RAT using a malware loader called IDAT Loader. The attack has been attributed to a threat actor tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) under the moniker UAC-0184. "The attack, as part of the IDAT Loader, used]]> 2024-02-26T20:24:00+00:00 https://thehackernews.com/2024/02/new-idat-loader-attacks-using.html www.secnews.physaphae.fr/article.php?IdArticle=8455453 False Malware,Threat,Commercial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka Guildma), Mekotio, and Ousaban (aka Javali) to targets across Latin America (LATAM) and Europe. "The infection chains associated with these malware families feature the use of malicious]]> 2024-02-26T15:21:00+00:00 https://thehackernews.com/2024/02/banking-trojans-target-latin-america.html www.secnews.physaphae.fr/article.php?IdArticle=8455339 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel. The package, named django-log-tracker, was first published to PyPI in April 2022, according to software supply chain security firm Phylum, which detected an anomalous update to the library on February 21,]]> 2024-02-23T22:38:00+00:00 https://thehackernews.com/2024/02/dormant-pypi-package-compromised-to.html www.secnews.physaphae.fr/article.php?IdArticle=8454213 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote access trojan called Konni RAT (aka UpDog). The findings come from German cybersecurity company DCSO, which linked the activity as originating from the Democratic People\'s Republic of Korea (DPRK)-nexus actors targeting Russia. The]]> 2024-02-22T16:13:00+00:00 https://thehackernews.com/2024/02/russian-government-software-backdoored.html www.secnews.physaphae.fr/article.php?IdArticle=8453622 False Malware,Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. "The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command module, and that the former is only used for downloading the latter," Trend Micro researchers Sunny Lu]]> 2024-02-21T18:33:00+00:00 https://thehackernews.com/2024/02/mustang-panda-targets-asia-with.html www.secnews.physaphae.fr/article.php?IdArticle=8453207 False Malware,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Facebook advertisers in Vietnam are the target of a previously unknown information stealer dubbed VietCredCare at least since August 2022. The malware is “notable for its ability to automatically filter out Facebook session cookies and credentials stolen from compromised devices, and assess whether these accounts manage business profiles and if they maintain a positive Meta ad credit]]> 2024-02-21T13:30:00+00:00 https://thehackernews.com/2024/02/new-vietcredcare-stealer-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8453092 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves the use of a number of novel system weakening techniques against the data store itself," Cado security researcher Matt Muir said in a technical report. The cryptojacking attack is facilitated]]> 2024-02-20T20:50:00+00:00 https://thehackernews.com/2024/02/new-migo-malware-targeting-redis.html www.secnews.physaphae.fr/article.php?IdArticle=8452773 False Malware,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices. "Their various malware included]]> 2024-02-19T18:44:00+00:00 https://thehackernews.com/2024/02/meta-warns-of-8-spyware-firms-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8452317 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S. last year. He was added to the FBI\'s most-wanted list in 2012. The U.S.]]> 2024-02-18T12:42:00+00:00 https://thehackernews.com/2024/02/fbis-most-wanted-zeus-and-icedid.html www.secnews.physaphae.fr/article.php?IdArticle=8451785 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Several companies operating in the cryptocurrency sector are the target of a newly discovered Apple macOS backdoor codenamed RustDoor. RustDoor was first documented by Bitdefender last week, describing it as a Rust-based malware capable of harvesting and uploading files, as well as gathering information about the infected machines. It\'s distributed by masquerading itself as a Visual]]> 2024-02-16T18:57:00+00:00 https://thehackernews.com/2024/02/rustdoor-macos-backdoor-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8450959 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that\'s capable of harvesting identity documents, facial recognition data, and intercepting SMS. "The GoldPickaxe family is available for both iOS and Android platforms,"]]> 2024-02-15T15:01:00+00:00 https://thehackernews.com/2024/02/chinese-hackers-using-deepfakes-in.html www.secnews.physaphae.fr/article.php?IdArticle=8450362 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures containing links to OneDrive URLs. "The URLs led to a Word file with names such as "]]> 2024-02-14T16:48:00+00:00 https://thehackernews.com/2024/02/bumblebee-malware-returns-with-new.html www.secnews.physaphae.fr/article.php?IdArticle=8449962 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails the exploitation of CVE-2024-21412, a security bypass vulnerability related to Internet]]> 2024-02-14T13:03:00+00:00 https://thehackernews.com/2024/02/darkme-malware-targets-traders-using.html www.secnews.physaphae.fr/article.php?IdArticle=8449886 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware. "This bootkit can intervene and control the [operating system] boot process, enabling Glupteba to hide itself and create a stealthy persistence that can be extremely difficult to]]> 2024-02-13T20:07:00+00:00 