Author: Admin
A large-scale fraud campaign used fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to trick victims findings from Group-IB. The company is part of a consumer investment fraud scheme, also commonly known as butchering of pigsin which potential victims are lured into investing in cryptocurrency or other financial instruments after gaining their trust under the guise of a romantic relationship or investment advisor. Such manipulative and social engineering operations often end up with victims losing their funds, and in some cases extorting even more money from them by asking for…
October 2, 2024Ravi LakshmananCyber Espionage / Cloud Security A previously undocumented threat actor called CeranaKeeper has been linked to a series of data theft attacks targeting Southeast Asia. Slovakian cybersecurity firm ESET, which monitored campaigns targeting government agencies in Thailand starting in 2023, attributed this cluster of activity as relevant to China, using tools previously identified as being used by Mustang Panda an actor. “The group is constantly updating its backdoor to avoid detection and diversifying its methods to aid mass data theft,” – Romain Dumont, security researcher. said in an analysis published today. “CeranaKeeper abuses popular legitimate cloud and…
October 2, 2024Ravi LakshmananCyber Crime / Threat Intelligence A phishing email campaign targeting recruiters with a JavaScript backdoor called More_eggs has been spotted, indicating a persistent effort to highlight the sector under the guise of fake lures for job applicants. “A sophisticated phishing lure forced a recruiter to download and run a malicious file disguised as a resume, leading to the more_eggs backdoor infection,” Trend Micro researchers Ryan Sullivan, Maria Emrin Virey and Fe Kureg said in the analysis. Marketed as Malware as a Service (MaaS), More_eggs is malware that has the ability to steal credentials, including those associated with…
October 2, 2024Ravi LakshmananVulnerability / Network Security Just over a dozen new security vulnerabilities have been discovered in residential and corporate routers manufactured by DrayTek that could be used to hijack vulnerable devices. “These vulnerabilities could allow attackers to take control of a router by injecting malicious code, allowing them to remain on the device and use it as a gateway to corporate networks,” according to a Forescout Vedere Labs technical report shared with The Hacker News. Of the 14 security flaws, two are rated critical, nine are rated high, and three are rated moderate. The most critical of the…
October 2, 2024Ravi LakshmananVulnerability / data breach Cyber security researchers have opened that 5% of all Adobe Commerce and Magento stores were compromised by attackers using a security vulnerability called CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), art a critical flaw refers to an improperly bounded XML External Object (XXE) reference vulnerability that could lead to remote code execution. A flaw credited to a researcher named “space wasp,” was patched by Adobe in June 2024. Dutch security firm Sansec, which has described CosmicSting called it “the worst bug to hit Magento and Adobe Commerce stores in the last two years.”…
Dynamic malware analysis is a key part of any threat investigation. This involves running a sample malware in an isolated malware sandbox environment to monitor its behavior and gather actionable metrics. Effective analysis must be quick, thorough, and accurate. These five tools will help you achieve this with ease. 1. Interactivity Being able to interact with the malware and the system in real-time is a huge advantage when it comes to dynamic analysis. That way, you can not only watch it execute, but also see how it reacts to your inputs and triggers certain behaviors. It also saves time by…
October 2, 2024Ravi LakshmananCyber threats / malware Three different organizations in the US were targeted in August 2024 by a North Korean state threat actor named Andariel in a suspected financially motivated attack. “While the attackers were unable to deploy ransomware on the networks of any of the affected organizations, it is likely that the attacks were financially motivated,” Symantec, which is part of Broadcom, said in a statement. the report shared with The Hacker News. Andariel is a threat actor believed to be a sub-cluster of the infamous Lazarus group. It is also tracked as APT45, DarkSeoul, Nickel Hyatt,…
October 2, 2024Hacker newsSupply Chain Attack / Cryptocurrency A new set of malicious packages was discovered in the Python Package Index (PyPI) repository, which masqueraded as cryptocurrency wallet recovery and management services with the sole purpose of exfiltrating sensitive data and facilitating the theft of valuable digital assets. “The attack targeted users of Atomic, Trust Wallet, Metamask, Ronin, TronLink, Exodus and other prominent wallets in the crypto ecosystem,” said Checkmarx researcher Yehuda Gelb. said in Tuesday’s analysis. “Positioning themselves as utilities for extracting mnemonic phrases and decrypting wallet data, these packages appeared to offer valuable functionality for cryptocurrency users involved…
October 2, 2024Hacker newsEmail Security / Vulnerability Cybersecurity researchers are warning of active exploit attempts targeting a newly discovered security flaw in Synacor’s Zimbra Collaboration. Enterprise security firm Proofpoint said it began monitoring activity on September 28, 2024. The attacks aimed to use CVE-2024-45519a serious security flaw in the postjournal service that could allow unauthenticated attackers to execute arbitrary commands on compromised Zimbra installations. “Gmail spoofed emails were sent to fake addresses in CC fields in an attempt by Zimbra servers to parse and execute them as commands” – Proofpoint said in a series of messages on X. “Addresses contained…
The threat actors behind the Rhadamanthys data stealer have added new advanced features to the malware, including the use of artificial intelligence (AI) for optical character recognition (OCR) in so-called “open phrase pattern recognition.” “This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a very strong threat to those dealing with cryptocurrencies.” – Recorded Future’s Insikt Group said in the analysis of version 0.7.0 of the malware. “The malware can recognize images of initial phrases on the client side and send them back to the control server (C2) for further use.” First found in the wild…