July 3, 2024 at 12:15AM Cybersecurity researchers have uncovered a highly targeted attack campaign, named Supposed Grasshopper, targeting Israeli entities using open-source malware such as Donut and Sliver. The attackers use custom WordPress websites to deliver the malware, and the campaign could be the work of a small team. The end goal of the campaign … Read more
July 1, 2024 at 09:06AM On June 18, 2024, cybersecurity firm Rapid7 discovered trojanized installers for three software products from Indian company Conceptworld, distributing information-stealing malware. The compromise was remediated by Conceptworld within 12 hours of disclosure. The malware is capable of stealing browser credentials, cryptocurrency wallet information, logging keystrokes, and establishing connections with command-and-control … Read more
June 28, 2024 at 09:33AM SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that may have gone unnoticed. This week’s stories include Microsoft patching a critical Dataverse vulnerability, a credential stuffing attack on Levi Strauss, a data breach at Ventura County Credit Union, malware delivery by a South Korean ISP, and various … Read more
June 26, 2024 at 09:35AM Snowblind, a new Android malware, bypasses app anti-tampering protections by abusing the seccomp security feature. It targets apps handling sensitive data, intercepts system calls, and manipulates processes to avoid detection and modify app behavior. Google Play Protect offers automatic protection, but the malware’s techniques could pose a threat to Android … Read more
June 25, 2024 at 07:58PM The polyfill.io domain, previously used to add JavaScript polyfills to websites, has been found serving malicious code, infecting over 100,000 sites. Security firms warn website owners to remove any embedded code from the domain. Google is blocking affected websites’ ads, and affected site owners are being notified. The domain’s sale … Read more
June 19, 2024 at 07:00AM Cybersecurity firm Trend Micro discovered a new threat group targeting Chinese-speaking users with a campaign dubbed Void Arachne. The attack employs malicious Windows Installer files for VPNs to distribute the Winos 4.0 command-and-control framework. The campaign involves social media and messaging platforms and promotes compromised files with deepfake and AI … Read more
June 4, 2024 at 12:06PM Russian organizations have been targeted in cyber attacks delivering a Windows version of the Decoy Dog malware by the HellHounds group. The advanced persistent threat (APT) group compromises organizations, remaining undetected for years. The malware includes a custom variant of the open-source Pupy RAT and is designed to maintain covert … Read more
May 24, 2024 at 06:00AM The courtroom video recording software developed by Justice AV Solutions (JAVS) has been targeted in a software supply chain attack, resulting in the delivery of malware known as RustDoor. Cybersecurity firm Rapid7 discovered the attack and reported that the compromised installer and associated executable have been signed with unexpected Authenticode … Read more
May 20, 2024 at 12:10PM The BiBi Wiper malware’s new variants are targeting Israeli and Albanian systems, linked to an Iranian hacking group named ‘Void Manticore.’ Check Point Research uncovered newer variants and operational overlaps involving another Iranian threat group. The malware is designed to complicate data restoration efforts, significantly extending downtime for targeted victims … Read more
May 16, 2024 at 10:15AM The Kimsuky hacking group is behind a new social engineering attack, using fictitious Facebook accounts to target individuals via Messenger and deliver malware. The campaign impersonates a legitimate individual to trick activists in the North Korean human rights and anti-North Korea sectors. This approach aims to avoid detection and may … Read more