This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T20:50:37+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malicious ads served inside Microsoft Bing\'s artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools. The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations. Introduced by Microsoft in February 2023, Bing Chat is an]]> 2023-09-29T14:43:00+00:00 https://thehackernews.com/2023/09/microsofts-ai-powered-bing-chat-ads-may.html www.secnews.physaphae.fr/article.php?IdArticle=8389414 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. "The malicious code exfiltrates the GitHub project\'s defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code]]> 2023-09-28T22:52:00+00:00 https://thehackernews.com/2023/09/github-repositories-hit-by-password.html www.secnews.physaphae.fr/article.php?IdArticle=8389148 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today\'s SaaS-centric world. The limitations of Browser Isolation, such as degraded browser performance and inability to tackle]]> 2023-09-28T16:43:00+00:00 https://thehackernews.com/2023/09/the-dark-side-of-browser-isolation-and.html www.secnews.physaphae.fr/article.php?IdArticle=8389027 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the adversary deploying an improved version of its SysUpdate toolkit, the Symantec Threat Hunter Team,]]> 2023-09-28T15:43:00+00:00 https://thehackernews.com/2023/09/china-linked-budworm-targeting-middle.html www.secnews.physaphae.fr/article.php?IdArticle=8389005 False Malware,Threat APT 27 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Data security is in the headlines often, and it\'s almost never for a positive reason. Major breaches, new ways to hack into an organization\'s supposedly secure data, and other threats make the news because well, it\'s scary - and expensive.  Data breaches, ransomware and malware attacks, and other cybercrime might be pricey to prevent, but they are even more costly when they occur, with the]]> 2023-09-27T16:53:00+00:00 https://thehackernews.com/2023/09/new-survey-uncovers-how-companies-are.html www.secnews.physaphae.fr/article.php?IdArticle=8388299 False Ransomware,Malware,Hack None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware strain called ZenRAT has emerged in the wild that\'s distributed via bogus installation packages of the Bitwarden password manager. "The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page," enterprise security firm Proofpoint said in a technical report. "The malware is a modular remote access trojan (RAT) with information]]> 2023-09-27T14:08:00+00:00 https://thehackernews.com/2023/09/new-zenrat-malware-targeting-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8388261 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. "Deadglyph\'s architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly," ESET said in a new report shared with The Hacker News. "This combination]]> 2023-09-23T16:40:00+00:00 https://thehackernews.com/2023/09/deadglyph-new-advanced-backdoor-with.html www.secnews.physaphae.fr/article.php?IdArticle=8387051 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering its 2FA code to their bank accounts or into entering their payment card number,"]]> 2023-09-22T20:18:00+00:00 https://thehackernews.com/2023/09/new-variant-of-banking-trojan-bbtok.html www.secnews.physaphae.fr/article.php?IdArticle=8386777 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The peer-to-peer (P2) worm known as P2PInfect has witnessed a surge in activity since late August 2023, witnessing a 600x jump between September 12 and 19, 2023. "This increase in P2PInfect traffic has coincided with a growing number of variants seen in the wild, suggesting that the malware\'s developers are operating at an extremely high development cadence," Cado Security researcher Matt Muir]]> 2023-09-21T18:21:00+00:00 https://thehackernews.com/2023/09/researchers-raise-red-flag-on-p2pinfect.html www.secnews.physaphae.fr/article.php?IdArticle=8386356 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being used to distribute malicious Linux software. "It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software," it said in an alert last week. "Only a small subset of users, specifically]]> 2023-09-21T14:18:00+00:00 https://thehackernews.com/2023/09/ukrainian-hacker-suspected-to-be-behind.html www.secnews.physaphae.fr/article.php?IdArticle=8386204 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim to distribute various malware families such as Sainbox RAT, Purple Fox, and a new trojan called ValleyRAT. "Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity," enterprise security firm Proofpoint said in a report shared with The]]> 2023-09-20T15:26:00+00:00 https://thehackernews.com/2023/09/sophisticated-phishing-campaign_20.html www.secnews.physaphae.fr/article.php?IdArticle=8385761 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Targets located in Azerbaijan have been singled out as part of a new campaign that\'s designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any known threat actor or group. "The operation has at least two different initial access vectors," security researchers]]> 2023-09-19T17:35:00+00:00 https://thehackernews.com/2023/09/operation-rusty-flag-azerbaijan.html www.secnews.physaphae.fr/article.php?IdArticle=8385300 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. "CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects," SentinelOne security]]> 2023-09-19T12:26:00+00:00 https://thehackernews.com/2023/09/transparent-tribe-uses-fake-youtube.html www.secnews.physaphae.fr/article.php?IdArticle=8385200 False Malware,Tool,Threat APT 36 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new analysis of the Android banking trojan known as Hook has revealed that it\'s based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week. "All commands (30 in total) that the malware operator can send to a device infected with ERMAC malware, also]]> 2023-09-18T17:41:00+00:00 https://thehackernews.com/2023/09/hook-new-android-banking-trojan-that.html www.secnews.physaphae.fr/article.php?IdArticle=8384866 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims\' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities.  "The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology]]> 2023-09-15T15:50:00+00:00 https://thehackernews.com/2023/09/nodestealer-malware-now-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8383661 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active. "]]> 2023-09-14T18:48:00+00:00 https://thehackernews.com/2023/09/free-download-manager-site-compromised.html www.secnews.physaphae.fr/article.php?IdArticle=8382668 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new ransomware family called 3AM has emerged in the wild after it was detected in a single incident in which an unidentified affiliate deployed the strain following an unsuccessful attempt to deploy LockBit (aka Bitwise Spider or Syrphid) in the target network. "3AM is written in Rust and appears to be a completely new malware family," the Symantec Threat Hunter Team, part of Broadcom, said in]]> 2023-09-13T15:26:00+00:00 https://thehackernews.com/2023/09/rust-written-3am-ransomware-sneak-peek.html www.secnews.physaphae.fr/article.php?IdArticle=8382266 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. "The attackers managed to steal credentials and compromise multiple computers on the organization\'s network," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with]]> 2023-09-12T15:48:00+00:00 https://thehackernews.com/2023/09/chinese-redfly-group-compromised.html www.secnews.physaphae.fr/article.php?IdArticle=8381754 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new information stealer malware called MetaStealer has set its sights on Apple macOS, making the latest in a growing list of stealer families focused on the operating system after Stealer, Pureland, Atomic Stealer, and Realst. "Threat actors are proactively targeting macOS businesses by posing as fake clients in order to socially engineer victims into launching malicious payloads," SentinelOne]]> 2023-09-12T11:43:00+00:00 https://thehackernews.com/2023/09/beware-metastealer-malware-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8381683 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware loader called HijackLoader is gaining traction among the cybercriminal community to deliver various payloads such as DanaBot, SystemBC, and RedLine Stealer. "Even though HijackLoader does not contain advanced features, it is capable of using a variety of modules for code injection and execution since it uses a modular architecture, a feature that most loaders do not have," Zscaler]]> 2023-09-11T11:53:00+00:00 https://thehackernews.com/2023/09/new-hijackloader-modular-malware-loader.html www.secnews.physaphae.fr/article.php?IdArticle=8381150 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts and uses]]> 2023-09-09T11:55:00+00:00 https://thehackernews.com/2023/09/cybercriminals-weaponizing-legitimate.html www.secnews.physaphae.fr/article.php?IdArticle=8380666 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments.  Recently, a]]> 2023-09-08T16:57:00+00:00 https://thehackernews.com/2023/09/protecting-your-microsoft-iis-servers.html www.secnews.physaphae.fr/article.php?IdArticle=8380410 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it\'s being actively maintained by its author. An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly after that, new variants with an expanded set of information-gathering]]> 2023-09-07T20:38:00+00:00 https://thehackernews.com/2023/09/mac-users-beware-malvertising-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=8380149 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control (C2) framework called Mythic. “New BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers exposure within VM/sandbox environments,” Elastic Security Labs researchers Salim Bitam and Daniel]]> 2023-09-05T19:34:00+00:00 https://thehackernews.com/2023/09/new-blister-malware-update-fuelling.html www.secnews.physaphae.fr/article.php?IdArticle=8379180 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes. "It has undergone major overhauls: from being rewritten entirely in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesign and an enhanced communication protocol," Morphisec said in a new detailed technical write-up shared with The Hacker]]> 2023-09-05T17:49:00+00:00 https://thehackernews.com/2023/09/new-python-variant-of-chaes-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8379141 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart. “One characteristic of the attacks identified in 2023 is that there are numerous malware strains developed in the Go language,” the AhnLab Security Emergency Response Center (ASEC) said in a deep dive]]> 2023-09-05T15:45:00+00:00 https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html www.secnews.physaphae.fr/article.php?IdArticle=8379144 False Malware,Tool,Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian state-sponsored actor called Sandworm, has capabilities to “enable unauthorized access to compromised]]> 2023-09-01T15:35:00+00:00 https://thehackernews.com/2023/09/russian-state-backed-infamous-chisel.html