November 1, 2023 at 10:49AM Cybercriminals are increasingly using macro-enabled Excel add-in (XLL) files in malware attacks, according to HP Wolf Security. XLL files are now the seventh most commonly abused file extension, offering attackers greater capabilities than other options. Attackers have been experimenting with different file types since Visual Basic for Applications (VBA) macros … Read more
November 1, 2023 at 08:49AM Threat actors are continuously publishing malicious NuGet packages as part of an ongoing campaign, exploiting code execution capabilities. The campaign, which began in August, has seen hundreds of malicious packages placed in the NuGet repository. The threat actors adapt their tactics, utilizing typosquatting and placing malicious functionality in .targets files … Read more
November 1, 2023 at 03:49AM Turla, a Russia-linked hacking group, is using an updated version of a backdoor called Kazuar that emphasizes stealth and evasion techniques, according to Palo Alto Networks Unit 42. Kazuar, a .NET-based implant first discovered in 2017, has been improved by the threat actor behind the operation to enhance their attack … Read more
October 31, 2023 at 11:29AM Prolific Puma, an actor known by researchers for providing link shortening services, has been assisting cybercriminals for over four years without attracting attention. The actor has registered thousands of domains, particularly on the US top-level domain, to facilitate phishing, scams, and malware distribution. Prolific Puma’s service involves short links that … Read more
October 31, 2023 at 11:17AM A cyber espionage group known as Arid Viper has been identified as responsible for an Android spyware campaign targeting Arabic-speaking users. The campaign uses a counterfeit dating app to gather data from infected devices. The malware has features that allow for the collection of sensitive information and the deployment of … Read more
October 31, 2023 at 08:18AM Malicious packages have been discovered on the NuGet package manager, deployed using a lesser-known method. The campaign, ongoing since August 2023, involves rogue packages delivering the SeroXen RAT remote access trojan. The threat actors behind the campaign are persistent, continuously publishing new malicious packages. The packages imitate popular ones and … Read more
October 30, 2023 at 01:10PM A pro-Hamas hacktivist group has developed a new Linux-based wiper malware called BiBi-Linux Wiper. The malware targets Israeli entities during the ongoing Israeli-Hamas war. BiBi-Linux Wiper is destructive and can potentially destroy an entire operating system if run with root permissions. It overwrites files and renames them with the string … Read more
October 30, 2023 at 12:42AM A cyber attack campaign has been using MSIX Windows app package files to distribute a new malware loader named GHOSTPULSE. The attack targets popular software like Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex. Potential victims are enticed to download the packages through compromised websites, SEO poisoning, or malvertising. … Read more
October 27, 2023 at 11:43AM The Lazarus Group, a North Korea-linked threat actor, has launched a new cyber attack campaign targeting a software vendor through known security flaws in another software. The attack involved the deployment of malware families such as SIGNBT and LPEClient. The Lazarus Group has demonstrated advanced evasion techniques and targeted other … Read more
October 27, 2023 at 10:43AM Cybersecurity firm Kaspersky has warned about a highly advanced piece of malware named StripedFly that has been infecting over one million devices for the past five years. The threat is designed as a modular framework and can target both Windows and Linux systems. It utilizes a Tor network tunnel for … Read more