July 3, 2024 at 12:15AM An unnamed South Korean enterprise resource planning (ERP) vendor’s product update server was compromised, leading to the delivery of a Go-based backdoor called Xctdoor. AhnLab Security Intelligence Center identified the attack, which shares similarities with tactics used by the infamous Lazarus Group. The attack also involved a malware injector called … Read more
July 2, 2024 at 01:41AM A South Korean ERP vendor’s product update server was breached, resulting in the delivery of malware instead of legitimate updates. The attack, potentially linked to the North Korea-associated Andariel group, targeted ERP systems with backdoors named HotCroissant and Riffdoor. This incident, detected by AhnLab, highlights the threat posed by such … Read more
June 25, 2024 at 08:00AM Rare VR headset attacks were demonstrated by researcher Harish Santhanalakshmi Ganesan, who managed to install ransomware on Meta’s Quest 3 using a method relying on limited Android-based system knowledge and social engineering. Despite no specific malware vulnerability found, the process exposes the potential for similar attacks and serves as a … Read more
June 20, 2024 at 02:39AM Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader, targeting Chinese organizations through phishing campaigns. The loader uses various evasion techniques and can deliver second-stage shellcode payloads. Meanwhile, other loaders like Taurus Loader and PikaBot continue to evolve, presenting challenges for detection and mitigation. A law enforcement effort … Read more
June 17, 2024 at 01:36AM Threat actors are deploying the NiceRAT malware to create a botnet, targeting South Korean users by disguising the malware as cracked software. The malware is distributed via crack programs and infected devices, making detection difficult. NiceRAT is an actively developed open-source RAT and stealer malware, offering a premium version under … Read more
June 14, 2024 at 10:27AM Pakistan-based threat actors, identified as Cosmic Leopard and UTA0137, have targeted Indian government entities in separate espionage campaigns. Operation Celestial Force, ongoing since 2018, utilizes Android and Windows malware to target individuals in defense, government, and related technology sectors. Similarly, UTA0137 has been using the ‘Disgomoji’ malware to access Linux … Read more
June 11, 2024 at 12:37PM A new Windows backdoor named WarmCookie, distributed through phishing emails, has become the latest tool for cyber attackers. Despite lacking sophistication, this backdoor is actively impacting organizations globally. It targets individuals with job recruitment lures and can ultimately lead to ransomware deployment. Organizations are urged to watch out for it … Read more
June 7, 2024 at 01:09PM Microsoft has responded to public pressure by changing the default settings for its Windows Recall feature on Copilot+ PCs. Following criticism about security and privacy risks, the company announced that the feature will now be off by default, with additional security measures such as encryption and user authentication requirements. Microsoft … Read more
June 5, 2024 at 05:51PM Cyber attackers exploited a zero-day vulnerability in TikTok to compromise high-profile accounts, including CNN’s. The app maker has confirmed the cyberattack and is working to secure accounts. The attack involved a specially crafted direct message, bypassing the need for the target to open a link. TikTok has faced previous security … Read more
June 5, 2024 at 03:16PM High-profile TikTok accounts are being exploited and hijacked in a takeover campaign, with threat actors sending malware-infested direct messages. The malware allows account hijacking without the victim clicking on links or downloading files. TikTok is collaborating with account holders to resolve the issue and prevent future attacks. Notable accounts targeted … Read more