https://thehackernews.com/2024/02/glupteba-botnet-evades-detection-with.html www.secnews.physaphae.fr/article.php?IdArticle=8449591 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of "devolution." "Although it appears to be in a new development cycle and testing phase, the developers have reduced the complexity of the code by removing advanced obfuscation techniques and changing the network communications," Zscaler ThreatLabz researcher Nikolaos]]> 2024-02-13T19:37:00+00:00 https://thehackernews.com/2024/02/pikabot-resurfaces-with-streamlined.html www.secnews.physaphae.fr/article.php?IdArticle=8449592 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT. The domains – www.warzone[.]ws and three others – were "used to sell computer malware used by cybercriminals to secretly access and steal data from victims\' computers," the DoJ said. Alongside the takedown, the]]> 2024-02-11T16:24:00+00:00 https://thehackernews.com/2024/02/us-doj-dismantles-warzone-rat.html www.secnews.physaphae.fr/article.php?IdArticle=8448934 False Malware,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time," Check Point said in a report this]]> 2024-02-09T22:02:00+00:00 https://thehackernews.com/2024/02/raspberry-robin-malware-upgrades-with.html www.secnews.physaphae.fr/article.php?IdArticle=8448448 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiring any user interaction. "Typical MoqHao requires users to install and launch the app to get their desired purpose, but this new variant requires no execution," McAfee Labs said in a report published this week. "While the app is]]> 2024-02-09T19:04:00+00:00 https://thehackernews.com/2024/02/new-variant-of-moqhao-android-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8448386 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote. "This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection," Russian cybersecurity firm Kaspersky said in a Thursday report. What]]> 2024-02-09T15:58:00+00:00 https://thehackernews.com/2024/02/new-coyote-trojan-targets-61-brazilian.html www.secnews.physaphae.fr/article.php?IdArticle=8448334 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to be increasingly used by other threat actors to deliver additional payloads and tooling. "The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe,"]]> 2024-02-08T15:58:00+00:00 https://thehackernews.com/2024/02/hijackloader-evolves-researchers-decode.html www.secnews.physaphae.fr/article.php?IdArticle=8447984 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected systems, South Korean cybersecurity company S2W said in a new technical report. Troll]]> 2024-02-08T12:23:00+00:00 https://thehackernews.com/2024/02/kimsukys-new-golang-stealer-troll-and.html www.secnews.physaphae.fr/article.php?IdArticle=8447938 False Malware,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer. "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News. Ov3r_Stealer]]> 2024-02-06T19:39:00+00:00 https://thehackernews.com/2024/02/beware-fake-facebook-job-ads-spreading.html www.secnews.physaphae.fr/article.php?IdArticle=8447298 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called VajraSpy. Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from the official Google Play Store and were collectively downloaded more than 1,400 times between]]> 2024-02-05T18:48:00+00:00 https://thehackernews.com/2024/02/patchwork-using-romance-scam-lures-to.html www.secnews.physaphae.fr/article.php?IdArticle=8446926 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a report published last week. Propagated via phishing mails, Mispadu is a Delphi-based information stealer]]> 2024-02-05T09:15:00+00:00 https://thehackernews.com/2024/02/new-mispadu-banking-trojan-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8446827 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency attributed the campaign to a threat actor it calls UAC-0027. DirtyMoe, active since at least 2016, is capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks. In March]]> 2024-02-02T18:47:00+00:00 https://thehackernews.com/2024/02/dirtymoe-malware-infects-2000-ukrainian.html www.secnews.physaphae.fr/article.php?IdArticle=8445985 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs. The law enforcement effort, codenamed Synergia, took place between September and November 2023 in an attempt to blunt the "growth, escalation and professionalization of transnational cybercrime." Involving 60 law]]> 2024-02-02T15:53:00+00:00 https://thehackernews.com/2024/02/interpol-arrests-31-in-global-operation.html www.secnews.physaphae.fr/article.php?IdArticle=8445925 False Ransomware,Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security]]> 2024-02-01T21:14:00+00:00 https://thehackernews.com/2024/02/fritzfrog-returns-with-log4shell-and.html www.secnews.physaphae.fr/article.php?IdArticle=8445634 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed an updated version of the malware HeadCrab that\'s known to target Redis database servers across the world since early September 2021. The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the financially-motivated threat actor behind the campaign is actively adapting and]]> 2024-02-01T16:52:00+00:00 https://thehackernews.com/2024/02/headcrab-20-goes-fileless-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8445530 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices. This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE. "CHAINLINE is a Python web shell backdoor that is]]> 2024-02-01T13:13:00+00:00 