This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T21:02:31+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines. "These applications are being hosted on Chinese pirating websites in order to gain victims," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said. "Once detonated, the malware will download and execute multiple payloads]]> 2024-01-19T18:18:00+00:00 https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html www.secnews.physaphae.fr/article.php?IdArticle=8440653 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. "This is the first documented case of malware deploying the 9Hits application as a payload," cloud security firm Cado said, adding the development is a sign that adversaries are]]> 2024-01-18T22:01:00+00:00 https://thehackernews.com/2024/01/new-docker-malware-steals-cpu-for.html www.secnews.physaphae.fr/article.php?IdArticle=8440348 False Malware,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. Google\'s Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as decoy documents to trigger the infection sequence. The lures are]]> 2024-01-18T20:19:00+00:00 https://thehackernews.com/2024/01/russian-coldriver-hackers-expand-beyond.html www.secnews.physaphae.fr/article.php?IdArticle=8440327 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for "victim identification and exploitation in target networks." A Python-based malware, AndroxGh0st was first documented by Lacework in December 2022, with the malware]]> 2024-01-17T16:44:00+00:00 https://thehackernews.com/2024/01/feds-warn-of-androxgh0st-botnet.html www.secnews.physaphae.fr/article.php?IdArticle=8439850 False Malware,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South Korea. WebHard, short for web hard drive, is a popular online file storage system used to upload, download, and share files in the country. While webhards have been used in the past to deliver njRAT, UDP RAT, and DDoS botnet malware, the]]> 2024-01-16T18:52:00+00:00 https://thehackernews.com/2024/01/remcos-rat-spreading-through-adult.html www.secnews.physaphae.fr/article.php?IdArticle=8439554 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023. The scheme “leveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackers’ infrastructure that spoofed Web3 protocols to trick victims into authorizing]]> 2024-01-16T13:29:00+00:00 https://thehackernews.com/2024/01/inferno-malware-masqueraded-as-coinbase.html www.secnews.physaphae.fr/article.php?IdArticle=8439474 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector. First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws WordPress plugins to inject backdoor designed to redirect visitors of infected sites to bogus tech]]> 2024-01-15T13:15:00+00:00 https://thehackernews.com/2024/01/balada-injector-infects-over-7100.html www.secnews.physaphae.fr/article.php?IdArticle=8439154 False Malware,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. "These families allow the threat actors to circumvent authentication and provide backdoor access to these devices," Mandiant said in an]]> 2024-01-12T19:23:00+00:00 https://thehackernews.com/2024/01/nation-state-actors-weaponize-ivanti.html www.secnews.physaphae.fr/article.php?IdArticle=8438293 False Malware,Vulnerability,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker\'s use of packers and rootkits to conceal the malware," Aqua security researchers Nitzan Yaakov and Assaf Morag said in an analysis published earlier]]> 2024-01-12T13:26:00+00:00 https://thehackernews.com/2024/01/cryptominers-targeting-misconfigured.html www.secnews.physaphae.fr/article.php?IdArticle=8438154 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules,"]]> 2024-01-11T17:10:00+00:00 https://thehackernews.com/2024/01/atomic-stealer-gets-upgrade-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8437844 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest the threat actor behind the operations. The encryption key has also been shared with Avast,]]> 2024-01-10T16:01:00+00:00 https://thehackernews.com/2024/01/free-decryptor-released-for-black-basta.html www.secnews.physaphae.fr/article.php?IdArticle=8437484 False Ransomware,Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. “PikaBot\'s operators ran phishing campaigns, targeting victims via its two components - a loader and a core module - which enabled unauthorized remote access and allowed the execution of arbitrary commands through an established connection with]]> 2024-01-09T21:31:00+00:00 https://thehackernews.com/2024/01/alert-water-curupira-hackers-actively.html www.secnews.physaphae.fr/article.php?IdArticle=8437215 False Spam,Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. “These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL and Cuttly,]]> 2024-01-09T13:47:00+00:00 https://thehackernews.com/2024/01/beware-youtube-videos-promoting-cracked.html www.secnews.physaphae.fr/article.php?IdArticle=8437067 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice. The findings come from cybersecurity company ClearSky, which said the Windows-based malware "crashes the operating system in a way that it cannot be rebooted." The intrusions have been attributed to an Iranian "psychological operation group" called Homeland]]> 2024-01-06T12:18:00+00:00 