www.secnews.physaphae.fr/article.php?IdArticle=8377867 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An open-source .NET-based information stealer malware dubbed SapphireStealer is being used by multiple entities to enhance its capabilities and spawn their own bespoke variants. “Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate credentials, which are often resold to other threat actors who leverage the access for additional]]> 2023-08-31T19:45:00+00:00 https://thehackernews.com/2023/08/sapphirestealer-malware-gateway-to.html www.secnews.physaphae.fr/article.php?IdArticle=8377227 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework. The findings were presented by Deep Instinct security researcher Daniel Avinoam at the DEF CON security conference held earlier this month. Microsoft\'s container architecture (and by extension,]]> 2023-08-30T22:34:00+00:00 https://thehackernews.com/2023/08/hackers-can-exploit-windows-container.html www.secnews.physaphae.fr/article.php?IdArticle=8376838 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A coordinated law enforcement effort codenamed Operation Duck Hunt has felled QakBot, a notorious Windows malware family that\'s estimated to have compromised over 700,000 computers globally and facilitated financial fraud as well as ransomware. To that end, the U.S. Justice Department (DoJ) said the malware is "being deleted from victim computers, preventing it from doing any more harm," adding]]> 2023-08-30T09:35:00+00:00 https://thehackernews.com/2023/08/fbi-dismantles-qakbot-malware-frees.html www.secnews.physaphae.fr/article.php?IdArticle=8376566 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate. "The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom Security said in a report published last week. The latest findings build on recent findings from security]]> 2023-08-29T20:08:00+00:00 https://thehackernews.com/2023/08/darkgate-malware-activity-spikes-as.html www.secnews.physaphae.fr/article.php?IdArticle=8376271 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An updated version of a botnet malware called KmsdBot is now targeting Internet of Things (IoT) devices, simultaneously branching out its capabilities and the attack surface. "The binary now includes support for Telnet scanning and support for more CPU architectures," Akamai security researcher Larry W. Cashdollar said in an analysis published this month. The latest iteration,]]> 2023-08-28T11:13:00+00:00 https://thehackernews.com/2023/08/kmsdbot-malware-gets-upgrade-now.html www.secnews.physaphae.fr/article.php?IdArticle=8375509 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco Talos said in a two-part analysis]]> 2023-08-24T20:46:00+00:00 https://thehackernews.com/2023/08/lazarus-group-exploits-critical-zoho.html www.secnews.physaphae.fr/article.php?IdArticle=8374129 False Malware,Threat APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The SmokeLoader malware is being used to deliver a new Wi-Fi scanning malware strain called Whiffy Recon on compromised Windows machines. "The new malware strain has only one operation. Every 60 seconds it triangulates the infected systems\' positions by scanning nearby Wi-Fi access points as a data point for Google\'s geolocation API," Secureworks Counter Threat Unit (CTU) said in a statement]]> 2023-08-24T16:54:00+00:00 https://thehackernews.com/2023/08/new-whiffy-recon-malware-triangulates.html www.secnews.physaphae.fr/article.php?IdArticle=8374039 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security\'s p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential harvesting malware while continuing to develop infrastructure for an upcoming (spoiler: now launched) campaign]]> 2023-08-23T17:14:00+00:00 https://thehackernews.com/2023/08/agile-approach-to-mass-cloud-credential.html www.secnews.physaphae.fr/article.php?IdArticle=8373614 False Malware,Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. "These RATs are designed to allow an attacker to remotely perform real-time actions and control the victim device\'s camera, location, and microphone," Cybersecurity firm Cyfirma said in a report published last week. CypherRAT and CraxsRAT are said to be offered to other cybercriminals as]]> 2023-08-23T17:14:00+00:00 https://thehackernews.com/2023/08/syrian-threat-actor-evlf-unmasked-as.html www.secnews.physaphae.fr/article.php?IdArticle=8373615 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote." "The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis. "The application]]> 2023-08-22T12:35:00+00:00 https://thehackernews.com/2023/08/new-variant-of-xloader-macos-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8373010 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them as exit nodes to reroute proxy requests. According to AT&T Alien Labs, the unnamed company that offers the proxy service operates more than 400,000 proxy exit nodes, although it\'s not immediately clear how many of them were co-opted by malware installed on]]> 2023-08-21T15:39:00+00:00 https://thehackernews.com/2023/08/this-malware-turned-thousands-of-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=8372694 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system. Besides recompiling malware samples for different architectures, the artifacts are said to have been hosted on new virtual private servers (VPSs), Lumen Black Lotus Labs said in a report]]> 2023-08-21T11:07:00+00:00 https://thehackernews.com/2023/08/hiatusrat-malware-resurfaces-taiwan.html www.secnews.physaphae.fr/article.php?IdArticle=8372598 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That\'s