🔒
There are new articles available, click to refresh the page.
✇ The Hacker News

Hackers Creating Fraudulent Crypto Tokens as Part of 'Rug Pull' Scams

By: Ravie Lakshmanan
Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Check Point said in a report shared with The Hacker News. Smart contracts are programs stored on the
✇ The Hacker News

Emotet Now Using Unconventional IP Address Formats to Evade Detection

By: Ravie Lakshmanan
Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address that, when processed by the underlying operating systems, get automatically converted "to the dotted
✇ The Hacker News

High-Severity Rust Programming Bug Could Lead to File, Directory Deletion

By: Ravie Lakshmanan
The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner. "An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete,
✇ The Hacker News

Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine

By: Ravie Lakshmanan
Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit,
✇ The Hacker News

Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure

By: Ravie Lakshmanan
An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information
✇ The Hacker News

Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes

By: Ravie Lakshmanan
In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites. The backdoor gave the attackers full administrative control over websites that used 40 themes and 53 plugins belonging to AccessPress Themes, a Nepal-based
✇ The Hacker News

Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks

By: Ravie Lakshmanan
Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion vulnerability, which occurs when a web application is tricked into exposing or running arbitrary files on
✇ The Hacker News

Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks

By: Ravie Lakshmanan
A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the purpose of the
✇ The Hacker News

U.S. Sanctions 4 Ukrainians for Working with Russia to Destabilize Ukraine

By: Ravie Lakshmanan
The U.S. Treasury Department on Thursday announced sanctions against four current and former Ukrainian government officials for engaging in "Russian government-directed influence activities" in the country, including gathering sensitive information about its critical infrastructure. The agency said the four individuals were involved in different roles as part of a concerted influence campaign to
✇ The Hacker News

Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

By: Ravie Lakshmanan
Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has been incorrectly enabled
✇ The Hacker News

Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers

By: Ravie Lakshmanan
An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues
✇ The Hacker News

Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang

By: Ravie Lakshmanan
A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result of a ten-day investigation dubbed Operation Falcon II undertaken by the Interpol along with
✇ The Hacker News

DoNot Hacking Team Targeting Government and Military Entities in South Asia

By: Ravie Lakshmanan
A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted attack to a
✇ The Hacker News

New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets

By: Ravie Lakshmanan
A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the
✇ The Hacker News

Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks

By: Ravie Lakshmanan
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an "input validation vulnerability that could allow attackers to build a query given some input and send that query
✇ The Hacker News

Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware

By: Ravie Lakshmanan
Potential connections between a subscription-based crimeware-as-a-service (CaaS) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus, as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of
✇ The Hacker News

FIN8 Hackers Spotted Using New 'White Rabbit' Ransomware in Recent Attacks

By: Ravie Lakshmanan
The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ransomware strain called "White Rabbit" that was recently deployed against a local bank in the U.S. in December 2021. That's according to new findings published by Trend Micro, calling out the malware's overlaps with Egregor, which was taken down by Ukrainian law enforcement authorities in February
✇ The Hacker News

DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms

By: Ravie Lakshmanan
An IRC (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea. "The malware is being distributed under the guise of adult games," researchers from AhnLab's Security Emergency-response Center (ASEC) said in a new report published on Wednesday. "Additionally, the DDoS malware was installed via downloader
✇ The Hacker News

Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure

By: Ravie Lakshmanan
The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country. The Secret Service of Ukraine on Monday confirmed that the two incidents are related, adding the breaches also exploited the
❌