https://thehackernews.com/2024/01/pro-iranian-hacker-group-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8435521 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors. “SpectralBlur is a moderately capable backdoor that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based on commands issued from the []]> 2024-01-05T21:05:00+00:00 https://thehackernews.com/2024/01/spectralblur-new-macos-backdoor-threat.html www.secnews.physaphae.fr/article.php?IdArticle=8435195 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol (BGP) traffic. "The Orange account in the IP network coordination center (RIPE) has suffered improper access that has affected the browsing of some of our customers," the]]> 2024-01-05T15:31:00+00:00 https://thehackernews.com/2024/01/orange-spain-faces-bgp-traffic-hijack.html www.secnews.physaphae.fr/article.php?IdArticle=8435045 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows machines, underscoring the continuous evolution of the malware. Fortinet FortiGuard Labs, which identified the activity in October 2023, said the malware is distributed via a PDF file that embeds a link to a password-protected .7z archive. “]]> 2024-01-05T10:46:00+00:00 https://thehackernews.com/2024/01/new-bandook-rat-variant-resurfaces.html www.secnews.physaphae.fr/article.php?IdArticle=8434931 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group\'s weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal," Uptycs security researchers Karthick Kumar and Shilpesh Trivedi said in]]> 2024-01-04T14:25:00+00:00 https://thehackernews.com/2024/01/uac-0050-group-using-new-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=8434261 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat actors to maintain access to a valid session in an]]> 2024-01-03T18:46:00+00:00 https://thehackernews.com/2024/01/malware-using-google-multilogin-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=8433684 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader. The disclosure comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences that led to the deployment of JinxLoader through phishing attacks. "The]]> 2024-01-01T12:22:00+00:00 https://thehackernews.com/2024/01/new-jinxloader-targeting-users-with.html www.secnews.physaphae.fr/article.php?IdArticle=8432214 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the agency between December 15 and 25, 2023, targets government entities]]> 2023-12-29T16:11:00+00:00 https://thehackernews.com/2023/12/cert-ua-uncovers-new-malware-wave.html www.secnews.physaphae.fr/article.php?IdArticle=8430752 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Thursday said it\'s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence]]> 2023-12-29T10:46:00+00:00 https://thehackernews.com/2023/12/microsoft-disables-msix-app-installer.html www.secnews.physaphae.fr/article.php?IdArticle=8430625 False Ransomware,Malware,Threat,Patching None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer (aka LummaC2), Vidar, RecordBreaker (aka Raccoon Stealer V2), and Rescoms. Cybersecurity firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi. "This malware is a loader with three types of components: a downloader that downloads an]]> 2023-12-28T11:26:00+00:00 https://thehackernews.com/2023/12/new-rugmi-malware-loader-surges-with.html www.secnews.physaphae.fr/article.php?IdArticle=8430151 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it\'s developed using an open-source mobile app framework called Xamarin and abuses the operating system\'s accessibility permissions to fulfill its objectives.]]> 2023-12-27T13:54:00+00:00 https://thehackernews.com/2023/12/new-sneaky-xamalicious-android-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8429720 False Malware,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. "Carbanak returned last month through new]]> 2023-12-26T12:56:00+00:00 https://thehackernews.com/2023/12/carbanak-banking-malware-resurfaces.html www.secnews.physaphae.fr/article.php?IdArticle=8429198 False Ransomware,Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Indian government entities and the defense sector have been targeted by a phishing campaign that\'s engineered to drop Rust-based malware for intelligence gathering. The activity, first detected in October 2023, has been codenamed Operation RusticWeb by enterprise security firm SEQRITE. "New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate]]> 2023-12-22T18:49:00+00:00 https://thehackernews.com/2023/12/operation-rusticweb-rust-based-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8427392 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers\' unfamiliarity can hamper their investigation," Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara ]]> 2023-12-22T18:16:00+00:00 https://thehackernews.com/2023/12/decoy-microsoft-word-documents-used-to.html www.secnews.physaphae.fr/article.php?IdArticle=8427363 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. "The threat actor targets Ukrainian employees working for companies outside of Ukraine," cybersecurity firm Deep Instinct said in a Thursday analysis. UAC-0099 was first]]> 2023-12-22T13:16:00+00:00 https://thehackernews.com/2023/12/uac-0099-using-winrar-exploit-to-target.html www.secnews.physaphae.fr/article.php?IdArticle=8427261 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. "Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in executing Device Takeover (DTO) using the accessibility service, all while expanding its targeted region,]]> 2023-12-21T21:51:00+00:00 https://thehackernews.com/2023/12/new-chameleon-android-banking-trojan.html www.secnews.physaphae.fr/article.php?IdArticle=8426909 False Malware,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new piece of JavaScript malware has been observed attempting to steal users\' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North America, South America, Europe, and Japan.]]