GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel

July 9, 2024 at 07:07AM Ongoing surveillanceware operation targets military personnel in Middle East with Android data-gathering tool GuardZoo. More than 450 victims impacted, mainly in Yemen. GuardZoo, a modified version of Dendroid RAT, has over 60 commands and uses WhatsApp for distribution. It has been using the same dynamic DNS domains for C2 operations … Read more

South Korean ERP Vendor’s Server Hacked to Spread Xctdoor Malware

July 3, 2024 at 12:15AM An unnamed South Korean enterprise resource planning (ERP) vendor’s product update server was compromised, leading to the delivery of a Go-based backdoor called Xctdoor. AhnLab Security Intelligence Center identified the attack, which shares similarities with tactics used by the infamous Lazarus Group. The attack also involved a malware injector called … Read more

Baddies hijack Korean ERP vendor’s update systems to spew malware

July 2, 2024 at 01:41AM A South Korean ERP vendor’s product update server was breached, resulting in the delivery of malware instead of legitimate updates. The attack, potentially linked to the North Korea-associated Andariel group, targeted ERP systems with backdoors named HotCroissant and Riffdoor. This incident, detected by AhnLab, highlights the threat posed by such … Read more

Meta’s Virtual Reality Headset Vulnerable to Ransomware Attacks: Researcher

June 25, 2024 at 08:00AM Rare VR headset attacks were demonstrated by researcher Harish Santhanalakshmi Ganesan, who managed to install ransomware on Meta’s Quest 3 using a method relying on limited Android-based system knowledge and social engineering. Despite no specific malware vulnerability found, the process exposes the potential for similar attacks and serves as a … Read more

Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations

June 20, 2024 at 02:39AM Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader, targeting Chinese organizations through phishing campaigns. The loader uses various evasion techniques and can deliver second-stage shellcode payloads. Meanwhile, other loaders like Taurus Loader and PikaBot continue to evolve, presenting challenges for detection and mitigation. A law enforcement effort … Read more

NiceRAT Malware Targets South Korean Users via Cracked Software

June 17, 2024 at 01:36AM Threat actors are deploying the NiceRAT malware to create a botnet, targeting South Korean users by disguising the malware as cracked software. The malware is distributed via crack programs and infected devices, making detection difficult. NiceRAT is an actively developed open-source RAT and stealer malware, offering a premium version under … Read more

Pakistani Threat Actors Caught Targeting Indian Gov Entities

June 14, 2024 at 10:27AM Pakistan-based threat actors, identified as Cosmic Leopard and UTA0137, have targeted Indian government entities in separate espionage campaigns. Operation Celestial Force, ongoing since 2018, utilizes Android and Windows malware to target individuals in defense, government, and related technology sectors. Similarly, UTA0137 has been using the ‘Disgomoji’ malware to access Linux … Read more

WarmCookie Gives Cyberattackers Tasty New Backdoor for Initial Access

June 11, 2024 at 12:37PM A new Windows backdoor named WarmCookie, distributed through phishing emails, has become the latest tool for cyber attackers. Despite lacking sophistication, this backdoor is actively impacting organizations globally. It targets individuals with job recruitment lures and can ultimately lead to ransomware deployment. Organizations are urged to watch out for it … Read more

Microsoft Bows to Public Pressure, Disables Controversial Windows Recall by Default

June 7, 2024 at 01:09PM Microsoft has responded to public pressure by changing the default settings for its Windows Recall feature on Copilot+ PCs. Following criticism about security and privacy risks, the company announced that the feature will now be off by default, with additional security measures such as encryption and user authentication requirements. Microsoft … Read more

TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability

June 5, 2024 at 05:51PM Cyber attackers exploited a zero-day vulnerability in TikTok to compromise high-profile accounts, including CNN’s. The app maker has confirmed the cyberattack and is working to secure accounts. The attack involved a specially crafted direct message, bypassing the need for the target to open a link. TikTok has faced previous security … Read more