Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files
An updated version of an Android remote access trojan dubbed GravityRAT has been found masquerading as messaging apps BingeChat and Chatico as part of a narrowly targeted campaign since June 2022. « Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files, » ESET researcher Lukáš Štefanko said in a new report published today. […]
New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries
In what’s a new kind of software supply chain attack aimed at open source projects, it has emerged that threat actors could seize control of expired Amazon S3 buckets to serve rogue binaries without altering the modules themselves. « Malicious binaries steal the user IDs, passwords, local machine environment variables, and local host name, and then […]
New Report Reveals Shuckworm’s Long-Running Intrusions on Ukrainian Organizations
The Russian threat actor known as Shuckworm has continued its cyber assault spree against Ukrainian entities in a bid to steal sensitive information from compromised environments. Targets of the recent intrusions, which began in February/March 2023, include security services, military, and government organizations, Symantec said in a new report shared with The Hacker News. « In some cases, the
Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent
Microsoft on Wednesday took the lid off a « novel and distinct Russian threat actor, » which it said is linked to the General Staff Main Intelligence Directorate (GRU) and has a « relatively low success rate. » The tech giant’s Threat Intelligence team, which was previously tracking the group under its emerging moniker DEV-0586, has graduated it to a […]
Gestion des identités et des accès : le Cloud est-il une alternative fiable ?
Bien qu’il existe, aujourd’hui, une multitude de solutions IAM sur le marché, la grande majorité des solutions respectent l’expérience utilisateur. Ces outils sont pensés pour communiquer entre eux – parlant alors de fédération d’identité, via les protocoles SAML, OAuth, OpenID.
Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems
The Chinese state-sponsored group known as UNC3886 has been found to exploit a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems. The VMware Tools authentication bypass vulnerability, tracked as CVE-2023-20867 (CVSS score: 3.9), « enabled the execution of privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication of guest credentials
Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry
Two « dangerous » security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting (XSS) attacks. « The vulnerabilities allowed unauthorized access to the victim’s session within the compromised Azure service iframe, which can lead to severe consequences, including unauthorized data access,
New Golang-based Skuld Malware Stealing Discord and Browser Data from Windows PCs
A new Golang-based information stealer called Skuld has compromised Windows systems across Europe, Southeast Asia, and the U.S. « This new malware strain tries to steal sensitive information from its victims, » Trellix researcher Ernesto Fernández Provecho said in a Tuesday analysis. « To accomplish this task, it searches for data stored in applications such as Discord and web browsers; information
Where from, Where to — The Evolution of Network Security
For the better part of the 90s and early aughts, the sysadmin handbook said, « Filter your incoming traffic, not everyone is nice out there » (later coined by Gandalf as « You shall not pass »). So CIOs started to supercharge their network fences with every appliance they could get to protect against inbound (aka INGRESS) traffic. In […]
Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits
At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service. All seven repositories, which are still available as of writing, claim to be a proof-of-concept (PoC) exploit for purported zero-day flaws in Discord, Google Chrome, and Microsoft Exchange. […]