Baddies hijack Korean ERP vendor’s update systems to spew malware

July 2, 2024 at 01:41AM A South Korean ERP vendor’s product update server was breached, resulting in the delivery of malware instead of legitimate updates. The attack, potentially linked to the North Korea-associated Andariel group, targeted ERP systems with backdoors named HotCroissant and Riffdoor. This incident, detected by AhnLab, highlights the threat posed by such … Read more

Meta’s Virtual Reality Headset Vulnerable to Ransomware Attacks: Researcher

June 25, 2024 at 08:00AM Rare VR headset attacks were demonstrated by researcher Harish Santhanalakshmi Ganesan, who managed to install ransomware on Meta’s Quest 3 using a method relying on limited Android-based system knowledge and social engineering. Despite no specific malware vulnerability found, the process exposes the potential for similar attacks and serves as a … Read more

Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations

June 20, 2024 at 02:39AM Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader, targeting Chinese organizations through phishing campaigns. The loader uses various evasion techniques and can deliver second-stage shellcode payloads. Meanwhile, other loaders like Taurus Loader and PikaBot continue to evolve, presenting challenges for detection and mitigation. A law enforcement effort … Read more

NiceRAT Malware Targets South Korean Users via Cracked Software

June 17, 2024 at 01:36AM Threat actors are deploying the NiceRAT malware to create a botnet, targeting South Korean users by disguising the malware as cracked software. The malware is distributed via crack programs and infected devices, making detection difficult. NiceRAT is an actively developed open-source RAT and stealer malware, offering a premium version under … Read more

Pakistani Threat Actors Caught Targeting Indian Gov Entities

June 14, 2024 at 10:27AM Pakistan-based threat actors, identified as Cosmic Leopard and UTA0137, have targeted Indian government entities in separate espionage campaigns. Operation Celestial Force, ongoing since 2018, utilizes Android and Windows malware to target individuals in defense, government, and related technology sectors. Similarly, UTA0137 has been using the ‘Disgomoji’ malware to access Linux … Read more

WarmCookie Gives Cyberattackers Tasty New Backdoor for Initial Access

June 11, 2024 at 12:37PM A new Windows backdoor named WarmCookie, distributed through phishing emails, has become the latest tool for cyber attackers. Despite lacking sophistication, this backdoor is actively impacting organizations globally. It targets individuals with job recruitment lures and can ultimately lead to ransomware deployment. Organizations are urged to watch out for it … Read more

Microsoft Bows to Public Pressure, Disables Controversial Windows Recall by Default

June 7, 2024 at 01:09PM Microsoft has responded to public pressure by changing the default settings for its Windows Recall feature on Copilot+ PCs. Following criticism about security and privacy risks, the company announced that the feature will now be off by default, with additional security measures such as encryption and user authentication requirements. Microsoft … Read more

TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability

June 5, 2024 at 05:51PM Cyber attackers exploited a zero-day vulnerability in TikTok to compromise high-profile accounts, including CNN’s. The app maker has confirmed the cyberattack and is working to secure accounts. The attack involved a specially crafted direct message, bypassing the need for the target to open a link. TikTok has faced previous security … Read more

Hijacking Scheme Takes Over High-Profile TikTok Accounts

June 5, 2024 at 03:16PM High-profile TikTok accounts are being exploited and hijacked in a takeover campaign, with threat actors sending malware-infested direct messages. The malware allows account hijacking without the victim clicking on links or downloading files. TikTok is collaborating with account holders to resolve the issue and prevent future attacks. Notable accounts targeted … Read more

Researchers Show How Malware Could Steal Windows Recall Data

June 5, 2024 at 09:30AM Microsoft’s Recall feature, enabled by default on new Copilot+ PCs, captures user activity through regular screenshots stored locally. However, cybersecurity researchers have raised concerns over potential data theft, with demonstrations showing information-stealing malware could access sensitive data. They also highlighted the feature’s security vulnerabilities, prompting Microsoft to address the issues … Read more