according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on the operating system without any problems. There is no evidence that the apps were available on the]]> 2023-08-19T11:58:00+00:00 https://thehackernews.com/2023/08/thousands-of-android-malware-apps-using.html www.secnews.physaphae.fr/article.php?IdArticle=8372107 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock,]]> 2023-08-17T15:09:00+00:00 https://thehackernews.com/2023/08/russian-hackers-use-zulip-chat-app-for.html www.secnews.physaphae.fr/article.php?IdArticle=8371161 False Malware,Threat APT 29 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily. With limited resources and often immature cyber defense programs, these publicly funded organizations are struggling]]> 2023-08-15T17:45:00+00:00 https://thehackernews.com/2023/08/malware-unleashed-public-sector-hit-in.html www.secnews.physaphae.fr/article.php?IdArticle=8370232 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Account holders of over numerous financial institutions in Thailand, Indonesia, Vietnam, the Philippines, and Peru are being targeted by an Android banking malware called Gigabud RAT. "One of Gigabud RAT\'s unique features is that it doesn\'t execute any malicious actions until the user is authorized into the malicious application by a fraudster, [...] which makes it harder to detect," Group-IB]]> 2023-08-15T15:45:00+00:00 https://thehackernews.com/2023/08/gigabud-rat-android-banking-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8370202 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A "staggering" 120,000 computers infected by stealer malware have credentials associated with cybercrime forums, many of them belonging to malicious actors. The findings come from Hudson Rock, which analyzed data collected from computers compromised between 2018 to 2023. "Hackers around the world infect computers opportunistically by promoting results for fake software or through YouTube]]> 2023-08-15T13:01:00+00:00 https://thehackernews.com/2023/08/over-12000-computers-compromised-by.html www.secnews.physaphae.fr/article.php?IdArticle=8370105 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users in Latin America (LATAM) are the target of a financial malware called JanelaRAT that\'s capable of capturing sensitive information from compromised Microsoft Windows systems. "JanelaRAT mainly targets financial and cryptocurrency data from LATAM bank and financial institutions," Zscaler ThreatLabz researchers Gaetano Pellegrino and Sudeep Singh said, adding it "abuses DLL side-loading]]> 2023-08-14T15:55:00+00:00 https://thehackernews.com/2023/08/new-financial-malware-janelarat-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8369868 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox. The malware is part of a broader collection of more than 15 implants that have been put to use by the adversary in attacks targeting industrial organizations in Eastern Europe]]> 2023-08-11T15:42:00+00:00 https://thehackernews.com/2023/08/researchers-shed-light-on-apt31s.html www.secnews.physaphae.fr/article.php?IdArticle=8368885 False Malware,Threat,Industrial APT 31,APT 31 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor has been linked to a cyber attack on a power generation company in South Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a South African nation\'s critical infrastructure," Kurt Baumgartner, principal security researcher at]]> 2023-08-11T15:10:00+00:00 https://thehackernews.com/2023/08/new-systembc-malware-variant-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8368855 False Ransomware,Malware,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malicious actors are using a legitimate Rust-based injector called Freeze[.]rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It has also been used to introduce Remcos RAT by means of a crypter called SYK Crypter, which was]]> 2023-08-10T19:50:00+00:00 https://thehackernews.com/2023/08/new-attack-alert-freezers-injector.html www.secnews.physaphae.fr/article.php?IdArticle=8368429 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information. "Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week. "It can steal]]> 2023-08-10T19:38:00+00:00 https://thehackernews.com/2023/08/new-statc-stealer-malware-emerges-your.html www.secnews.physaphae.fr/article.php?IdArticle=8368395 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The operators associated with the QakBot (aka QBot) malware have set up 15 new command-and-control (C2) servers as of late June 2023. The findings are a continuation of the malware\'s infrastructure analysis from Team Cymru, and arrive a little over two months after Lumen Black Lotus Labs revealed that 25% of its C2 servers are only active for a single day. "QakBot has a history of taking an]]> 2023-08-08T19:45:00+00:00 https://thehackernews.com/2023/08/qakbot-malware-operators-expand-c2.html www.secnews.physaphae.fr/article.php?IdArticle=8367307 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware campaign has been observed making use of malicious OpenBullet configuration files to target inexperienced cyber criminals with the goal of delivering a remote access trojan (RAT) capable of stealing sensitive information. Bot mitigation company Kasada said the activity is designed to "exploit trusted criminal networks," describing it as an instance of advanced threat actors "]]> 2023-08-07T21:27:00+00:00 https://thehackernews.com/2023/08/new-malware-campaign-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8366834 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Vulnerable Redis services have been targeted by a "new, improved, dangerous" variant