TheHackerNews

January 23, 2024 Cybersecurity researchers have discovered a new Java-based “sophisticated” information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix security researcher Gurumoorthi Ramanathan said in an analysis published last week. The ZIP file contains Article posted by: https://thehackernews.com/2024/01/ns-stealer-uses-discord-bots-to.html …

NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers Read More »

January 23, 2024 Cybersecurity researchers are warning of a “notable increase” in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. “The web shells are concealed within an unknown binary format and are designed to evade security and signature-based scanners,” Trustwave said. “Notably, despite the …

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks Read More »

January 21, 2024 An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. “UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission …

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years Read More »

January 21, 2024 Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company’s cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) …

Microsoft’s Top Execs’ Emails Breached in Sophisticated Russia-Linked APT Attack Read More »

January 21, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. The development came after the vulnerabilities – an authentication bypass Article posted by: https://thehackernews.com/2024/01/cisa-issues-emergency-directive-to.html ——————————————————————————————————————– …

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits Read More »

January 20, 2024 The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF …

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware Read More »

January 20, 2024 Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines. “These applications are being hosted on Chinese pirating websites in order to gain victims,” Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said. “Once detonated, the malware will download and execute …

Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software Read More »

January 20, 2024 In the current digital landscape, data has emerged as a crucial asset for organizations, akin to currency. It’s the lifeblood of any organization in today’s interconnected and digital world. Thus, safeguarding the data is of paramount importance. Its importance is magnified in on-premises Exchange Server environments where vital business communication and emails …

Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators Read More »

January 20, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it’s being actively exploited in the wild. The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass Article posted by: https://thehackernews.com/2024/01/us-cybersecurity-agency-warns-of.html ——————————————————————————————————————– …

U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability Read More »

January 20, 2024 A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The package, named “oscompatible,” was published on January 9, 2024, attracting a total of 380 downloads before it was taken down. oscompatible included a “few strange binaries,” according to software supply …

Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package Read More »