TheHackerNews

March 30, 2022 An independent security researcher has shared what’s a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022. In a set of screenshots posted on Twitter, Bill Demirkapi published a two-page “intrusion timeline” allegedly prepared by …

New Report on Okta Hack Reveals the Entire Episode LAPSUS$ Attack Read More »

March 30, 2022 A threat actor dubbed “RED-LILI” has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly 800 malicious modules. “Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks,” Israeli security company Checkmarx said. “As it seems this time, the attacker …

A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages Read More »

March 30, 2022 Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an “advanced multi-layered virtual machine” used by the malware to fly under the radar. Wslink, as the malicious loader is called, was first documented by Slovak cybersecurity company …

Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation Read More »

March 29, 2022 A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. “The emails use a social engineering technique of conversation hijacking (also known as thread hijacking),” Israeli company Intezer said in …

Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware Read More »

March 29, 2022 Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. …

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability Read More »

March 29, 2022 The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. “Users’ machines are targeted via trojanized software packages masquerading as legitimate application installers,” Trend Micro researchers said in a report published on …

‘Purple Fox’ Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks Read More »

March 29, 2022 You don’t like having the FBI knocking on your door at 6 am in the morning. Surprisingly, nor does your usual cybercriminal. That is why they hide (at least the good ones), for example, behind layers of proxies, VPNs, or TOR nodes. Their IP address will never be exposed directly to the …

Of Cybercriminals and IP Addresses Read More »

March 27, 2022 A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict. “The malicious activity represents one of the first public …

Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion Read More »

March 27, 2022 The U.S. Federal Communications Commission (FCC) on Friday moved to add Russian cybersecurity company Kaspersky Lab to the “Covered List” of companies that pose an “unacceptable risk to the national security” of the country. The development marks the first time a Russian entity has been added to the list that’s been otherwise dominated by …

FCC Adds Kaspersky and Chinese Telecom Firms to National Security Threat List Read More »

March 26, 2022 Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild. Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting …

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability Read More »