> 2023-12-21T18:08:00+00:00 https://thehackernews.com/2023/12/new-javascript-malware-targeted-50000.html www.secnews.physaphae.fr/article.php?IdArticle=8426758 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) German law enforcement has announced the disruption of a dark web platform called Kingdom Market that specialized in the sales of narcotics and malware to "tens of thousands of users." The exercise, which involved collaboration from authorities from the U.S., Switzerland, Moldova, and Ukraine, began on December 16, 2023, the Federal Criminal Police Office (BKA) said. Kingdom]]> 2023-12-21T15:33:00+00:00 https://thehackernews.com/2023/12/german-authorities-dismantle-dark-web.html www.secnews.physaphae.fr/article.php?IdArticle=8426696 False Malware,Legislation None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), a memory corruption vulnerability in Office\'s]]> 2023-12-21T12:52:00+00:00 https://thehackernews.com/2023/12/hackers-exploiting-old-ms-excel.html www.secnews.physaphae.fr/article.php?IdArticle=8426609 False Malware,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery, said the malware is "equipped with an extensive array of commands from its command-and-control (C&C) server." Artifacts designed for macOS were first observed in July]]> 2023-12-20T13:40:00+00:00 https://thehackernews.com/2023/12/new-go-based-jaskago-malware-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8425965 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Investigation (FBI) enlisted the help of a confidential human source (CHS) to act as an affiliate for the BlackCat and gain]]> 2023-12-19T21:22:00+00:00 https://thehackernews.com/2023/12/fbi-takes-down-blackcat-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8425555 False Ransomware,Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and Discord to host second stage malware and sidestep detection tools," ReversingLabs researcher Karlo Zanki ]]> 2023-12-19T19:00:00+00:00 https://thehackernews.com/2023/12/hackers-abusing-github-to-evade.html www.secnews.physaphae.fr/article.php?IdArticle=8425467 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577," Malwarebytes\' Jérôme Segura said. The malware family,]]> 2023-12-19T16:32:00+00:00 https://thehackernews.com/2023/12/new-malvertising-campaign-distributing.html www.secnews.physaphae.fr/article.php?IdArticle=8425401 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. "This vulnerability allows remote authenticated]]> 2023-12-19T12:28:00+00:00 https://thehackernews.com/2023/12/8220-gang-exploiting-oracle-weblogic.html www.secnews.physaphae.fr/article.php?IdArticle=8425288 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities and also incorporating a plugin system to make it more customizable. This approach not only transforms it into a threat capable of delivering "specific distributor needs," but also makes it more potent, Check Point said&]]> 2023-12-18T20:01:00+00:00 https://thehackernews.com/2023/12/rhadamanthys-malware-swiss-army-knife.html www.secnews.physaphae.fr/article.php?IdArticle=8424825 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network. Microsoft, which made the discovery, described it as a low-volume campaign that began on December 11, 2023, and targeted the hospitality industry. "Targets]]> 2023-12-18T14:59:00+00:00 https://thehackernews.com/2023/12/qakbot-malware-resurfaces-with-new.html www.secnews.physaphae.fr/article.php?IdArticle=8424707 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel. "The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities," Russian]]> 2023-12-15T10:55:00+00:00 https://thehackernews.com/2023/12/new-nkabuse-malware-exploits-nkn.html www.secnews.physaphae.fr/article.php?IdArticle=8423047 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have identified a set of 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom backdoor. "In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both," ESET researchers Marc-Etienne M.Léveillé and Rene]]> 2023-12-14T20:56:00+00:00 https://thehackernews.com/2023/12/116-malware-packages-found-on-pypi.html www.secnews.physaphae.fr/article.php?IdArticle=8422707 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A pro-Hamas threat actor known as Gaza Cyber Gang is targeting Palestinian entities using an updated version of a backdoor dubbed Pierogi. The findings come from SentinelOne, which has given the malware the name Pierogi++ owing to the fact that it\'s implemented in the C++ programming language unlike its Delphi- and Pascal-based predecessor. "Recent Gaza Cybergang activities show]]> 2023-12-14T19:31:00+00:00 https://thehackernews.com/2023/12/new-pierogi-malware-by-gaza-cyber-gang.html www.secnews.physaphae.fr/article.php?IdArticle=8422669 