of a malware called SkidMap that\'s engineered to target a wide range of Linux distributions. "The malicious nature of this malware is to adapt to the system on which it is executed," Trustwave security researcher Radoslaw Zdonczyk said in an analysis published last week. Some of the Linux distribution SkidMap]]> 2023-08-07T15:22:00+00:00 https://thehackernews.com/2023/08/new-skidmap-redis-malware-variant.html www.secnews.physaphae.fr/article.php?IdArticle=8366730 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are using an open-source rootkit called Reptile to target Linux systems in South Korea. "Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse shell, allowing threat actors to easily take control of systems," the AhnLab Security Emergency Response Center (ASEC) said in a report published this week. "Port]]> 2023-08-05T13:22:00+00:00 https://thehackernews.com/2023/08/reptile-rootkit-advanced-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8366011 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging a technique called versioning to evade Google Play Store\'s malware detections and target Android users. "Campaigns using versioning commonly target users\' credentials, data, and finances," Google Cybersecurity Action Team (GCAT) said in its August 2023 Threat Horizons Report shared with The Hacker News. While versioning is not a new phenomenon, it\'s sneaky and hard]]> 2023-08-03T21:48:00+00:00 https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html www.secnews.physaphae.fr/article.php?IdArticle=8365329 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. "It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension Manifest V3, and additional features such as the ability to exfiltrate stolen data to a Telegram channel]]> 2023-08-03T20:03:00+00:00 https://thehackernews.com/2023/08/new-version-of-rilide-data-theft.html www.secnews.physaphae.fr/article.php?IdArticle=8365287 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware called Ursnif (aka Gozi). "It is a sophisticated downloader with the objective of installing a second malware payload," Proofpoint said in a technical report. "The malware uses multiple mechanisms to evade]]> 2023-08-01T09:50:00+00:00 https://thehackernews.com/2023/08/cybercriminals-renting-wikiloader-to.html www.secnews.physaphae.fr/article.php?IdArticle=8364133 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The P2PInfect peer-to-peer (P2) worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security researchers Nate Bill and Matt Muir said in a report shared with The Hacker News. "A common attack]]> 2023-07-31T19:08:00+00:00 https://thehackernews.com/2023/07/new-p2pinfect-worm-targets-redis.html www.secnews.physaphae.fr/article.php?IdArticle=8363877 False Malware None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) routers as part of a multi-year campaign active since at least May 2021. AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands and stealing victim\'s bandwidth for what appears to be an]]> 2023-07-31T14:55:00+00:00 https://thehackernews.com/2023/07/avrecon-botnet-leveraging-compromised.html www.secnews.physaphae.fr/article.php?IdArticle=8363800 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT. "Among the software in question are various instruments for fine-tuning CPUs, graphic cards, and BIOS; PC hardware-monitoring tools; and some other apps," cybersecurity]]> 2023-07-31T14:08:00+00:00 https://thehackernews.com/2023/07/fruity-trojan-uses-deceptive-software.html www.secnews.physaphae.fr/article.php?IdArticle=8363801 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather sensitive data stored in pictures. CherryBlos, per Trend Micro, is distributed via bogus posts on social media platforms and comes with capabilities to steal cryptocurrency wallet-related credentials and act as a clipper to substitute wallet addresses when a]]> 2023-07-29T13:40:00+00:00 https://thehackernews.com/2023/07/new-android-malware-cherryblos.html www.secnews.physaphae.fr/article.php?IdArticle=8363134 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that\'s used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that started off as a banking trojan in 2017, before switching to the role of an initial access facilitator]]> 2023-07-28T18:40:00+00:00 https://thehackernews.com/2023/07/icedid-malware-adapts-and-expands.html www.secnews.physaphae.fr/article.php?IdArticle=8362759 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE. "Based on the source and likely targets, these types of attacks are on par with past attacks stemming from typical North]]> 2023-07-28T18:27:00+00:00 https://thehackernews.com/2023/07/starkmule-targets-koreans-with-us.html www.secnews.physaphae.fr/article.php?IdArticle=8362734 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it\'s a significant upgrade over the Pupy RAT, an open-source remote access trojan it\'s modeled on. "Decoy Dog has a full suite of powerful, previously unknown capabilities – including the ability to move victims to another controller, allowing them to maintain communication with compromised machines and remain]]> 2023-07-26T18:43:00+00:00 https://thehackernews.com/2023/07/decoy-dog-new-breed-of-malware-posing.html www.secnews.physaphae.fr/article.php?IdArticle=8361727 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware family called Realst has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system. Written in the Rust programming language, the malware is distributed in the form of bogus blockchain games and is capable of "emptying crypto wallets and stealing stored password and]]> 2023-07-26T12:38:00+00:00 