https://thehackernews.com/2024/02/warning-new-malware-emerges-in-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8445460 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. "This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and]]> 2024-01-31T17:51:00+00:00 https://thehackernews.com/2024/01/telegram-marketplaces-fuel-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=8445172 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics. "UNC4990 operations generally involve widespread USB infection followed by the deployment of the]]> 2024-01-31T16:30:00+00:00 https://thehackernews.com/2024/01/italian-businesses-hit-by-weaponized.html www.secnews.physaphae.fr/article.php?IdArticle=8445136 False Malware,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that\'s used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused]]> 2024-01-31T12:53:00+00:00 https://thehackernews.com/2024/01/chinese-hackers-exploiting-critical-vpn.html www.secnews.physaphae.fr/article.php?IdArticle=8445089 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil said it served five temporary arrest warrants and 13 search and seizure warrants in the states of São Paulo, Santa Catarina, Pará, Goiás, and Mato Grosso. Slovak cybersecurity firm ESET, which provided additional]]> 2024-01-30T22:13:00+00:00 https://thehackernews.com/2024/01/brazilian-feds-dismantle-grandoreiro.html www.secnews.physaphae.fr/article.php?IdArticle=8444876 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet\'s infrastructure was dismantled in April 2022. A new variant of the malware is said to have been in development since September 2023, Zscaler ThreatLabz said in an analysis published this month. "The new version of Zloader made significant changes to the loader]]> 2024-01-30T14:13:00+00:00 https://thehackernews.com/2024/01/new-zloader-malware-variant-surfaces.html www.secnews.physaphae.fr/article.php?IdArticle=8444718 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems. The malware-laced packages are named nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111. They have been uploaded by a threat actor named "WS." "These]]> 2024-01-29T11:02:00+00:00 https://thehackernews.com/2024/01/malicious-pypi-packages-slip-whitesnake.html www.secnews.physaphae.fr/article.php?IdArticle=8444297 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. The campaign has been active since at least 2021. "Lures use Mexican Social]]> 2024-01-27T12:25:00+00:00 https://thehackernews.com/2024/01/allakore-rat-malware-targeting-mexican.html www.secnews.physaphae.fr/article.php?IdArticle=8443701 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said. The development comes nearly two months after Dunaev pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud. "]]> 2024-01-26T11:03:00+00:00 https://thehackernews.com/2024/01/russian-trickbot-mastermind-gets-5-year.html www.secnews.physaphae.fr/article.php?IdArticle=8443267 False Malware,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP," Kroll said in an analysis published last week. The risk and]]> 2024-01-25T19:53:00+00:00 https://thehackernews.com/2024/01/systembc-malwares-c2-server-analysis.html www.secnews.physaphae.fr/article.php?IdArticle=8443022 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that\'s distributed via spear-phishing attacks. The findings come from Japanese company ITOCHU Cyber & Intelligence, which said the malware "has been updated with new features, as well as changes to the anti-analysis (analysis avoidance) techniques." LODEINFO (versions 0.6.6 and 0.6.7]]> 2024-01-25T17:00:00+00:00 https://thehackernews.com/2024/01/lodeinfo-fileless-malware-evolves-with.html www.secnews.physaphae.fr/article.php?IdArticle=8442962 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader\'s icon and name masquerades as the legitimate CherryTree note-taking application to dupe potential victims]]> 2024-01-25T12:51:00+00:00 https://thehackernews.com/2024/01/new-cherryloader-malware-mimics.html www.secnews.physaphae.fr/article.php?IdArticle=8442858 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of a massive "criminal affiliate program," new findings from Infoblox reveal. The latest development demonstrates the "breadth of their activities and depth of their connections within the cybercrime industry," the company said,]]> 2024-01-23T20:03:00+00:00 https://thehackernews.com/2024/01/vextrio-uber-of-cybercrime-brokering.html www.secnews.physaphae.fr/article.php?IdArticle=8442148 False Malware,Threat Uber 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data. Kaspersky, which identified the artifacts in the wild, said they are designed to target machines running macOS Ventura 13.6 and later, indicating the malware\'s ability to infect Macs on both Intel and]]> 2024-01-23T17:57:00+00:00 https://thehackernews.com/2024/01/activator-alert-macos-malware-hides-in.html www.secnews.physaphae.fr/article.php?IdArticle=8442123 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix security researcher Gurumoorthi Ramanathan said in an analysis published last week. The ZIP file contains]]> 2024-01-22T16:52:00+00:00 https://thehackernews.com/2024/01/ns-stealer-uses-discord-bots-to.html www.secnews.physaphae.fr/article.php?IdArticle=8441634 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files. "The PDFs]]> 2024-01-20T07:46:00+00:00 https://thehackernews.com/2024/01/invoice-phishing-alert-ta866-deploys.html www.secnews.physaphae.fr/article.php?IdArticle=8440850 False Malware,Threat None 2.0000000000000000