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company ESET. The attacks also involved the use of an updated version of a known OilRig downloader]]> 2023-12-14T18:00:00+00:00 https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html www.secnews.physaphae.fr/article.php?IdArticle=8422615 False Malware,Threat APT 34 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malware analysis encompasses a broad range of activities, including examining the malware\'s network traffic. To be effective at it, it\'s crucial to understand the common challenges and how to overcome them. Here are three prevalent issues you may encounter and the tools you\'ll need to address them. Decrypting HTTPS traffic Hypertext Transfer Protocol Secure (HTTPS), the protocol for secure]]> 2023-12-13T17:32:00+00:00 https://thehackernews.com/2023/12/how-to-analyze-malwares-network-traffic.html www.secnews.physaphae.fr/article.php?IdArticle=8422060 False Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs researcher Cara Lin said. "MrAnon Stealer steals its victims\' credentials, system]]> 2023-12-12T15:25:00+00:00 https://thehackernews.com/2023/12/new-mranon-stealer-targeting-german-it.html www.secnews.physaphae.fr/article.php?IdArticle=8421466 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that\'s known to use a backdoor known as KEYPLUG. The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary\'s Lua-based malware LuaDream and KEYPLUG have been]]> 2023-12-11T19:29:00+00:00 https://thehackernews.com/2023/12/researchers-unmask-sandman-apts-hidden.html www.secnews.physaphae.fr/article.php?IdArticle=8421078 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader\'s core functionality hasn\'t changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process," Elastic Security Labs]]> 2023-12-09T12:46:00+00:00 https://thehackernews.com/2023/12/researchers-unveal-guloader-malwares.html www.secnews.physaphae.fr/article.php?IdArticle=8420386 False Malware,Threat,Technical None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to launch attacks on websites, companies and individuals, buy guns, drugs, and other illicit]]> 2023-12-08T15:22:00+00:00 https://thehackernews.com/2023/12/mac-users-beware-new-trojan-proxy.html www.secnews.physaphae.fr/article.php?IdArticle=8420157 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named after a nocturnal female spirit of Southeast Asian folklore, the malware is "able to conceal its own presence during the initialization phase," Group-IB said in a report]]> 2023-12-07T11:45:00+00:00 https://thehackernews.com/2023/12/new-stealthy-krasue-linux-trojan.html www.secnews.physaphae.fr/article.php?IdArticle=8419786 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, "can be used by threat actors to deliver a malicious payload and bypass Secure Boot, Intel]]> 2023-12-04T12:23:00+00:00 https://thehackernews.com/2023/12/logofail-uefi-vulnerabilities-expose.html www.secnews.physaphae.fr/article.php?IdArticle=8418948 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Organizations in the Middle East, Africa, and the U.S. have been targeted by an unknown threat actor to distribute a new backdoor called Agent Racoon. "This malware family is written using the .NET framework and leverages the domain name service (DNS) protocol to create a covert channel and provide different backdoor functionalities," Palo Alto Networks Unit 42 researcher Chema Garcia ]]> 2023-12-02T13:59:00+00:00 https://thehackernews.com/2023/12/agent-racoon-backdoor-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8418532 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced. Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later. "Dunaev developed browser modifications and malicious tools that aided in credential harvesting and data]]> 2023-12-02T13:22:00+00:00 https://thehackernews.com/2023/12/russian-hacker-vladimir-dunaev.html www.secnews.physaphae.fr/article.php?IdArticle=8418523 False Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. "Spreading primarily through messaging services, it combines app-based malware with social engineering to defraud banking customers," Oslo-based mobile app]]> 2023-12-01T18:10:00+00:00 https://thehackernews.com/2023/12/new-fjordphantom-android-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8418322 False Malware,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may still pose a danger in a reduced form. This article discusses the aftermath of the takedown, provides mitigation]]> 2023-12-01T16:20:00+00:00 https://thehackernews.com/2023/12/qakbot-takedown-aftermath-mitigations.html www.secnews.physaphae.fr/article.php?IdArticle=8418295 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected Chinese-speaking threat actor has been attributed to a malicious campaign that targets the Uzbekistan Ministry of Foreign Affairs and South Korean users with a remote access trojan called SugarGh0st RAT. The activity, which commenced no later than August 2023, leverages two different infection sequences to deliver the malware, which is a customized variant of Gh0st RAT ]]> 2023-12-01T16:19:00+00:00 https://thehackernews.com/2023/12/chinese-hackers-using-sugargh0st-rat-to.html www.secnews.physaphae.fr/article.php?IdArticle=8418296 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Android malware campaign targeting Iranian banks has expanded its capabilities and incorporated additional evasion tactics to fly under the radar. That\'s according to a new report from Zimperium, which discovered more than 200 malicious apps associated with the malicious operation, with the threat actor also observed carrying out phishing attacks against the targeted financial institutions.]]> 2023-11-29T15:43:00+00:00 https://thehackernews.com/2023/11/200-malicious-apps-on-iranian-android.html www.secnews.physaphae.fr/article.php?IdArticle=8417759 False Malware,Threat,Mobile,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN. The findings come from cybersecurity firm SentinelOne, which also tied a third macOS-specific malware called ObjCShellz to the RustBucket campaign.]]> 2023-11-28T10:24:00+00:00 https://thehackernews.com/2023/11/n-korean-hackers-mixing-and-matching.html www.secnews.physaphae.fr/article.php?IdArticle=8417390 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters have been codenamed Contagious Interview and Wagemole, respectively, by Palo Alto Networks Unit 42. While the first set of attacks]]> 2023-11-22T17:44:00+00:00 https://thehackernews.com/2023/11/north-korean-hackers-pose-as-job.html www.secnews.physaphae.fr/article.php?IdArticle=8415895 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression format to harvest data from several email clients and nearly 40 web browsers. "ZPAQ is a file compression format that offers a better compression ratio and journaling function compared to widely used formats like ZIP and RAR," G Data malware analyst Anna Lvova said in a Monday analysis.]]> 2023-11-21T17:27:00+00:00 https://thehackernews.com/2023/11/new-agent-tesla-malware-variant-using.html www.secnews.physaphae.fr/article.php?IdArticle=8415361 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data. “Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations,]]> 2023-11-21T13:16:00+00:00 https://thehackernews.com/2023/11/malicious-apps-disguised-as-banks-and.html www.secnews.physaphae.fr/article.php?IdArticle=8415268 False Malware,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT. "The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as GHOSTPULSE), and various forms of phishing campaigns," VMware Carbon Black researchers said in a report shared with The]]> 2023-11-20T20:49:00+00:00 https://thehackernews.com/2023/11/netsupport-rat-infections-on-rise.html www.secnews.physaphae.fr/article.php?IdArticle=8414924 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. “These include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an infection chain nearly identical to what we have seen with QakBot delivery,” Cofense said in a report]]> 2023-11-20T20:20:00+00:00 https://thehackernews.com/2023/11/darkgate-and-pikabot-malware-resurrect.html www.secnews.physaphae.fr/article.php?IdArticle=8414899 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. The method is designed to "delay detonation of the sample until human mouse activity is detected," Outpost24 security researcher Alberto Marín said in a technical]]> 2023-11-20T16:19:00+00:00 https://thehackernews.com/2023/11/lummac2-malware-deploys-new.html www.secnews.physaphae.fr/article.php?IdArticle=8414826 False Malware,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEO#LURKER. “The malicious advertisement directs the user to a compromised WordPress website gameeweb[.]com, which redirects the]]> 2023-11-17T19:01:00+00:00 https://thehackernews.com/2023/11/beware-malicious-google-ads-trick.html www.secnews.physaphae.fr/article.php?IdArticle=8413407 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,]]> 2023-11-17T15:26:00+00:00 https://thehackernews.com/2023/11/27-malicious-pypi-packages-with.html www.secnews.physaphae.fr/article.php?IdArticle=8413334 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service (DDoS) botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named \'oracleiv_latest\' and containing Python malware compiled as an ELF executable]]> 2023-11-14T17:24:00+00:00 https://thehackernews.com/2023/11/alert-oracleiv-ddos-botnet-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8411793 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402, which is also known as Molerats, Gaza Cyber Gang, and shares tactical overlaps with a pro-Hamas]]> 2023-11-14T15:31:00+00:00 https://thehackernews.com/2023/11/new-campaign-targets-middle-east.html www.secnews.physaphae.fr/article.php?IdArticle=8411725 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts. "An important feature that sets it apart is that, unlike previous campaigns, which relied on .NET applications, this one used Delphi as the programming]]> 2023-11-14T13:33:00+00:00 https://thehackernews.com/2023/11/vietnamese-hackers-using-new-delphi.html www.secnews.physaphae.fr/article.php?IdArticle=8411647 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have warned about a Windows version of a wiper malware that was previously observed targeting Linux systems in cyber attacks aimed at Israel. Dubbed BiBi-Windows Wiper by BlackBerry, the wiper is the Windows counterpart of BiBi-Linux Wiper, which has been put to use by a pro-Hamas hacktivist group in the wake of the Israel-Hamas war last month. "The Windows variant [...]]