https://thehackernews.com/2023/07/rust-based-realst-infostealer-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8361608 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The financially motivated threat actors behind the Casbaneiro banking malware family have been observed making use of a User Account Control (UAC) bypass technique to gain full administrative privileges on a machine, a sign that the threat actor is evolving their tactics to avoid detection and execute malicious code on compromised assets. "They are still heavily focused on Latin American]]> 2023-07-25T17:40:00+00:00 https://thehackernews.com/2023/07/casbaneiro-banking-malware-goes-under.html www.secnews.physaphae.fr/article.php?IdArticle=8361218 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As the number of people using macOS keeps going up, so does the desire of hackers to take advantage of flaws in Apple\'s operating system.  What Are the Rising Threats to macOS? There is a common misconception among macOS fans that Apple devices are immune to hacking and malware infection. However, users have been facing more and more dangers recently. Inventive attackers are specifically]]> 2023-07-25T16:54:00+00:00 https://thehackernews.com/2023/07/macos-under-attack-examining-growing.html www.secnews.physaphae.fr/article.php?IdArticle=8361219 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. "HotRat malware equips attackers with a wide array of capabilities, such as stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and]]> 2023-07-21T20:35:00+00:00 https://thehackernews.com/2023/07/hotrat-new-variant-of-asyncrat-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8359762 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts. "BundleBot is abusing the dotnet bundle (single-file), self-contained format that results in very low or no static detection at all," Check Point said in a report]]> 2023-07-21T17:40:00+00:00 https://thehackernews.com/2023/07/sophisticated-bundlebot-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8359714 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called WyrmSpy and DragonEgg. "Known for its exploitation of web-facing applications and infiltration of traditional endpoint devices, an established threat actor like APT 41 including mobile in its arsenal of malware shows how mobile endpoints are high-value]]> 2023-07-19T15:50:00+00:00 https://thehackernews.com/2023/07/chinese-apt41-hackers-target-mobile.html www.secnews.physaphae.fr/article.php?IdArticle=8358765 False Malware,Threat APT 41,APT 41 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that\'s commonly associated with Chinese hacking crews. Targets included a Pakistan government entity, a public sector bank, and a telecommunications provider, according to Trend Micro. The infections took place between mid-February 2022 and]]> 2023-07-18T18:28:00+00:00 https://thehackernews.com/2023/07/pakistani-entities-targeted-in.html www.secnews.physaphae.fr/article.php?IdArticle=8358303 False Malware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Discover stories about threat actors\' latest tactics, techniques, and procedures from Cybersixgill\'s threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web. Stolen ChatGPT]]> 2023-07-18T16:24:00+00:00 https://thehackernews.com/2023/07/go-beyond-headlines-for-deeper-dives.html www.secnews.physaphae.fr/article.php?IdArticle=8358216 False Ransomware,Malware,Vulnerability,Threat ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cyber attacks using infected USB infection drives as an initial access vector have witnessed a three-fold increase in the first half of 2023,  That\'s according to new findings from Mandiant, which detailed two such campaigns – SOGU and SNOWYDRIVE – targeting both public and private sector entities across the world. SOGU is the "most prevalent USB-based cyber espionage attack using USB flash]]> 2023-07-17T16:25:00+00:00 https://thehackernews.com/2023/07/malicious-usb-drives-targetinging.html www.secnews.physaphae.fr/article.php?IdArticle=8357707 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems. "LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher Cara Lin said. "It primarily targets Windows systems and aims to gather sensitive information from]]> 2023-07-17T14:34:00+00:00 https://thehackernews.com/2023/07/cybercriminals-exploit-microsoft-word.html www.secnews.physaphae.fr/article.php?IdArticle=8357669 False Malware,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware strain has been found covertly targeting small office/home office (SOHO) routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries. Lumen Black Lotus Labs has dubbed the malware AVrecon, making it the third such strain to focus on SOHO routers after ZuoRAT and HiatusRAT over the past year. "This makes AVrecon one]]> 2023-07-14T13:10:00+00:00 https://thehackernews.com/2023/07/new-soho-router-botnet-avrecon-spreads.html www.secnews.physaphae.fr/article.php?IdArticle=8356423 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems. The intrusion set, which stretches from April 2022 to July 2023, leverages phishing lures and decoy documents to deploy a downloader malware called PicassoLoader, which]]> 2023-07-13T21:37:00+00:00 https://thehackernews.com/2023/07/picassoloader-malware-used-in-ongoing.html www.secnews.physaphae.fr/article.php?IdArticle=8356090 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method. "In this instance, the PoC is a wolf in sheep\'s clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said.]]