Cybersecurity
Category Added in a WPeMatico Campaign
An individual employed by a Washington DC-based organization with international offices was targeted with powerful hacking software made by NSO Group, researchers have claimed, raising new concerns about the proliferation of spyware that can infect Apple devices. The alleged attack was discovered by researchers at the Citizen Lab at the Munk School at the University […]
A cybersecurity company claims it identified and thwarted a massive distributed denial-of-service (DDoS) attack targeting a prominent American financial institution. The researchers at Akamai Technologies did not reveal the company’s name but said it is among their “largest and most influential” customers in the financial sector. DDoS attacks overwhelm websites with a flood of traffic, […]
Sep 11, 2023THNEndpoint Security / Malware A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz. “In this campaign, the threat actors steal and […]
Sep 11, 2023THNCyber Crime / Malware A new malware loader called HijackLoader is gaining traction among the cybercriminal community to deliver various payloads such as DanaBot, SystemBC, and RedLine Stealer. “Even though HijackLoader does not contain advanced features, it is capable of using a variety of modules for code injection and execution since it uses […]
A relatively unknown threat group W3LL, which started six years ago with a custom tool for bulk email spam, is now running a massive operation by selling a phishing kit that targets Microsoft 365 business email accounts. According to researchers from Group-IB, the group has gone to great lengths to stay under the radar while […]
Check Point researchers have discovered hackers exploiting Google Looker Studio to create fraudulent cryptocurrency phishing websites. These phishing sites target digital asset holders, leading to compromised accounts and financial losses. Google Looker Studio (previously known as Data Studio, is an online tool for converting data from spreadsheets and various sources into customizable reports. Scam tactics […]
The US government has ordered all federal civilian agencies to patch a critical vulnerability in Apache RocketMQ, which is currently being exploited in the wild. The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-33246 to its Known Exploited Vulnerabilities Catalog. It means government agencies have until September 27 to apply a vendor patch to affected […]
Cybersecurity firm Check Point is warning of a new type of phishing attacks that abuse Google Looker Studio to bypass protections. Google Looker Studio is a legitimate online tool for creating customizable reports, including charts and graphs, that can be easily shared with others. As part of the observed attacks, threat actors are using Google […]
Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files.