Month: March 2023

0 Comments
Mar 23, 2023Ravie LakshmananBrowser Security / Artificial Intelligence Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI’s ChatGPT service to harvest Facebook session cookies and hijack the accounts. The “ChatGPT For Google” extension, a trojanized version of a legitimate open source browser add-on, attracted
0 Comments
An administrator of the notorious BreachForums website has announced the forum was taken down following the arrest of its alleged founder days ago. Writing in a Telegram message within the “Breach Forums” channel on Tuesday, the BreachForums admin known as “baphomet” confirmed he would be closing the site. “I will be taking down the forum,
0 Comments
Mar 22, 2023Ravie LakshmananICS/SCADA Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. This includes 13 security vulnerabilities in Delta Electronics’ InfraSuite Device Master, a real-time device monitoring software. All versions prior to
0 Comments
Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option. Starting today, Twitter is disabling SMS-based two-factor authentication (2FA) for all but paying users following a decision that, not unlike other recent moves by the social media giant, has been
0 Comments
Mar 21, 2023Ravie LakshmananCyber War / Cyber Threat Amid the ongoing war between Russia and Ukraine, government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea have been attacked as part of an active campaign that drops a previously unseen, modular framework dubbed CommonMagic. “Although the initial vector of compromise is unclear, the details
0 Comments
Mar 20, 2023Ravie LakshmananCyber Threat / Malware A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. “DotRunpeX is a new injector written in .NET using the Process Hollowing technique and
0 Comments
The Russia-aligned advanced persistent threat (APT) known as Winter Vivern has been observed conducting espionage campaigns targeting government organizations and a private telecommunication organization. Security researchers at SentinelOne shared details about the new campaign in an advisory published on Thursday. The APT activity was first identified by DomainTools in early 2021 and then further described
0 Comments
Mar 18, 2023Ravie LakshmananCyber Crime / Data Breach U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias “Pompompurin.” The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators “spent hours inside and
0 Comments
Mar 18, 2023Ravie LakshmananNetwork Security / Cyber Espionage The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto
0 Comments
The US Cybersecurity and Infrastructure Security Agency (CISA) has disclosed information regarding a .NET deserialization vulnerability (CVE-2019-18935) in the Progress Telerik user interface (UI) for ASP.NET AJAX. CISA described the findings in an advisory on Wednesday, saying multiple cyber-threat actors were able to exploit the flaw, which also affected the Microsoft Internet Information Services (IIS) web server
0 Comments
ESET researchers analyzed Android and Windows clippers that can tamper with instant messages and use OCR to steal cryptocurrency funds ESET researchers have discovered dozens of copycat Telegram and WhatsApp websites targeting mainly Android and Windows users with trojanized versions of these instant messaging apps. Most of the malicious apps we identified are clippers –
0 Comments
Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that’s designed to load Cobalt Strike onto infected machines. Dubbed SILKLOADER by Finnish cybersecurity company WithSecure, the malware leverages DLL side-loading techniques to deliver commercial adversary simulation software. The development comes as improved detection capabilities
0 Comments
A new malware campaign targeting an East Asian company that develops data-loss prevention (DLP) software for government and military entities has been attributed to the advanced persistent threat (APT) group known as Tick. According to an advisory published by ESET on Tuesday, the threat actor breached the DLP company’s internal update servers to deliver malware
0 Comments
Mar 15, 2023Ravie LakshmananCyber Espionage / Data Security A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022. “Information stolen from successful compromises include credentials from multiple applications, browser histories and cookies,
0 Comments
A previously unknown threat actor has been observed conducting espionage campaigns against CIS (Commonwealth of Independent States) entities. Dubbed YoroTrooper by the Cisco Talos team, the threat actors mainly targeted government and energy organizations across Azerbaijan, Tajikistan and Kyrgyzstan. “We also observed YoroTrooper compromise accounts from at least two international organizations: a critical European Union