Actualités – Page 356 – Guillaume BEAUPELLET

Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry

An advanced persistent threat (APT) actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. « The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an encrypted payload, with various modifications made to these components over time, » Sophos […]

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks

Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites. The plugin, which is available […]

New Android Malware ‘FluHorse’ Targeting East Asian Markets with Deceptive Tactics

Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called FluHorse that abuses the Flutter software development framework. « The malware features several malicious Android applications that mimic legitimate applications, most of which have more than 1,000,000 installs, » Check Point said in

Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN

Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019. « The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments trying to alter legitimate banking transfers performed by the victims by changing the beneficiary and […]

N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks

The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. « [ReconShark] is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading to document downloads, and the execution of malicious macros, » SentinelOne researchers Tom Hegel

Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts

Third-party apps such as Google Analytics, Meta Pixel, HotJar, and JQuery have become critical tools for businesses to optimize their website performance and services for a global audience. However, as their importance has grown, so has the threat of cyber incidents involving unmanaged third-party apps and open-source tools. Online businesses increasingly struggle to maintain complete […]

Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Compromised

PHP software package repository Packagist revealed that an « attacker » gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. « The attacker forked each of the packages and replaced the package description in composer.json with their own message but did not otherwise make any malicious changes, » […]

Google : les « passkeys », remèdes aux mots de passe ?

Les titulaires de comptes Google peuvent désormais utiliser des clés d’accès (passkeys), ce système d’authentification forte que promeut l’alliance FIDO.

Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads

A new Android subscription malware named Fleckpe has been unearthed on the Google Play Store, amassing more than 620,000 downloads in total since 2022. Kaspersky, which identified 11 apps on the official app storefront, said the malware masqueraded as legitimate photo editing apps, camera, and smartphone wallpaper packs. The apps have since been taken down. The operation […]

Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model

Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices. The issue, tracked as CVE-2023-20126, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. The company credited Catalpa of DBappSecurity for […]