TheHackerNews

April 8, 2022 A threat actor with affiliations to the cyber warfare division of Hamas has been linked to an “elaborate campaign” targeting high-profile Israeli individuals employed in sensitive defense, law enforcement, and emergency services organizations. “The campaign operators use sophisticated social engineering techniques, ultimately aimed to deliver previously undocumented backdoors for Windows and Article …

Hamas-linked Hackers Targeting High-Ranking Israelis Using ‘Catfish’ Lures Read More »

April 8, 2022 A first-of-its-kind malware targeting Amazon Web Services’ (AWS) Lambda serverless computing platform has been discovered in the wild. Dubbed “Denonia” after the name of the domain it communicates with, “the malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls,” Cado …

First Malware Targeting AWS Lambda Serverless Platform Discovered Read More »

April 8, 2022 During the last week of March, three major tech companies – Microsoft, Okta, and HubSpot – reported significant data breaches. DEV-0537, also known as LAPSUS$, performed the first two. This highly sophisticated group utilizes state-of-the-art attack vectors to great success. Meanwhile, the group behind the HubSpot breach was not disclosed. This blog …

Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022 Read More »

April 8, 2022 The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). “The operation copied and removed malware from …

FBI Shut Down Russia-linked “Cyclops Blink” Botnet That Infected Thousands of Devices Read More »

April 8, 2022 Cybersecurity researchers have detailed a “simple but efficient” persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. “The attack starts with a malicious Word document deploying a Colibri bot that then delivers …

Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems Read More »

April 8, 2022 As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. “SharkBot steals credentials and banking information,” Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News. “This malware implements a geofencing feature and …

SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps Read More »

April 8, 2022 VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks. Tracked from CVE-2022-22954 to CVE-2022-22961 (CVSS scores: 5.3 – 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle …

VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products Read More »

April 7, 2022 Ukraine’s technical security and intelligence service is warning of a new wave of cyber attacks that are aimed at gaining access to users’ Telegram accounts. “The criminals sent messages with malicious links to the Telegram website in order to gain unauthorized access to the records, including the possibility to transfer a one-time …

Ukraine Warns of Cyber attack Aiming to Hack Users’ Telegram Messenger Accounts Read More »

April 7, 2022 Threat actors have been distributing malicious applications under the guise of seemingly harmless shopping apps to target customers of eight Malaysian banks since at least November 2021. The attacks involved setting up fraudulent but legitimate-looking websites to trick users into downloading the apps, Slovak cybersecurity firm ESET said in a report shared …

Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users Read More »

April 7, 2022 Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident response plans, and security policies. On the other, …

Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck Read More »