> 2023-11-13T10:20:00+00:00 https://thehackernews.com/2023/11/new-bibi-windows-wiper-targets-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8410770 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a stealthy backdoor named Effluence that\'s deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a persistent backdoor and is not remediated by applying patches to Confluence," Aon\'s Stroz Friedberg Incident Response Services said in an analysis published]]> 2023-11-10T14:28:00+00:00 https://thehackernews.com/2023/11/alert-effluence-backdoor-persists.html www.secnews.physaphae.fr/article.php?IdArticle=8408992 False Malware,Patching None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new set of malicious Python packages has slithered their way to the Python Package Index (PyPI) repository with the ultimate aim of stealing sensitive information from compromised developer systems. The packages masquerade as seemingly innocuous obfuscation tools, but harbor a piece of malware called BlazeStealer, Checkmarx said in a report shared with The Hacker News. "[BlazeStealer]]]> 2023-11-08T18:27:00+00:00 https://thehackernews.com/2023/11/beware-developers-blazestealer-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8407875 False Malware,Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked nation-state group called BlueNoroff has been attributed to a previously undocumented macOS malware strain dubbed ObjCShellz. Jamf Threat Labs, which disclosed details of the malware, said it\'s used as part of the RustBucket malware campaign, which came to light earlier this year. "Based on previous attacks performed by BlueNoroff, we suspect that this malware was a late]]> 2023-11-07T19:28:00+00:00 https://thehackernews.com/2023/11/n-korean-bluenoroff-blamed-for-hacking.html www.secnews.physaphae.fr/article.php?IdArticle=8407291 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. "The GootLoader group\'s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2 such as CobaltStrike or RDP," IBM X-Force researchers Golo Mühr and Ole]]> 2023-11-07T17:58:00+00:00 https://thehackernews.com/2023/11/new-gootloader-malware-variant-evades.html www.secnews.physaphae.fr/article.php?IdArticle=8407229 False Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An updated version of an information stealer malware known as Jupyter has resurfaced with "simple yet impactful changes" that aim to stealthily establish a persistent foothold on compromised systems. "The team has discovered new waves of Jupyter Infostealer attacks which leverage PowerShell command modifications and signatures of private keys in attempts to pass off the malware as a legitimately]]> 2023-11-06T22:53:00+00:00 https://thehackernews.com/2023/11/new-jupyter-infostealer-version-emerges.html www.secnews.physaphae.fr/article.php?IdArticle=8406733 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new dropper-as-a-service (DaaS) for Android called SecuriDropper that bypasses new security restrictions imposed by Google and delivers the malware. Dropper malware on Android is designed to function as a conduit to install a payload on a compromised device, making it a lucrative business model for threat actors, who can advertise the capabilities]]> 2023-11-06T19:39:00+00:00 https://thehackernews.com/2023/11/securidropper-new-android-dropper-as.html www.secnews.physaphae.fr/article.php?IdArticle=8406682 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware. The intrusions, which took place as recently as October, have been attributed to an Iranian nation-state hacking crew it tracks under the name Agonizing Serpens, which is also known as Agrius,]]> 2023-11-06T16:02:00+00:00 https://thehackernews.com/2023/11/iranian-hackers-launches-destructive.html www.secnews.physaphae.fr/article.php?IdArticle=8406527 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An advanced strain of malware masquerading as a cryptocurrency miner has managed to fly the radar for over five years, infecting no less than one million devices around the world in the process. That\'s according to findings from Kaspersky, which has codenamed the threat StripedFly, describing it as an "intricate modular framework that supports both Linux and Windows." The Russian cybersecurity]]> 2023-11-04T15:04:00+00:00 https://thehackernews.com/2023/11/stripedfly-malware-operated-unnoticed.html www.secnews.physaphae.fr/article.php?IdArticle=8405899 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Compromised Facebook business accounts are being used to run bogus ads that employ "revealing photos of young women" as lures to trick victims into downloading an updated version of a malware called NodeStealer. "Clicking on ads immediately downloads an archive containing a malicious .exe \'Photo Album\' file which also drops a second executable written in .NET – this payload is in charge of]]> 2023-11-03T17:42:00+00:00 https://thehackernews.com/2023/11/nodestealer-malware-hijacking-facebook.html www.secnews.physaphae.fr/article.php?IdArticle=8405323 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) State-sponsored threat actors from the Democratic People\'s Republic of Korea (DPRK) have been found targeting blockchain engineers of an unnamed crypto exchange platform via Discord with a novel macOS malware