Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505.
"The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on."
Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Resecurity has recently identified a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised in the Dark Web. On some sources the alternative name is Moloch, which has some connection to a phishing-kit developed by several notable underground actors who targeted the financial institutions and e-commerce sector before.
A few months ago, we blogged about malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites. Since that time, we have investigated several other malicious extensions and discovered 5 extensions with a total install base of over 1,400,000
"...the extensions also track the user’s browsing activity."
Authored by Alberto Segura (main author) and Mike Stokkel (co-author) Introduction After we discovered in February 2022 the SharkBotDropper in Google Play posing as a fake Android antivirus and cleaner, now we have detected a new version of this dropper active in the Google Play and dropping a new version of Sharkbot.This new dropper doesn't…
Attackers attempted to disrupt ride-hailing app service on Thursday, the company confirmed.
A new threat actor is spreading infostealer malware through targeted attacks on developers and fraudulent cryptotrading applications.
Local law enforcement agencies from suburban Southern California to rural North Carolina have been using an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people’s movements months back in time, according to public records and internal emails obtained by The Associated Press.
A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Spotify and many others
Hundreds of millions use Zimbra, an all-in-one business productivity suite for micro, small, medium & enterprise in-office and remote work teams. The Zimbra Inc company was acquired by Synacor Inc
Traffers are responsible for redirecting user traffic to malicious content (malware, fraud, phishing, scam) exploited by other threat actors.
When people seek medical care or visit other sensitive locations, they may think their presence is confidential.
‘Democracy and rule of law are at stake,’ says MEP Saskia Bricmont.
We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally.
Twilio recently identified unauthorized access to information related to 163 Twilio customers, including Okta.
Kimsuky is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.
An Italian surveillance company is tracking people all over the world on a grand scale on behalf of its clients – including in countries with a recent history of corruption and human rights abuses. Its powerful spyware was recently found in Kazakhstan and Romania. Europe’s parliamentarians voice growing concern about an out-of-control surveillance industry and call for it to be regulated.
On March 2nd, I reported several security vulnerabilities to VMWare impacting their Identity Access Management (IAM) solution. In this blog post I will discu...
Editor’s Note: Last April, a ransomware group threatened to expose police informants and other sensitive information if the Washington, D.C. Metropolitan Police Department did not pay a demand.
The brazen attack was the work of a gang known as Babuk, which in early 2021 gained a reputation for posting stolen databases on its website from victims that refused to pay a ransom. Just days after it tried to extort the Metropolitan Police Department, Babuk announced it was closing its ransomware affiliate program, and would focus on data theft and extortion instead.
Netfilter is a framework in the Linux kernel for implementing various networking-related tasks with user-defined handlers. Netfilter provides various functions for packet filtering, network address translation and port translation, and packet logging. Netfilter represents a set of hooks that allow other kernel modules to register callback functions in the kernel’s networking stack.
Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits
