November 6, 2023 at 10:06AM Researchers have discovered a new dropper-as-a-service (DaaS) for Android called SecuriDropper that bypasses Google’s security restrictions and delivers malware. Dropper malware on Android is a lucrative business for threat actors, allowing them to install malicious payloads on compromised devices. SecuriDropper disguises itself as a harmless app and uses different Android … Read more
November 6, 2023 at 04:06AM Google has issued a warning about a public proof-of-concept exploit called Google Calendar RAT (GCR) that utilizes its Calendar service for command-and-control infrastructure. The exploit creates a covert channel by manipulating event descriptions in Google Calendar. Although not yet observed in the wild, the exploit has been shared on underground … Read more
November 3, 2023 at 09:42AM 48 malicious npm packages containing obfuscated JavaScript have been discovered in the npm repository. These packages, uploaded by an npm user named hktalent, can deploy a reverse shell on compromised systems. The attack is triggered post-installation, establishing a reverse shell to rsh.51pwn[.]com. This highlights the increasing interest of threat actors … Read more
November 2, 2023 at 05:30AM Researchers have discovered that up to 34 different Windows drivers could be exploited by threat actors without privileged access to gain control of devices and execute arbitrary code. Exploiting these drivers could allow attackers to erase or alter firmware and elevate privileges. The vulnerabilities have been identified in drivers including … Read more
November 1, 2023 at 02:49PM Threat actors are targeting government, technical, and legal organizations globally by exploiting the ‘Citrix Bleed’ vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway appliances. The attacks have been ongoing since August 2023 and involve credential theft and lateral movement. The attacks are difficult to detect due to limited forensic evidence. … Read more
November 1, 2023 at 05:36AM State-sponsored threat actors from North Korea’s Lazarus Group have been targeting blockchain engineers of a crypto exchange platform through Discord using a new macOS malware called KANDYKORN. The attacks involve social engineering lures and a multi-stage process to deliver the malware. The Lazarus Group has previously used macOS malware in … Read more
November 1, 2023 at 02:11AM F5 has warned of active exploitation of a critical security flaw in BIG-IP, allowing attackers to execute arbitrary system commands. The vulnerability, tracked as CVE-2023-46747, affects several versions of the software. Additionally, F5 has observed threat actors using this vulnerability in conjunction with CVE-2023-46748, an authenticated SQL injection flaw. Users … Read more
October 30, 2023 at 06:53PM Hackers stole $4.4 million in cryptocurrency on October 25th by using private keys and passphrases stored in stolen LastPass databases. LastPass suffered two breaches in 2022, allowing threat actors to steal encrypted password vaults. Researchers believe that the stolen vaults are being cracked to access cryptocurrency wallet passphrases and private … Read more
October 25, 2023 at 05:45AM The PIX instant payment system in Brazil has become a target for threat actors using a new malware called GoPIX. The attacks occur through malicious ads that appear when users search for “WhatsApp web” on search engines. The malware hijacks payment requests and replaces them with attacker-controlled strings. Similar campaigns … Read more
October 24, 2023 at 05:02PM Corvus Insurance has released their Q3 2023 Global Ransomware Report, showing that ransomware attacks are increasing at a record-breaking pace. The report reveals that global ransomware attack frequency has increased by 11% compared to Q2 and 95% year-over-year. The CL0P ransomware group has played a significant role in this spike, … Read more