dubbed KANDYKORN. Elastic Security Labs said the activity, traced back to April 2023, exhibits overlaps with the infamous adversarial collective Lazarus Group, citing an analysis of the]]> 2023-11-01T14:32:00+00:00 https://thehackernews.com/2023/11/north-korean-hackers-tageting-crypto.html www.secnews.physaphae.fr/article.php?IdArticle=8403987 False Malware,Threat APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Arid Viper (aka APT-C-23, Desert Falcon, or TAG-63) has been attributed as behind an Android spyware campaign targeting Arabic-speaking users with a counterfeit dating app designed to harvest data from infected handsets. "Arid Viper\'s Android malware has a number of features that enable the operators to surreptitiously collect sensitive information from victims\' devices]]> 2023-10-31T19:46:00+00:00 https://thehackernews.com/2023/10/arid-viper-targeting-arabic-android.html www.secnews.physaphae.fr/article.php?IdArticle=8403559 False Malware,Threat APT-C-23,APT-C-23 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a new set of malicious packages published to the NuGet package manager using a lesser-known method for malware deployment. Software supply chain security firm ReversingLabs described the campaign as coordinated and ongoing since August 1, 2023, while linking it to a host of rogue NuGet packages that were observed delivering a remote access trojan called]]> 2023-10-31T17:34:00+00:00 https://thehackernews.com/2023/10/malicious-nuget-packages-caught.html www.secnews.physaphae.fr/article.php?IdArticle=8403479 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A pro-Hamas hacktivist group has been observed using a new Linux-based wiper malware dubbed BiBi-Linux Wiper, targeting Israeli entities amidst the ongoing Israeli-Hamas war. "This malware is an x64 ELF executable, lacking obfuscation or protective measures," Security Joes said in a new report published today. "It allows attackers to specify target folders and can potentially destroy an entire]]> 2023-10-30T21:55:00+00:00 https://thehackernews.com/2023/10/pro-hamas-hacktivists-targeting-israeli.html www.secnews.physaphae.fr/article.php?IdArticle=8402903 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. "MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users," Elastic]]> 2023-10-30T09:51:00+00:00 https://thehackernews.com/2023/10/hackers-using-msix-app-packages-to.html www.secnews.physaphae.fr/article.php?IdArticle=8402624 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and LPEClient, a known hacking tool used by the threat actor for]]> 2023-10-27T20:27:00+00:00 https://thehackernews.com/2023/10/n-korean-lazarus-group-targets-software.html www.secnews.physaphae.fr/article.php?IdArticle=8401494 False Malware,Tool,Threat APT 38,APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads," the PwC Threat Intelligence said in a Wednesday analysis. "It uses email]]> 2023-10-26T12:54:00+00:00 https://thehackernews.com/2023/10/iranian-group-tortoiseshell-launches.html www.secnews.physaphae.fr/article.php?IdArticle=8400736 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The popularity of Brazil\'s PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious ads that are served when potential victims search for "WhatsApp web" on search engines. "The]]> 2023-10-25T14:43:00+00:00 https://thehackernews.com/2023/10/malvertising-campaign-targets-brazils.html www.secnews.physaphae.fr/article.php?IdArticle=8400067 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Attacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous Ducktail stealer. "The overlap of tools and campaigns is very likely due to the effects of a cybercrime marketplace," WithSecure said in a report published today. "Threat actors are able to acquire and use multiple]]> 2023-10-20T18:58:00+00:00 https://thehackernews.com/2023/10/vietnamese-hackers-target-uk-us-and.html www.secnews.physaphae.fr/article.php?IdArticle=8398266 False Malware,Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new information stealer named ExelaStealer has become the latest entrant to an already crowded landscape filled with various off-the-shelf malware designed to capture sensitive data from compromised Windows systems. "ExelaStealer is a largely open-source infostealer with paid customizations available from the threat actor," Fortinet FortiGuard Labs researcher James Slaughter said in a]]> 2023-10-20T14:32:00+00:00 https://thehackernews.com/2023/10/exelastealer-new-low-cost-cybercrime.html www.secnews.physaphae.fr/article.php?IdArticle=8398112 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has announced an update to its Play Protect with support for real-time scanning at the code level to tackle novel malicious apps prior to downloading and installing them on Android devices. "Google Play Protect will now recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats," the tech giant said. Google Play Protect is a]]> 2023-10-19T17:08:00+00:00 https://thehackernews.com/2023/10/google-play-protect-introduces-real.html www.secnews.physaphae.fr/article.php?IdArticle=8397691 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed serving malicious code by utilizing Binance\'s Smart Chain (BSC) contracts in what has been described as the "next level of bulletproof hosting." The