> 2023-07-13T18:26:00+00:00 https://thehackernews.com/2023/07/blog-post.html www.secnews.physaphae.fr/article.php?IdArticle=8355966 False Malware,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as "Letscall." This technique is currently targeting individuals in South Korea. The criminals behind "Letscall" employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store website. Once the malicious software is installed, it redirects]]> 2023-07-07T23:42:00+00:00 https://thehackernews.com/2023/07/vishing-goes-high-tech-new-letscall.html www.secnews.physaphae.fr/article.php?IdArticle=8353445 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems. These sophisticated attacks exploit a critical vulnerability (CVE-2022-31199) in the widely used Netwrix Auditor server and its associated agents. This]]> 2023-07-07T10:42:00+00:00 https://thehackernews.com/2023/07/cybersecurity-agencies-sound-alarm-on.html www.secnews.physaphae.fr/article.php?IdArticle=8353305 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware. "TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint said in a new report. "When given the opportunity, TA453]]> 2023-07-06T23:36:00+00:00 https://thehackernews.com/2023/07/iranian-hackers-sophisticated-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8353098 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages. The malware "possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for]]> 2023-07-05T19:40:00+00:00 https://thehackernews.com/2023/07/redenergy-stealer-as-ransomware-threat.html www.secnews.physaphae.fr/article.php?IdArticle=8352495 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The npm registry for the Node.js JavaScript runtime environment is susceptible to what\'s called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package\'s manifest is published independently from its tarball," Darcy Clarke, a former GitHub and npm engineering manager]]> 2023-07-05T14:30:00+00:00 https://thehackernews.com/2023/07/nodejs-users-beware-manifest-confusion.html www.secnews.physaphae.fr/article.php?IdArticle=8352397 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An e-crime actor of Mexican provenance has been linked to an Android mobile malware campaign targeting financial institutions globally, but with a specific focus on Spanish and Chilean banks, from June 2021 to April 2023. The activity is being attributed to an actor codenamed Neo_Net, according to security researcher Pol Thill. The findings were published by SentinelOne following a Malware]]> 2023-07-04T15:28:00+00:00 https://thehackernews.com/2023/07/mexico-based-hacker-targets-global.html www.secnews.physaphae.fr/article.php?IdArticle=8352112 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application. "Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations," Trend Micro researchers said in an analysis published last week. "In this case, the distribution]]> 2023-07-03T10:16:00+00:00 https://thehackernews.com/2023/07/blackcat-operators-distributing.html www.secnews.physaphae.fr/article.php?IdArticle=8351711 False Ransomware,Malware,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Researchers have pulled back the curtain on an updated version of an Apple macOS malware called Rustbucket that comes with improved capabilities to establish persistence and avoid detection by security software. "This variant of Rustbucket, a malware family that targets macOS systems, adds persistence capabilities not previously observed," Elastic Security Labs researchers said in a report]]> 2023-07-01T11:28:00+00:00 https://thehackernews.com/2023/07/beware-new-rustbucket-malware-variant.html www.secnews.physaphae.fr/article.php?IdArticle=8351254 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Charming Kitten, the nation-state actor affiliated with Iran\'s Islamic Revolutionary Guard Corps (IRGC), has been attributed to a bespoke spear-phishing campaign that delivers an updated version of a fully-featured PowerShell backdoor called POWERSTAR. "There have been improved operational security measures placed in the malware to make it more difficult to analyze and collect intelligence,"]]> 2023-06-30T19:24:00+00:00 https://thehackernews.com/2023/06/iranian-hackers-charming-kitten-utilize.html www.secnews.physaphae.fr/article.php?IdArticle=8351031 False Malware APT 35 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse. The malware "represents a significant shift as it incorporates the malicious components directly within the Flutter code," Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report published last week. Fluhorse was first documented by Check Point in early May 2023, detailing its]]> 2023-06-29T19:10:00+00:00 https://thehackernews.com/2023/06/fluhorse-flutter-based-android-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8350648 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. "Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from the command-and-control (C2) server," Kaspersky said in a new report. Also called Silent Chollima and Stonefly,]]> 2023-06-29T16:19:00+00:00 https://thehackernews.com/2023/06/north-korean-hacker-group-andariel.html www.secnews.physaphae.fr/article.php?IdArticle=8350591 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data from infected hosts. Fortinet FortiGuard Labs, which made the discovery, said it found the malware in an executable that masqueraded as a PDF file with a Russian name "CMK Правила оформления больничных листов.pdf.exe," which translates to "CMK]]> 2023-06-29T10:18:00+00:00 https://thehackernews.com/2023/06/newly-uncovered-thirdeye-windows-based.html www.secnews.physaphae.fr/article.php?IdArticle=8350490 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems. "The