TheHackerNews

March 8, 2024 Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that’s designed to capture credentials and other sensitive data. “The credentials harvested from unsuspecting users are transmitted to different platforms such as Discord, GitHub, and Telegram,” Cybereason researcher Kotaro Ogino said in a technical report. Details about the campaign& …

New Python-Based Snake Info Stealer Spreading Through Facebook Messages Read More »

March 8, 2024 Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023. “The threat actor is distributing Remote Access Trojans (RATs) including SpyNote RAT for Android platforms, and NjRAT and DCRat for Windows Article posted by: …

Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware Read More »

March 7, 2024 The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. “ALPHV/BlackCat did not get seized. They are exit scamming their affiliates,” security researcher Fabian Wosar said. “It is blatantly obvious when you check the source code of the …

Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout Read More »

March 7, 2024 Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. “The attackers leverage these tools to issue exploit code, taking advantage of …

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining Read More »

March 7, 2024 An in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks.  Reflectiz shields websites from client-side attacks, supply chain risks, data breaches, privacy violations, and compliance issues. You Can’t Protect What You Can’t See Today’s websites are connected Article …

A New Way To Manage Your Web Exposure: The Reflectiz Product Explained Read More »

March 7, 2024 Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn’t anyone’s fault; it’s inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google …

How to Find and Fix Risky Sharing in Google Drive Read More »

March 7, 2024 VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB controller. They carry a CVSS score of 9.3 for Workstation and Fusion, …

VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws Read More »

March 7, 2024 The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in “developing, operating, and distributing” commercial spyware designed to target government officials, journalists, and policy experts in the country. “The proliferation of commercial spyware poses distinct and …

U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists Read More »

March 7, 2024 The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. “TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan Raghuprasad said in a report shared with The Hacker News. “GhostLocker and Article posted …

Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries Read More »

March 7, 2024 A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that’s believed to have been active since at least 2022. The exact specifics of the infection chain remain …

New APT Group ‘Lotus Bane’ Behind Recent Attacks on Vietnam’s Financial Entities Read More »