Author: Admin
February 27, 2025Red LakshmananCybercrime / cryptocurrency The Federal Bureau of US Investigation (FBI) has officially linked A record of 1.5 billion BYBIT Hack to North Korean subjects threats as CEO Ben Zhou declared “War against Lazarus.” The agency stated that the Democratic People’s Republic of Korea (North Korea) is responsible for the theft of virtual assets from the cryptocurrency exchange, attributing it to a certain cluster, which it monitors as a Tradertraitor, which is also monitored as neffe wet, slow course and UNC4899. “Actors Tradertraitor are ongoing and transformed some stolen assets into bitcoin and other virtual assets divorced by…
February 26, 2025Red LakshmananEnterprise safety / vulnerability Cybersecurity and US Infrastructure Agency (CISA) accommodate Two safety deficiencies affecting the Microsoft Affiliate Center and Synacor Zimbra Cortoration Suite (ZCS) to their famous exploited vulnerabilities (Ship) A catalog based on evidence of active operation. Considered vulnerabilities following – Cve-2024-49035 (CVSS assessment: 8.7) – Incorrect vulnerability of access control at the Microsoft Affiliate Center, which allows the attacker to develop privileges. (Corrected in November 2024) Cve-2023-34192 (CVSS assessment: 9.0) – Vulnerability within the site (XSS) in Synacor ZCS, which allows a remote authentified attacker to perform an arbitrary code through the created scenario…
February 26, 2025Red LakshmananMalicious software / cryptocurrency Cybersecurity researchers have indicated the Python Python Package (Pypi) malicious Python library, which facilitates an unauthorized download of music from Music Streaming Service Deezer. In this package – Automslc, which is now loaded more than 104,000 times. For the first time published in May 2019, this Remains are available on Pypi from writing. “Although the Automslc that was downloaded More than 100,000 times supposed to offer musical automation and search metadata, it is hidden bypassing Deezer’s access restrictions, built up hard credentials and talking to the external team server and control (C2), “Socket…
The script (XSS) vulnerability in a virtual excursion was armed with angry actors to introduce malicious scenarios on hundreds of sites for the purpose of manipulating search results and faring the company advertising campaign. Safety Researcher Oleg Zaitsev in a report that is shared with Hacker News, said the company was named 360xss – More than 350 websites are affected, including state portals, US state -owned sites, US universities, large hotel networks, newsletters, car shows and several Fortune 500 companies. “It wasn’t just spam -operation,” – the researcher – Note. “It was an industrial abuse of trusted domains.” All these…
February 26, 2025Red LakshmananNetwork Security / Intelligence Threat On Tuesday, an emergency response group (Cert-Ua) warned an updated activity of an organized criminal group that it tracks both UAC-0173 Endkrat (AKA Darkcrystal rat). The Ukrainian cybersecurity administration stated that it had observed the last wave of the attack since mid -January 2025. The infection network uses phishing sheets to be sent on behalf of the Ministry of Justice of Ukraine, urging the recipients to download the executable file, which when launch leads to the deployment of malicious DCRAT software. Binary placed in R2 Cloudflare’s R2 Cloud storage service. “So, by…
February 26, 2025Hacker NewsPerson Protection / Password Security Passwords are rarely evaluated until safety violation; Suffice it to say that the importance of a strong password becomes clear only when colliding with the consequences of the weak. However, most end users do not know how vulnerable their passwords are to the most common password cutting methods. Below are three common password hacking methods and how to protect them. A rough force attack Bruth attacks are simple but highly effective methods of hacking passwords. These attacks include malicious subjects that use automated tools to systematically attempt each possible password combination through…
February 26, 2025Red LakshmananLinux / Endpoint Security Universities and state organizations in North America and Asia were aimed at previously unregistered Linux malware called Auto Color in November to December 2024, according to the Palo Alto Networks 42. “After installing a car coloration allows the subject to threaten full remote access to compromised machines, which is very difficult to remove without specialized software,” security researcher Alex Armstrong – Note In the technical record of malicious software. The carculator named the initial load on the basis of the file name renamed the installation itself after installation. It is currently unknown how…
More than a year when there was an internal chat out of gang of ransomers known as Black Basta were Posted on the Internet A leak that provides unprecedented visibility of their tactics and internal conflicts among their members. The Russian language speaks on the Matrix Messaging platform between September 18, 2023 and September 28, 2024, initially traced on February 11, 2025, which goes into the pen OperateWhich claimed that they published the data because the group was aimed at Russian banks. The leak identity remains a mystery. Black bast He first got into the focus of his focus in…
February 25, 2025Red LakshmananMalicious software / cyber -beno Opposition activists in Belarus, as well as Ukrainian military and government organizations are the purpose of a new company that uses documents that are involved Picassoloader. The cluster threats are evaluated as an extension of a long -standing company installed by an actor erected in Belarus know To match the Russian interests of security and the promotion of stories criticized by NATO. “The company has been preparing since July-August 2024 and entered the active phase in November-December 2024,”-Researcher Sentinelone Tom Hegel – Note In a technical report that is shared with Hacker…
Cybersecurity researchers have indicated an updated Lightspy implant, which is supplied by an expanded data collection set to obtain information from social media platforms such as Facebook and Instagram. Lightspy – this is the name given Modular spy software it efficient Infecting both Windows and Apple systems to collect data. It was first recorded in 2020, focusing on Hong Kong users. This includes information about the Wi-Fi network, screenshots, placement, icloud key, sound recordings, photos, browser history, contacts, call history and SMS messages, as well as data from various applications such as files, rubles, Mail Master, Telegram, Telegram, Telegram, Telegram.…