injection is executed without space allocation, setting permissions or even starting a thread," Security Joes researchers Thiago Peixoto, Felipe Duarte, and  Ido Naor said in a report shared with The Hacker News. "The]]> 2023-06-27T19:52:00+00:00 https://thehackernews.com/2023/06/new-mockingjay-process-injection.html www.secnews.physaphae.fr/article.php?IdArticle=8349749 False Malware,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Android malware campaign has been observed pushing the Anatsa banking trojan to target banking customers in the U.S., U.K., Germany, Austria, and Switzerland since the start of March 2023. "The actors behind Anatsa aim to steal credentials used to authorize customers in mobile banking applications and perform Device-Takeover Fraud (DTO) to initiate fraudulent transactions," ThreatFabric]]> 2023-06-27T16:02:00+00:00 https://thehackernews.com/2023/06/anatsa-banking-trojan-targeting-users.html www.secnews.physaphae.fr/article.php?IdArticle=8349681 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its "User-Agent" string. Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware. A recent report from Proofpoint]]> 2023-06-23T16:10:00+00:00 https://thehackernews.com/2023/06/powerful-javascript-dropper-pindos.html www.secnews.physaphae.fr/article.php?IdArticle=8348439 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. "The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances, such as Warzone RAT and Quasar RAT," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov]]> 2023-06-22T22:28:00+00:00 https://thehackernews.com/2023/06/multistorm-campaign-targets-india-and.html www.secnews.physaphae.fr/article.php?IdArticle=8348197 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives. "While their primary focus has traditionally been Southeast Asian countries, this latest discovery reveals their global reach and highlights the alarming role USB drives play in spreading malware," Check Point said in new]]> 2023-06-22T18:35:00+00:00 https://thehackernews.com/2023/06/camaro-dragon-hackers-strike-with-usb.html www.secnews.physaphae.fr/article.php?IdArticle=8348067 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. "The threat actor sent their commands through the Golang backdoor that is using the Ably service," the AhnLab Security Emergency response Center (]]> 2023-06-21T21:46:00+00:00 https://thehackernews.com/2023/06/scarcruft-hackers-exploit-ably-service.html www.secnews.physaphae.fr/article.php?IdArticle=8347758 False Malware,Threat APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More details have emerged about the spyware implant that\'s delivered to iOS devices as part of a campaign called Operation Triangulation. Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which it gets automatically uninstalled unless the time period is extended by the attackers. The Russian]]> 2023-06-21T19:00:00+00:00 https://thehackernews.com/2023/06/new-report-exposes-operation.html www.secnews.physaphae.fr/article.php?IdArticle=8347693 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work of a threat actor who goes by the online alias zxcr9999 on Telegram and runs a Telegram channel]]> 2023-06-21T11:06:00+00:00 https://thehackernews.com/2023/06/new-condi-malware-hijacking-tp-link-wi.html www.secnews.physaphae.fr/article.php?IdArticle=8347607 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer. "The operation was active for more than a year with the end goal of compromising credentials and data exfiltration," Bitdefender security researcher Victor Vrabie said in a technical report shared with The Hacker News. Evidence gathered by the Romanian]]> 2023-06-20T17:25:00+00:00 https://thehackernews.com/2023/06/experts-uncover-year-long-cyber-attack.html www.secnews.physaphae.fr/article.php?IdArticle=8347299 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new information-stealing malware called Mystic Stealer has been found to steal data from about 40 different web browsers and over 70 web browser extensions. First advertised on April 25, 2023, for $150 per month, the malware also targets cryptocurrency wallets, Steam, and Telegram, and employs extensive mechanisms to resist analysis. "The code is heavily obfuscated making use of polymorphic]]> 2023-06-19T20:51:00+00:00 https://thehackernews.com/2023/06/new-mystic-stealer-malware-targets-40.html www.secnews.physaphae.fr/article.php?IdArticle=8347036 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Vidar malware have made changes to their backend infrastructure, indicating attempts to retool and conceal their online trail in response to public disclosures about their modus operandi. "Vidar threat actors continue to rotate their backend IP infrastructure, favoring providers in Moldova and Russia," cybersecurity company Team Cymru said in a new analysis shared]]> 2023-06-15T19:18:00+00:00 https://thehackernews.com/2023/06/vidar-malware-using-new-tactics-to.html www.secnews.physaphae.fr/article.php?IdArticle=8345749 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Golang-based information stealer called Skuld has compromised Windows systems across Europe, Southeast Asia, and the U.S. "This new malware strain tries to steal sensitive information from its victims," Trellix researcher Ernesto Fernández Provecho said in a Tuesday analysis. "To accomplish this task, it searches for data stored in applications such as Discord and web browsers; information]]> 2023-06-14T16:13:00+00:00 https://thehackernews.com/2023/06/new-golang-based-skuld-malware-stealing.html www.secnews.physaphae.fr/article.php?IdArticle=8345285 False Malware None 3.0000000000000000