campaign, detected two months ago, has been codenamed EtherHiding by Guardio Labs. The novel twist marks the latest iteration in an ongoing campaign that leverages compromised WordPress sites to serve unsuspecting]]> 2023-10-16T10:29:00+00:00 https://thehackernews.com/2023/10/binances-smart-chain-exploited-in-new.html www.secnews.physaphae.fr/article.php?IdArticle=8396019 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that masquerades as a PDF document, which, when opened, triggers the download and execution of an AutoIt script designed to launch the malware. "It\'s]]> 2023-10-13T16:06:00+00:00 https://thehackernews.com/2023/10/darkgate-malware-spreading-via.html www.secnews.physaphae.fr/article.php?IdArticle=8395082 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new sophisticated strain of malware that masquerades a WordPress plugin to stealthily create administrator accounts and remotely control a compromised site. "Complete with a professional looking opening comment implying it is a caching plugin, this rogue code contains numerous functions, adds filters to prevent itself from being included in the list]]> 2023-10-12T14:46:00+00:00 https://thehackernews.com/2023/10/researchers-uncover-malware-posing-as.html www.secnews.physaphae.fr/article.php?IdArticle=8394665 False Malware None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More than 17,000 WordPress websites have been compromised in the month of September 2023 with malware known as Balada Injector, nearly twice the number of detections in August. Of these, 9,000 of the websites are said to have been infiltrated using a recently disclosed security flaw in the tagDiv Composer plugin (CVE-2023-3169, CVSS score: 6.1) that could be exploited by unauthenticated users to]]> 2023-10-11T18:11:00+00:00 https://thehackernews.com/2023/10/over-17000-wordpress-sites-compromised.html www.secnews.physaphae.fr/article.php?IdArticle=8394300 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) "Of course, here\'s an example of simple code in the Python programming language that can be associated with the keywords "MyHotKeyHandler," "Keylogger," and "macOS," this is a message from ChatGPT followed by a piece of malicious code and a brief remark not to use it for illegal purposes. Initially published by Moonlock Lab, the screenshots of ChatGPT writing code for a keylogger malware is yet]]> 2023-10-09T16:36:00+00:00 https://thehackernews.com/2023/10/i-had-dream-and-generative-ai-jailbreaks.html www.secnews.physaphae.fr/article.php?IdArticle=8393137 False Malware ChatGPT 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of Ransom Knight (aka Cyclops) ransomware and Remcos RAT. This indicates that “the law enforcement operation may not have impacted Qakbot operators\' spam delivery infrastructure but rather only their]]> 2023-10-05T18:48:00+00:00 https://thehackernews.com/2023/10/qakbot-threat-actors-still-in-action.html www.secnews.physaphae.fr/article.php?IdArticle=8391856 False Ransomware,Spam,Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Nowadays, more malware developers are using unconventional programming languages to bypass advanced detection systems. The Node.js malware Lu0Bot is a testament to this trend. By targeting a platform-agnostic runtime environment common in modern web apps and employing multi-layer obfuscation, Lu0Bot is a serious threat to organizations and individuals. Although currently, the malware has low]]> 2023-10-05T16:18:00+00:00 https://thehackernews.com/2023/10/analysis-and-config-extraction-of.html www.secnews.physaphae.fr/article.php?IdArticle=8391803 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Android banking trojan named GoldDigger has been found targeting several financial applications with an aim to siphon victims\' funds and backdoor infected devices. "The malware targets more than 50 Vietnamese banking, e-wallet and crypto wallet applications," Group-IB said. "There are indications that this threat might be poised to extend its reach across the wider APAC region and to]]> 2023-10-05T15:26:00+00:00 https://thehackernews.com/2023/10/golddigger-android-trojan-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8391805 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka AndroidControl), was first disclosed by Lookout in July 2023 as a strain of malware capable of gathering sensitive data from Android devices. It was attributed to the Chinese nation-state group APT41. On]]> 2023-10-04T20:39:00+00:00 https://thehackernews.com/2023/10/researchers-link-dragonegg-android.html www.secnews.physaphae.fr/article.php?IdArticle=8391492 False Malware,Tool APT 41,APT 41 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file or malware," Trend Micro researchers Mohamed Fahmy and Mahmoud Zohdy]]> 2023-09-30T14:51:00+00:00 https://thehackernews.com/2023/09/iranian-apt-group-oilrig-using-new.html www.secnews.physaphae.fr/article.php?IdArticle=8389819 False Malware,Prediction APT 34 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.," Kaspersky said in an analysis published this week. DoubleFinger was first]]> 2023-09-29T22:13:00+00:00 https://thehackernews.com/2023/09/cybercriminals-using-new-asmcrypt.html www.secnews.physaphae.fr/article.php?IdArticle=8389581 False Malware,Threat None 3.0000000000000000